Update user

This method updates an existing Vault user.

  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

To use this API, you must have the following authorizations:

  • Add/Update Users
  • In order to edit changePassOnNextLogon , you must have the Reset Password authorization.

URL

 

https://<IIS_Server_Ip>/PasswordVault/API/Users/{userID}/

The following mandatory parameters are required in the URL:

Name

Description

UserID

The user's unique ID.

Resource information

HTTP method

PUT

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session.

Body parameters

 
{
"enableUser": true,
"changePassOnNextLogon": false,
"expiryDate": 1577836800,
"suspended": false,
"unAuthorizedInterfaces": [
"GUI"
],

"authenticationMethod": [
"AuthTypePass"
],
"passwordNeverExpires": true,
"distinguishedName": "JohnDoeRoe",
"description": "John Doe Roe",
"businessAddress": {
"workStreet": "Kuritania street",
"workCity": "Curitania",
"workState": "Suritania",
"workZip": "90211",
"workCountry": "Ruritania"
},
"internet": {
"homePage": "example.com",
"homeEmail": "John@example.net",
"businessEmail": "John@example.com",
"otherEmail": "John@example.org"
},
"phones": {
"homeNumber": "555-0100",
"businessNumber": "555-0101",
"cellularNumber": "0491 570 156",
"faxNumber": "555-0102",
"pagerNumber": "555-0103"
},
"personalDetails": {
"street": "Main street",
"city": "Curitania",
"state": "Suritania",
"zip": "90210",
"country": "Ruritania",
"title": "Mr. John",
"organization": "Acme",
"department": "newco",
"profession": "Doing Job",
"firstName": "John",
"middleName": "Doe",
"lastName": "Roe"
},
"id": 24,
"username": "JohnDR",
"source": "CyberArk",
"userType": "EPVUser",
"componentUser": false,
"vaultAuthorization": [
"AuditUsers"
],
"location": "\\"
}

 

Parameter

Description

username

(Mandatory) The name of the user.

Validations:

  • Length <= 128
  • No leading or trailing space
  • No trailing dot
  • When a name is longer than 28 characters, the 28th character in the name cannot be space
  • Cannot include the characters: "\\/:*?\"<>|\t\r\n\x1F"
  • The first 28 characters in the name must be unique

Type: string

userType

The user type that was returned according to the license.

Possible types could be any user types according to the license.

Type: string

Default: EPVUser.

unauthorizedInterfaces

The CyberArk interfaces that this user is not authorized to use.

Valid values (depend on the specific user type as defined in the license):

  • PIMSU
  • PSM
  • PSMP
  • PVWA
  • WINCLIENT
  • PTA
  • PACLI
  • HTTPGW
  • EVD
  • PIMSu
  • AIMApp
  • CPM
  • PVWAApp
  • PSMApp
  • AppPrv
  • AIMApp
  • PSMPApp

Type: list of strings

location

The location in the Vault where the user was created.

Validations:

  • Length <= 128 characters
  • Must begin with "\\", but cannot contain or end with "\\"
  • No trailing space

Type: string

Default: Root

expiryDate

The date when the user expires.

Type: Date-time

enableUser

Whether the user is enabled.

Type: boolean

Default: true

authenticationMethod

The authentication method that the user uses to log on.

valid values:

  • CyberArk
  • LDAP
  • RADIUS

Type: string

Default: CyberArk

password

The password that the user will use to log on for the first time.

This password must meet the password policy requirements.

Not required for PKI or LDAP.

Length <= 39 characters.

Type: string

changePassOnNextLogon

Whether or not the user must change their password from the second log on onward.

Type: boolean

Default: true

passwordNeverExpires

Whether the user’s password will not expire unless they decide to change it.

Type: boolean

Default: false

distinguishedName

The user’s distinguished name.

The usage is for PKI authentication, this will match the certificate Subject Name or domain name.

Type: string

vaultAuthorization

The user permissions.

To apply specific authorizations to a user, the user who runs this API must have the same authorizations.

Valid values:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageDirectoryMapping
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

Type: list of strings

businessAddress

The user’s postal address, including:

  • City, state, zip, and country (max 19 characters)
  • Street (max 29 characters)

Type: object

internet

The user's email addresses, including:

  • Home page
  • Home email
  • Business email
  • Other email

Max 319 characters (for each).

Type: object

phones

The user's phone numbers, including:

  • Home
  • Business
  • Cellular
  • Fax
  • Pager

Max 24 characters (for each).

Type: object

description

Notes and comments.

Max 99 characters.

Type: string

personalDetails

The user's personal details, including:

  • firstName, middleName, lastName, address (max 29 characters)
  • city, state, zip, country (max 19 characters)
  • title, organization, department, profession (max 49 characters)

Type: object

Results

 
{
"enableUser": true,
"changePassOnNextLogon": false,
"expiryDate": 1577836800,
"suspended": false,
"unAuthorizedInterfaces": [
"GUI"
],

"authenticationMethod": [
"AuthTypePass"
],
"passwordNeverExpires": true,
"distinguishedName": "JohnDoeRoe",
"description": "John Doe Roe",
"businessAddress": {
"workStreet": "Kuritania street",
"workCity": "Curitania",
"workState": "Suritania",
"workZip": "90211",
"workCountry": "Ruritania"
},
"internet": {
"homePage": "example.com",
"homeEmail": "John@example.net",
"businessEmail": "John@example.com",
"otherEmail": "John@example.org"
},
"phones": {
"homeNumber": "555-0100",
"businessNumber": "555-0101",
"cellularNumber": "0491 570 156",
"faxNumber": "555-0102",
"pagerNumber": "555-0103"
},
"personalDetails": {
"street": "Main street",
"city": "Curitania",
"state": "Suritania",
"zip": "90210",
"country": "Ruritania",
"title": "Mr. John",
"organization": "Acme",
"department": "newco",
"profession": "Doing Job",
"firstName": "John",
"middleName": "Doe",
"lastName": "Roe"
},
"id": 24,
"username": "JohnDR",
"source": "CyberArk",
"userType": "EPVUser",
"componentUser": false,
"vaultAuthorization": [
"AuditUsers"
],
"location": "\\"
}

 

Parameter

Description

id

The user's unique ID.

Type: number

username

(Mandatory) The name of the user.

Validations:

  • Length <= 128
  • No leading or trailing space
  • No trailing dot
  • When a name is longer than 28 characters, the 28th character in the name cannot be space
  • Cannot include the characters: "\\/:*?\"<>|\t\r\n\x1F"
  • The first 28 characters in the name must be unique

Type: string

source

The user management system the user belongs to.

Valid values:

  • CyberArk
  • LDAP

Type: boolean expression

changePassOnNextLogon

Whether or not the user must change their password from the second log on onward.

Type: boolean

Default: true

expiryDate

The date when the user expires.

Type: Date-time

userType

The user type that was returned according to the license.

Possible types could be any user types according to the license.

Type: string

unauthorizedInterfaces

The CyberArk interfaces that this user is not authorized to use.

Valid values (depend on the specific user type as defined in the license):

  • PIMSU
  • PSM
  • PSMP
  • PVWA
  • WINCLIENT
  • PTA
  • PACLI
  • HTTPGW
  • EVD
  • PIMSu
  • AIMApp
  • CPM
  • PVWAApp
  • PSMApp
  • AppPrv
  • AIMApp
  • PSMPApp

Type: list of strings

componentUser

Whether the user is a known component or not.

if the user is a component, then the value is true. Otherwise, it is false.

The following user types are considered components:

  • CPM
  • ENE
  • PVWA
  • PSM
  • AppProvider
  • OPMProvider
  • PIMProvider
  • PSMPServer
  • PSMPADBridge
  • PSMHTML5Gateway
  • CIFS
  • FTP
  • SFE
  • DCAInstance
  • FEWA
  • SEG

 

location

The user location.

Type: string

enabled

Whether or not the user is enabled.

Type: boolean

suspended

Whether or not the user is suspended.

Type: boolean

authenticationMethod

The authentication method that the user will use to log on.

Type: string

passwordNeverExpires

Whether the user’s password will not expire unless they decide to change it.

Type: boolean

distinguishedName

The user’s distinguished name.

The usage is for PKI authentication, this will match the certificate Subject Name or domain name.

Type: string

vaultAuthorization

The user permissions.

Valid values:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageDirectoryMapping
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

Type: list of strings

businessAddress

The user’s postal address, including:

  • City, state, zip, and country
  • Street

Type: object

internet

The user's email addresses, including:

  • Home page
  • Home email
  • Business email
  • Other email

Type: object

phones

The user's phone numbers, including:

  • Home
  • Business
  • Cellular
  • Fax
  • Pager

Type: object

Return codes

For a complete list of return codes, see Return Codes.