about_psPAS.help.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
TOPIC
    about_psPAS

SHORT DESCRIPTION
    psPAS is a PowerShell interface for the CyberArk REST Web Services.

LONG DESCRIPTION
    psPAS sends requests to , and receives data from, a CyberArk Privileged Access Security Web Service.
    It issues commands to the Web Service allowing a user to issue create, list, modify and delete operations to be
    performed against entities in a Privileged Access Security solution from either a PowerShell console or script.

EXAMPLES
    To use psPAS, access to a CyberArk Privileged Access Security Web Service, as well as a user account with which to
    authenticate to the Web Service is required.

    The version of the CyberArk Web Service will determine which of the modules functions, or in certain use cases,
    which parameters or parametersets of specific functions can be used. The following table lists module compatibility
    against CyberArk version:

    https://github.com/pspete/psPAS#module-functions

    Authentication to the Web Service must take place before any other commands can be issued, this is because every
    subsequent call to the web service requires the session token returned from the logon operation to be provided.

    LOGON:

    PS C:\> New-PASSession -Credential $VaultCredentials -BaseURI https://PVWA_URL

    The output of the New-PASSession function contains:
     - The CyberArk Authentication Token, required for all subsequent calls to the API
     - A WebSession object, useful if the API sits behind a loadbalancer
     - The specified Web Service (PVWA) URL
     - The connection Number, if specified.

    As all or some of the above properties will need be provided to subsequent functions, the New-PASSession output can
    be assigned to a variable for convenience:

    PS C:\> $token = New-PASSession -Credential $VaultCredentials -BaseURI https://PVWA_URL

    FURTHER COMMANDS:

    The $token variable can be piped into all other functions to provide the values for the mandatory parameters
    required to communicate with the Web Service:

    PS C:\> $token | Get-PASAccount -Keywords root -Safe UNIX

    or:

    PS C:\> $token | Add-PASSafe -SafeName psPAS -ManagingCPM PasswordManager -NumberOfVersionsRetention 10

    Alternatively, the mandatory parameters can be specified in the standard way:

    PS C:\> Get-PASUser -UserName uAdmin -sessionToken $token.SessionToken -BaseURI https://CyberArkURL

    PIPELINE OPERATIONS:

    All functions of the module accept pipeline input, and all functions which provide output include in their output
    the required values from New-PASSession. Therefore the session token etc are passed along the pipeline, allowing
    chains of commands to be created.

        Find and update a user:

        PS C:\> $token | Get-PASAccount pete | Set-PASAccount -Address 10.10.10.10 -UserName pspete

        Activate a Suspended CyberArk User:

        PS C:\> $token | Get-PASUser PebKac | Unblock-PASUser -Suspended $false

        Add a User to a group:

        PS C:\> $token | Get-PASUser -UserName User | Add-PASGroupMember Group

        Update Version Retention on all Safes:

        PS C:\> $token | Get-PASSafe | Set-PASSafe -NumberOfVersionsRetention 25


KEYWORDS
    CyberArk

SEE ALSO
    https://github.com/pspete/psPAS