Add onboarding rule
This method adds a new onboarding rule that filters discovered privileged and non-privileged accounts. When an account matches a rule, it will automatically be onboarded to the Safe that is defined in the rule and the password will be reconciled. If a newly discovered account does not match any rule, it will be added to the Pending Accounts list.
The user who runs this web service must belong to the Vault Admins group.
|
|
Before you run this API, do the following:
|
URL
-
Make sure there are no spaces in the URL.
-
The following characters are not supported in URL values: + & %
-
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/
|
|
|
Resource information
|
HTTP method |
POST |
|
Content type |
application/json |
Header parameter
|
Parameter |
Description |
|---|---|
|
Authorization |
The token that identifies the session, encoded in BASE 64. See Authentication. Type: String Mandatory: Yes Default value: None |
Body parameters
|
|
Parameter |
TargetPlatformId (mandatory) |
|
Type |
String |
|
Description |
The ID of the platform that the onboarded account will be associated with. |
|
Valid values |
Platform ID, up to 99 characters |
|
Default |
- |
|
Parameter |
TargetSafeName (mandatory) |
|
Type |
String |
|
Description |
The name of the Safe where the onboarded account will be stored. |
|
Valid values |
Safe name, up to 28 characters |
|
Default |
- |
|
Parameter |
IsAdminIDFilter |
|
Type |
Boolean |
|
Description |
Whether or not only accounts with the following admin ID will be onboarded automatically according to this rule.
If this value is set to false, the admin ID will not be considered and all accounts matching the rule will be onboarded. |
|
Valid values |
true/false |
|
Default |
false |
|
Parameter |
MachineTypeFilter |
|
Type |
String |
|
Description |
The Machine Type by which to filter. |
|
Valid values |
Any/Workstation/Server |
|
Default |
Any |
|
Parameter |
SystemTypeFilter (mandatory) |
|
Type |
String |
|
Description |
The System Type by which to filter. |
|
Valid values |
Windows/ Unix |
|
Default |
- |
|
Parameter |
UserNameFilter |
|
Type |
String |
|
Description |
The name of the user by which to filter. |
|
Valid values |
User name, up to 512 characters. |
|
Default |
- |
|
Parameter |
UserNameMethod |
|
Type |
String |
|
Description |
The method to use when applying the username filter (Equals / Begins with / Ends with). This parameter is ignored if UserNameFilter is not specified. |
|
Valid values |
Equals/Begins/Ends |
|
Default |
Equals |
|
Parameter |
AddressFilter |
|
Type |
String |
|
Description |
The IP address or DNS domain name of the machine by which to filter. |
|
Valid values |
Address, up to 255 characters. |
|
Default |
- |
|
Parameter |
AddressMethod |
|
Type |
String |
|
Description |
The method to use when applying the address filter (Equals / Begins with / Ends with). This parameter is ignored if AddressFilter is not specified. |
|
Valid values |
Equals/Begins/Ends |
|
Default |
Equals |
|
Parameter |
AccountCategoryFilter |
|
Type |
String |
|
Description |
Filter for privileged or non-privileged accounts. |
|
Valid values |
Any/Privileged/Non-privileged |
|
Default |
Any |
|
Parameter |
RuleName |
|
Type |
String |
|
Description |
Name of the rule. If this parameter is empty, the rule name will be automatically generated by the system. |
|
Valid values |
A unique name of 255 characters |
|
Default |
Auto-generated name |
|
Parameter |
RuleDescription |
|
Type |
String |
|
Description |
A description of the rule. |
|
Valid values |
Free text, up to 255 characters |
|
Default |
- |
Return codes
For a complete list of return codes, see Return Codes.
