Create directory mapping

This method creates a directory mapping in the Vault.

To run this web service, the user must be a member of the Vault Admins group and have the following permissions:

  • Audit Users

  • Add/Update users

  • Manage Directory Mapping

URL

 

https://<IIS_Server_Ip>/PasswordVault/API/Configuration/LDAP/Directories/{DirectoryUID}/Mappings/
  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

Resource information

HTTP method

Content type

POST

application/json

Header parameter

Parameter

Description

Authorization

The token that identifies the session.

Type: String

Valid values: A session token that was returned from the “Logon” method.

Body parameters

 
{
"MappingName": "string",
"LDAPBranch": "string",
"DomainGroups": [
"string"
],
"MappingAuthorizations": [
],
"UserActivityLogPeriod": <1-3650>
}

Parameter

Description

MappingName

The name of the PAM - Self-Hosted role that is created. For example: Vault Admins, Safe Managers.

Type: String

Mandatory: Yes

LDAPBranch

The LDAP branch that is used for external directory queries.

Type: String

Mandatory: Yes

DirectoryMappingOrder

In the Directory Mapping window, the order in which the maps are matched with users and groups from the External Directory to determine if they can be created in the Vault.

Type: Integer

Default value: Will be added as last.

Mandatory: No

DomainGroups

Users who belong to these LDAP groups are automatically assigned to the relevant roles in the PAM - Self-Hosted system.

Type: List of strings

Mandatory: No

MappingAuthorization

The security attributes and authorizations that are applied when an LDAP user account is created in the Vault.

Possible authorizations:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

To apply specific authorizations to a mapping, the user must have the same authorizations.

Type: List of strings

Mandatory: No

Location

The specific location of the Vault where mapped users are added.

Type: String

Mandatory: No

Groups

The built-in Vault groups that the mapped users are added to.

Type: List of strings

Mandatory: No

UserActivityLogPeriod

The number of days that activity records are stored for users in the current mapping before they can be deleted.

Type: Number

Valid values: 1-3650

UsedQuota

Sets the disk quota allocated to the user in MB.

Type: Integer

Mandatory: No

Default value: 0 (unlimited)

AuthorizedInterfaces

Sets the authorized interface from the available interfaces defined by the license.

Type: String

Mandatory: No

Default value: None

EnableENEWhenDisconnected

Whether or not to monitor this user type's activity.

Type: Boolean

Mandatory: No

Default value: True

Result

 
{
"MappingName": "string",
"LDAPBranch": "string",
"DomainGroups": [
"string"
],
"MappingAuthorizations": [
1
],
"DirectoryMappingOrder": 0
}

Parameter

Description

MappingID

The UID of the specific mapping that was created.

Type: Integer

MappingName

The name of the PAM - Self-Hosted role that is created. For example: Vault Admins, Safe Managers

Type: String

LDAPBranch

The LDAP branch that is used for external directory queries.

Type: String

DirectoryMappingOrder

In the Directory Mapping window, the order in which the maps are matched with users and groups from the External Directory to determine if they can be created in the Vault.

Type: Integer

DomainGroups

Users who belong to these LDAP groups are automatically assigned to the relevant roles in the PAM - Self-Hosted system.

Type: List of strings

MappingAuthorization

The security attributes and authorizations that are applied when an LDAP user account is created in the Vault.

Possible authorizations:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

To apply specific authorizations to a mapping, the user must have the same authorizations.

Type: List of strings

Location

The specific location of the Vault where mapped users are added.

Type: String

Groups

The built-in Vault groups that the mapped users are added to.

Type: List of strings

UsedQuota

Sets the disk quota allocated to the user in MB.

Type: Integer

AuthorizedInterfaces

Sets the authorized interface from the available interfaces defined by the license.

Type: String

EnableENEWhenDisconnected

Whether or not to monitor this user type's activity.

Type: Boolean

Return codes

For a complete list of return codes, see Return Codes.