Update user
This method updates an existing
Make sure there are no spaces in the URL. The following characters are not supported in URL values: + & % |
Select the method you want to use:
To use this API, you must have the following authorizations:
- Add/Update Users
- In order to edit changePassOnNextLogon , you must have the Reset Password authorization.
URL
|
|
The following mandatory parameters are required in the URL:
Name |
Description |
---|---|
UserID |
The user's unique ID. |
Resource information
HTTP method |
PUT |
Content type |
application/json |
Header parameter
Parameter |
Authorization |
Type |
String |
Description |
The token that identifies the session. |
Body parameters
|
Parameter |
Description |
---|---|
username |
(Mandatory) The name of the user. Validations:
Type: string |
userType |
The user type that was returned according to the license. Possible types could be any user types according to the license. Type: string Default: EPVUser. |
unauthorizedInterfaces |
The CyberArk interfaces that this user is not authorized to use. Valid values (depend on the specific user type as defined in the license):
Type: list of strings |
location |
The location in the Vault where the user was created. Validations:
Type: string Default: Root |
expiryDate |
The date when the user expires. Type: Date-time |
enableUser |
Whether the user is enabled. Type: boolean Default: true |
authenticationMethod |
The authentication method that the user uses to log on. valid values:
Type: string Default: CyberArk |
password |
The password that the user will use to log on for the first time. This password must meet the password policy requirements. Not required for PKI or LDAP. Length <= 39 characters. Type: string |
changePassOnNextLogon |
Whether or not the user must change their password from the second log on onward. Type: boolean Default: true |
passwordNeverExpires |
Whether the user’s password will not expire unless they decide to change it. Type: boolean Default: false |
distinguishedName |
The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name. Type: string |
vaultAuthorization |
The user permissions. To apply specific authorizations to a user, the user who runs this API must have the same authorizations. Valid values:
Type: list of strings |
businessAddress |
The user’s postal address, including:
Type: object |
internet |
The user's email addresses, including:
Max 319 characters (for each). Type: object |
phones |
The user's phone numbers, including:
Max 24 characters (for each). Type: object |
description |
Notes and comments. Max 99 characters. Type: string |
personalDetails |
The user's personal details, including:
Type: object |
Results
|
Parameter |
Description |
---|---|
id |
The user's unique ID. Type: number |
username |
(Mandatory) The name of the user. Validations:
Type: string |
source |
The user management system the user belongs to. Valid values:
Type: boolean expression |
changePassOnNextLogon |
Whether or not the user must change their password from the second log on onward. Type: boolean Default: true |
expiryDate |
The date when the user expires. Type: Date-time |
userType |
The user type that was returned according to the license. Possible types could be any user types according to the license. Type: string |
unauthorizedInterfaces |
The CyberArk interfaces that this user is not authorized to use. Valid values (depend on the specific user type as defined in the license):
Type: list of strings |
componentUser |
Whether the user is a known component or not. if the user is a component, then the value is true. Otherwise, it is false. The following user types are considered components:
|
location |
The user location. Type: string |
enabled |
Whether or not the user is enabled. Type: boolean |
suspended |
Whether or not the user is suspended. Type: boolean |
authenticationMethod |
The authentication method that the user will use to log on. Type: string |
passwordNeverExpires |
Whether the user’s password will not expire unless they decide to change it. Type: boolean |
distinguishedName |
The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name. Type: string |
vaultAuthorization |
The user permissions. Valid values:
Type: list of strings |
businessAddress |
The user’s postal address, including:
Type: object |
internet |
The user's email addresses, including:
Type: object |
phones |
The user's phone numbers, including:
Type: object |
URL
|
|
The following mandatory value is required in the URL:
Parameter |
UserName (mandatory) |
Type |
String |
Description |
The name of the user to update. |
Resource information
HTTP method |
PUT |
Content type |
application/json |
Header parameter
Parameter |
Authorization |
Type |
String |
Description |
The token that identifies the session. |
Body parameters
|
Parameter |
NewPassword (optional) |
Type |
String |
Description |
The user’s updated password. Make sure that this password meets the password policy requirements. |
Default |
Current value |
Parameter |
Email (optional) |
Type |
String |
Description |
The user’s email address. |
Default |
Current value |
Parameter |
FirstName (optional) |
Type |
String |
Description |
The user’s first name. |
Default |
Current value |
Parameter |
LastName (optional) |
Type |
String |
Description |
The user’s last name. |
Default |
Current value |
Parameter |
ChangePasswordOnTheNextLogon (optional) |
Type |
Boolean |
Description |
Whether or not the user must change their password in their next logon. |
Valid values |
true/false |
Default |
Current value |
Parameter |
ExpiryDate (optional) |
Type |
DateTime |
Description |
The date and time when the user’s account will expire and become disabled. |
Default |
Current value |
Parameter |
UserTypeName (optional) |
Type |
String |
Description |
The updated type of user, as specified in the CyberArk license. |
Default |
Current value |
Parameter |
Disabled (optional) |
Type |
Boolean |
Description |
Whether or not the user will be disabled when updated. |
Valid values |
true/false |
Default |
Current value |
Parameter |
Location (optional) |
Type |
String |
Description |
The new Location of the updated user in the Vault hierarchy |
Default |
- |
Result
|
Parameter |
FirstName |
Type |
String |
Description |
The user’s first name. |
Parameter |
LastName |
Type |
String |
Description |
The user’s last name. |
Parameter |
UserName |
Type |
String |
Description |
The name of the updated user. |
Parameter |
|
Type |
String |
Description |
The user’s email address. |
Parameter |
Source |
Type |
String |
Description |
Whether the user was created in the PrivateArk Client or the PVWA, or is an external user who was created from an LDAP directory. |
Valid values |
LDAP/Internal |
Parameter |
UserTypeName |
Type |
String |
Description |
The new user type of this user, as specified in the CyberArk license. |
Parameter |
ChangePasswordOnTheNextLogon |
Type |
Boolean |
Description |
Whether or not the user will be forced to change their password in their next logon. |
Parameter |
Expired |
Type |
Boolean |
Description |
Whether or not the user’s password has expired |
Parameter |
ExpiryDate |
Type |
DateTime |
Description |
The date when the user’s account will expire and become disabled. If the user account will never expire, ‘null’ will be returned. |
Parameter |
Disabled |
Type |
Boolean |
Description |
Whether or not the updated user is disabled. |
Parameter |
Suspended |
Type |
Boolean |
Description |
Whether or not the updated user is suspended. |
Parameter |
AgentUser |
Type |
Boolean |
Description |
Whether or not this user is a gateway user. |
Valid values |
true/false |
Parameter |
Location |
Type |
String |
Description |
The Location of the updated user in the Vault hierarchy. |
Return codes
For a complete list of return codes, see Return Codes.