psPAS is a PowerShell interface for the CyberArk REST Web Services.
psPAS communicates with a CyberArk Privileged Access Security Web Service to submit requests and receive data.
It send commands to the Web Service, enabling a user to issue create, list, modify, and delete commands to be
executed against entities in a Privileged Access Security solution from either a PowerShell console or script.
To utilise psPAS, you must have access to a CyberArk Privileged Access Security Web Service and a user account
that can be used to log in to the Web Service.
Which module functions, or in some use cases, which parameters or parametersets of particular functions, can
be used, depends on the version of the CyberArk Web Service. The compatibility of each module command with
each CyberArk version is shown in the following table:
It is required to authenticate with the Web Service before issuing any commands. After successful authentication,
the authorization token is acquired and used for any subsequent requests to the Web Service.
PS C:\> New-PASSession -Credential $VaultCredentials -BaseURI https://PVWA_URL
All subsequent calls to the API will have access to the necessary authorization token value following a successful
authentication with New-PASSession.
All functions of the module accept pipeline input, allowing chains of commands to be created.
Find and update a user:
PS C:\> Get-PASAccount pete | Set-PASAccount -Address 10.10.10.10 -UserName pspete
Activate a Suspended CyberArk User:
PS C:\> Get-PASUser PebKac | Unblock-PASUser -Suspended $false
Add a User to a group:
PS C:\> Get-PASUser -UserName User | Add-PASGroupMember Group
Update Version Retention on all Safes:
PS C:\> Get-PASSafe | Set-PASSafe -NumberOfVersionsRetention 25