Add user
This method adds a new user to the Vault.
-
Make sure there are no spaces in the URL.
-
The following characters are not supported in URL values: + & %
-
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/
To run this Web service, you must have the following permissions:
- Add Users
- Update Users
URL
|
Resource information
HTTP method |
POST |
Content type |
application/json |
Header parameter
Parameter |
Authorization |
Type |
String |
Description |
The token that identifies the session. |
Valid values |
A session token that was returned from the “Logon” method. |
Body parameters
|
Parameter |
Description |
username |
(Mandatory) The name of the user. Validations:
Type: string |
userType |
The user type that was returned according to the license. Possible types could be any user types according to the license. Type: string Default: EPVUser. |
nonAuthorizedInterfaces |
The CyberArk interfaces that this user is not authorized to use. Valid values (depend on the specific user type as defined in the license):
Type: list of strings |
location |
The location in the Vault where the user will be created. Validations:
Type: string Default: Root |
expiryDate |
The date when the user expires. Type: Date-time |
enableUser |
Whether the user will be enabled upon creation. Type: boolean Default: true |
authenticationMethod |
The authentication method that the user will use to log on. valid values:
Type: string Default: CyberArk |
password |
The password that the user will use to log on for the first time. This password must meet the password policy requirements. Not required for PKI or LDAP. Length <= 39 characters. Type: string |
changePasswordOnTheNextLogon |
Whether or not the user must change their password from the second log on onward. Type: boolean Default: true |
passwordNeverExpires |
Whether the user’s password will not expire unless they decide to change it. Type: boolean Default: false |
distinguishedName |
The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name. Type: string |
vaultAuthorization |
The user permissions. To apply specific authorizations to a user, the user who runs this API must have the same authorizations. Valid values:
Type: list of strings |
businessAddress |
The user’s postal address, including:
Type: object |
internet |
The user's email addresses, including:
Max 319 characters (for each). Type: object |
phones |
The user's phone numbers, including:
Max 24 characters (for each). Type: object |
description |
Notes and comments. Max 99 characters. Type: string |
personalDetails |
The user's personal details, including:
Type: object |
Result
|
Parameter |
Description |
id |
The user's unique ID. Type: number |
username |
(Mandatory) The name of the user. Validations:
Type: string |
source |
The user management system the user belongs to. Valid values:
Type: boolean expression |
changePasswordOnTheNextLogon |
Whether or not the user must change their password from the second log on onward. Type: boolean Default: true |
expiryDate |
The date when the user expires. Type: Date-time |
userType |
The user type that was returned according to the license. Possible types could be any user types according to the license. Type: string |
unauthorizedInterfaces |
The CyberArk interfaces that this user is not authorized to use. Valid values (depend on the specific user type as defined in the license):
Type: list of strings |
componentUser |
Whether the user is a known component or not. if the user is a component, then the value is true. Otherwise, it is false. The following user types are considered components:
|
location |
The user location. Type: string |
enabled |
Whether or not the user is enabled. Type: boolean |
suspended |
Whether or not the user is suspended. Type: boolean |
authenticationMethod |
The authentication method that the user will use to log on. Type: string |
passwordNeverExpires |
Whether the user’s password will not expire unless they decide to change it. Type: boolean |
distinguishedName |
The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name. Type: string |
vaultAuthorization |
The user permissions. Valid values:
Type: list of strings |
businessAddress |
The user’s postal address, including:
Type: object |
internet |
The user's email addresses, including:
Type: object |
phones |
The user's phone numbers, including:
Type: object |
description |
Notes and comments. Max 99 characters. Type: string |
personalDetails |
The user's personal details, including:
Type: object |
lastSuccessfulLoginDate |
The date that the user last logged on to the Vault successfully. Type: Date time |
Return codes
For a complete list of return codes, see Return Codes.