Update user

This method updates an existing Vault user.

 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

Select the method you want to use:

To use this API, you must have the following authorizations:

  • Add/Update Users
  • In order to edit changePassOnNextLogon , you must have the Reset Password authorization.

URL

 

 
https://<IIS_Server_Ip>/PasswordVault/api/Users/{userID}/

The following mandatory parameters are required in the URL:

Name

Description

UserID

The user's unique ID.

Resource information

HTTP method

PUT

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session.

Body parameters

  
{
"enableUser": true,
"changePassOnNextLogon": false,
"expiryDate": 1577836800,
"suspended": false,
"unAuthorizedInterfaces": [
"GUI"
],

"authenticationMethod": [
"AuthTypePass"
],
"passwordNeverExpires": true,
"distinguishedName": "JohnDoeRoe",
"description": "John Doe Roe",
"businessAddress": {
"workStreet": "Kuritania street",
"workCity": "Curitania",
"workState": "Suritania",
"workZip": "90211",
"workCountry": "Ruritania"
},
"internet": {
"homePage": "example.com",
"homeEmail": "John@example.net",
"businessEmail": "John@example.com",
"otherEmail": "John@example.org"
},
"phones": {
"homeNumber": "555-0100",
"businessNumber": "555-0101",
"cellularNumber": "0491 570 156",
"faxNumber": "555-0102",
"pagerNumber": "555-0103"
},
"personalDetails": {
"street": "Main street",
"city": "Curitania",
"state": "Suritania",
"zip": "90210",
"country": "Ruritania",
"title": "Mr. John",
"organization": "Acme",
"department": "newco",
"profession": "Doing Job",
"firstName": "John",
"middleName": "Doe",
"lastName": "Roe"
},
"id": 24,
"username": "JohnDR",
"source": "CyberArk",
"userType": "EPVUser",
"componentUser": false,
"vaultAuthorization": [
"AuditUsers"
],
"location": "\\"
}

 

Parameter

Description

username

(Mandatory) The name of the user.

Validations:

  • Length <= 128
  • No leading or trailing space
  • No trailing dot
  • When a name is longer than 28 characters, the 28th character in the name cannot be space
  • Cannot include the characters: "\\/:*?\"<>|\t\r\n\x1F"
  • The first 28 characters in the name must be unique

Type: string
userType

The user type that was returned according to the license.

Possible types could be any user types according to the license.

Type: string

Default: EPVUser.
unauthorizedInterfaces

The CyberArk interfaces that this user is not authorized to use.

Valid values (depend on the specific user type as defined in the license):

  • PIMSU
  • PSM
  • PSMP
  • PVWA
  • WINCLIENT
  • PTA
  • PACLI
  • HTTPGW
  • EVD
  • PIMSu
  • AIMApp
  • CPM
  • PVWAApp
  • PSMApp
  • AppPrv
  • AIMApp
  • PSMPApp

Type: list of strings
location

The location in the Vault where the user was created.

Validations:

  • Length <= 128 characters
  • Must begin with "\\", but cannot contain or end with "\\"
  • No trailing space

Type: string

Default: Root
expiryDate

The date when the user expires.

Type: Date-time
enableUser

Whether the user is enabled.

Type: boolean

Default: true
authenticationMethod

The authentication method that the user uses to log on.

valid values:

  • CyberArk
  • LDAP
  • RADIUS

Type: string

Default: CyberArk
password

The password that the user will use to log on for the first time.

This password must meet the password policy requirements.

Not required for PKI or LDAP.

Length <= 39 characters.

Type: string
changePassOnNextLogon

Whether or not the user must change their password from the second log on onward.

Type: boolean

Default: true

passwordNeverExpires

Whether the user’s password will not expire unless they decide to change it.

Type: boolean

Default: false

distinguishedName

The user’s distinguished name.

The usage is for PKI authentication, this will match the certificate Subject Name or domain name.

Type: string

vaultAuthorization

The user permissions.

To apply specific authorizations to a user, the user who runs this API must have the same authorizations.

Valid values:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageDirectoryMapping
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

Type: list of strings

businessAddress

The user’s postal address, including:

  • City, state, zip, and country (max 19 characters)
  • Street (max 29 characters)

Type: object

internet

The user's email addresses, including:

  • Home page
  • Home email
  • Business email
  • Other email

Max 319 characters (for each).

Type: object

phones

The user's phone numbers, including:

  • Home
  • Business
  • Cellular
  • Fax
  • Pager

Max 24 characters (for each).

Type: object

description

Notes and comments.

Max 99 characters.

Type: string

personalDetails

The user's personal details, including:

  • firstName, middleName, lastName, address (max 29 characters)
  • city, state, zip, country (max 19 characters)
  • title, organization, department, profession (max 49 characters)

Type: object

Results

  
{
"enableUser": true,
"changePassOnNextLogon": false,
"expiryDate": 1577836800,
"suspended": false,
"unAuthorizedInterfaces": [
"GUI"
],

"authenticationMethod": [
"AuthTypePass"
],
"passwordNeverExpires": true,
"distinguishedName": "JohnDoeRoe",
"description": "John Doe Roe",
"businessAddress": {
"workStreet": "Kuritania street",
"workCity": "Curitania",
"workState": "Suritania",
"workZip": "90211",
"workCountry": "Ruritania"
},
"internet": {
"homePage": "example.com",
"homeEmail": "John@example.net",
"businessEmail": "John@example.com",
"otherEmail": "John@example.org"
},
"phones": {
"homeNumber": "555-0100",
"businessNumber": "555-0101",
"cellularNumber": "0491 570 156",
"faxNumber": "555-0102",
"pagerNumber": "555-0103"
},
"personalDetails": {
"street": "Main street",
"city": "Curitania",
"state": "Suritania",
"zip": "90210",
"country": "Ruritania",
"title": "Mr. John",
"organization": "Acme",
"department": "newco",
"profession": "Doing Job",
"firstName": "John",
"middleName": "Doe",
"lastName": "Roe"
},
"id": 24,
"username": "JohnDR",
"source": "CyberArk",
"userType": "EPVUser",
"componentUser": false,
"vaultAuthorization": [
"AuditUsers"
],
"location": "\\"
}

 

Parameter

Description

id

The user's unique ID.

Type: number

username

(Mandatory) The name of the user.

Validations:

  • Length <= 128
  • No leading or trailing space
  • No trailing dot
  • When a name is longer than 28 characters, the 28th character in the name cannot be space
  • Cannot include the characters: "\\/:*?\"<>|\t\r\n\x1F"
  • The first 28 characters in the name must be unique

Type: string

source

The user management system the user belongs to.

Valid values:

  • CyberArk
  • LDAP

Type: boolean expression
changePassOnNextLogon

Whether or not the user must change their password from the second log on onward.

Type: boolean

Default: true
expiryDate

The date when the user expires.

Type: Date-time
userType

The user type that was returned according to the license.

Possible types could be any user types according to the license.

Type: string
unauthorizedInterfaces

The CyberArk interfaces that this user is not authorized to use.

Valid values (depend on the specific user type as defined in the license):

  • PIMSU
  • PSM
  • PSMP
  • PVWA
  • WINCLIENT
  • PTA
  • PACLI
  • HTTPGW
  • EVD
  • PIMSu
  • AIMApp
  • CPM
  • PVWAApp
  • PSMApp
  • AppPrv
  • AIMApp
  • PSMPApp

Type: list of strings

componentUser

Whether the user is a known component or not.

if the user is a component, then the value is true. Otherwise, it is false.

The following user types are considered components:

  • CPM
  • ENE
  • PVWA
  • PSM
  • AppProvider
  • OPMProvider
  • PIMProvider
  • PSMPServer
  • PSMPADBridge
  • PSMHTML5Gateway
  • CIFS
  • FTP
  • SFE
  • DCAInstance
  • FEWA
  • SEG

 
location

The user location.

Type: string
enabled

Whether or not the user is enabled.

Type: boolean

suspended

Whether or not the user is suspended.

Type: boolean
authenticationMethod

The authentication method that the user will use to log on.

Type: string

passwordNeverExpires

Whether the user’s password will not expire unless they decide to change it.

Type: boolean

distinguishedName

The user’s distinguished name.

The usage is for PKI authentication, this will match the certificate Subject Name or domain name.

Type: string

vaultAuthorization

The user permissions.

Valid values:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageDirectoryMapping
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

Type: list of strings

businessAddress

The user’s postal address, including:

  • City, state, zip, and country
  • Street

Type: object

internet

The user's email addresses, including:

  • Home page
  • Home email
  • Business email
  • Other email

Type: object

phones

The user's phone numbers, including:

  • Home
  • Business
  • Cellular
  • Fax
  • Pager

Type: object

URL

 

 
https://<IIS_Server_Ip>/PasswordVault/WebServices/PIMServices.svc/Users/{UserName}

The following mandatory value is required in the URL:

Parameter

UserName (mandatory)

Type

String

Description

The name of the user to update.

Resource information

HTTP method

PUT

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session.

Body parameters

  
{
"NewPassword":"<string>",
"Email":"<string>",
"FirstName":"<string>",
"LastName":"<string>",
"ChangePasswordOnTheNextLogon":<bool>,
"ExpiryDate":"<string>",
"UserTypeName":"<string>",
"Disabled":<bool>,
"Location":"<string>”
}

 

Parameter

NewPassword (optional)

Type

String

Description

The user’s updated password. Make sure that this password meets the password policy requirements.

Default

Current value

Parameter

Email (optional)

Type

String

Description

The user’s email address.

Default

Current value

Parameter

FirstName (optional)

Type

String

Description

The user’s first name.

Default

Current value

Parameter

LastName (optional)

Type

String

Description

The user’s last name.

Default

Current value

Parameter

ChangePasswordOnTheNextLogon (optional)

Type

Boolean

Description

Whether or not the user must change their password in their next logon.

Valid values

true/false

Default

Current value

Parameter

ExpiryDate (optional)

Type

DateTime

Description

The date and time when the user’s account will expire and become disabled.

Default

Current value

Parameter

UserTypeName (optional)

Type

String

Description

The updated type of user, as specified in the CyberArk license.

Default

Current value

Parameter

Disabled (optional)

Type

Boolean

Description

Whether or not the user will be disabled when updated.

Valid values

true/false

Default

Current value

Parameter

Location (optional)

Type

String

Description

The new Location of the updated user in the Vault hierarchy

Default

-

Result

  
{ 
"FirstName":"<string>",
"LastName":"<string>",
"UserName":"<string>",
"Email":"<string>",
"Source":"<string>",
"UserTypeName":"<string>",
"ChangePasswordOnTheNextLogon":<bool>,
"Expired":"<string>",
"ExpiryDate":"<string>",
"Disabled":"<bool>",
"AgentUser":"<bool>",
"Suspended":"<bool>",
"Location":"<string>"
}

 

Parameter

FirstName

Type

String

Description

The user’s first name.

Parameter

LastName

Type

String

Description

The user’s last name.

Parameter

UserName

Type

String

Description

The name of the updated user.

Parameter

Email

Type

String

Description

The user’s email address.

Parameter

Source

Type

String

Description

Whether the user was created in the PrivateArk Client or the PVWA, or is an external user who was created from an LDAP directory.

Valid values

LDAP/Internal

Parameter

UserTypeName

Type

String

Description

The new user type of this user, as specified in the CyberArk license.

Parameter

ChangePasswordOnTheNextLogon

Type

Boolean

Description

Whether or not the user will be forced to change their password in their next logon.

Parameter

Expired

Type

Boolean

Description

Whether or not the user’s password has expired

Parameter

ExpiryDate

Type

DateTime

Description

The date when the user’s account will expire and become disabled.

If the user account will never expire, ‘null’ will be returned.

Parameter

Disabled

Type

Boolean

Description

Whether or not the updated user is disabled.

Parameter

Suspended

Type

Boolean

Description

Whether or not the updated user is suspended.

Parameter

AgentUser

Type

Boolean

Description

Whether or not this user is a gateway user.

Valid values

true/false

Parameter

Location

Type

String

Description

The Location of the updated user in the Vault hierarchy.

Return codes

For a complete list of return codes, see Return Codes.