Add onboarding rule

This method adds a new onboarding rule that filters discovered privileged and non-privileged accounts. When an account matches a rule, it will automatically be onboarded to the Safe that is defined in the rule and the password will be reconciled. If a newly discovered account does not match any rule, it will be added to the Pending Accounts list.

The user who runs this web service must belong to the Vault Admins group.

 

Before you run this API, do the following:

  • Create the Safe and the reconcile account according to the rule’s definition.

  • Associate the reconcile account with the platform that is defined in the rule.

  • Make sure that the user whose credentials will be used for this session is a member of the Safe specified in the TargetSafeName parameter with the Add accounts permission.

 

URL

 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

 

 

https://<IIS_Server_Ip>/PasswordVault/api/AutomaticOnboardingRules

Resource information

HTTP method

POST

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session.

Valid values

A session token that was returned from the “Logon” method, encoded in BASE 64.

Body parameters

 
{

"TargetPlatformId": "<platform ID>",

"TargetSafeName": "<Safe name>",

"IsAdminIDFilter": <False>,

"MachineTypeFilter": "<Server>",

"SystemTypeFilter": "<Windows>",

"UserNameFilter": "<filter>",

"UserNameMethod": "<Begins>",

"AddressFilter": "<filter>",

"AddressMethod": "<Equals>",

"AccountCategoryFilter": "<Any>",

"RuleName": "<rule name>",

"RuleDescription": "<description>"

}

 

Parameter

TargetPlatformId (mandatory)

Type

String

Description

The ID of the platform that the onboarded account will be associated with.

Valid values

Platform ID, up to 99 characters

Default

-

Parameter

TargetSafeName (mandatory)

Type

String

Description

The name of the Safe where the onboarded account will be stored.

Valid values

Safe name, up to 28 characters

Default

-

Parameter

IsAdminIDFilter

Type

Boolean

Description

Whether or not only accounts with the following admin ID will be onboarded automatically according to this rule.

  • Unix accounts whose UID is 0

  • Windows accounts whose SID ends with 500

If this value is set to false, the admin ID will not be considered and all accounts matching the rule will be onboarded.

Valid values

true/false

Default

false

Parameter

MachineTypeFilter

Type

String

Description

The Machine Type by which to filter.

Valid values

Any/Workstation/Server

Default

Any

Parameter

SystemTypeFilter (mandatory)

Type

String

Description

The System Type by which to filter.

Valid values

Windows/ Unix

Default

-

Parameter

UserNameFilter

Type

String

Description

The name of the user by which to filter.

Valid values

User name, up to 512 characters.

Default

-

Parameter

UserNameMethod

Type

String

Description

The method to use when applying the username filter (Equals / Begins with / Ends with). This parameter is ignored if UserNameFilter is not specified.

Valid values

Equals/Begins/Ends

Default

Equals

Parameter

AddressFilter

Type

String

Description

The IP address or DNS domain name of the machine by which to filter.

Valid values

Address, up to 255 characters.

Default

-

Parameter

AddressMethod

Type

String

Description

The method to use when applying the address filter (Equals / Begins with / Ends with). This parameter is ignored if AddressFilter is not specified.

Valid values

Equals/Begins/Ends

Default

Equals

Parameter

AccountCategoryFilter

Type

String

Description

Filter for privileged or non-privileged accounts.

Valid values

Any/Privileged/Non-privileged

Default

Any

Parameter

RuleName

Type

String

Description

Name of the rule.

If this parameter is empty, the rule name will be automatically generated by the system.

Valid values

A unique name of 255 characters

Default

Auto-generated name

Parameter

RuleDescription

Type

String

Description

A description of the rule.

Valid values

Free text, up to 255 characters

Default

-

Return codes

For a complete list of return codes, see Return Codes.