- Continued development to encompass any new documented features of the CyberArk API.
- psPAS v6.0...
- Fix
- Resolves issue where
Get-PASSafeMemberwould fail with error when using Gen2 API and specifyingMemberNameparameter. - Resolves issue where
Set-PASSafewould fail with error when using Gen2 API.- (Thanks alexR148!).
- Resolves issue where
- Fix
- Added
Request-PASJustInTimeAccessas Exported Function inpsPAS.psd1.
- Added
- Breaking Changes
Request-PASJustInTimeAccess- Command renamed from
Request-PASAdHocAccessin line with CyberArk feature nomenclature.
- Command renamed from
Get-PASSafeMember- Adds capability to get permissions for individual safe member using the Gen2 API from 12.2 onward.
- Addition of
UseGen1APIparameter allows operation against Gen1 API if required.
Set-PASSafeMember- Adds Gen2 API capability introduced in 12.2.
- Default operation is now via Gen2 API.
- Addition of
UseGen1APIparameter allows operation against Gen1 API if required.
Remove-PASSafeMember- Adds support for operation against Gen2 API introduced in PAS 12.2
- Default operation now requires 12.2
UseGen1APIparameter added to force operation against Gen1 API for earlier PAS versions.
Set-PASSafe- Adds Gen2 API capability introduced in 12.2.
- Default operation is now via Gen2 API.
- Addition of
UseGen1APIparameter allows operation against Gen1 API if required.
- New Commands
Get-PASAccountDetail- New experimental function developed using unofficial documentation
Revoke-PASJustInTimeAccess- New API function supported from 12.0 (previously missed)
- Revokes requested JIT access.
Clear-PASLinkedAccount- Unlinks associated Logon/Reconcile/ExtraPass accounts
Get-PASPlatformSummary- Returns basic platform system type information
- Other Updates
Get-PASSafe- Implements Get Individual Safe details using Gen2 API feature of PAS 12.2.
- Adds
UseGen1APIparameter to allow backward compatibility when using theSafeNameparameter. - Changes depreciation of Gen1 API operations from 12.2 to 12.3.
Get-PASUser- New
sortparameter added, supported from 12.2. - Added ability to filter by UserName using Gen2 API.
- Gen1 search by UserName now accessible by also specifying the introduced
UseGen1APIparameter.
- New
Get-PASGroup- New
sortparameter added, supported from 12.2.
- New
Add-PASGroupMember- Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
New-PASUser- Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
Remove-PASUser- Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
Set-PASUser- Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
Unblock-PASUser- Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
- Account Methods updated to apply to account details obtained via Gen2 API calls
VerifyPassword()- Updated method to use
Invoke-PASCPMOperation
- Updated method to use
ChangePassword()- Updated method to use
Invoke-PASCPMOperation
- Updated method to use
ReconcilePassword()- New method using
Invoke-PASCPMOperation
- New method using
GetDetails()- New method using
Get-PASAccountDetail
- New method using
- Alias Removal
- Removed alias values for previously depreciated command names
- Updates
Get-PASGroup- Added
includeMembersparameter based on this article.
- Added
- Updates
- Resolves issue where the
ConvertTo-UnixTimehelper function provided invalid values when the culture was not 'en-US'.- (Thanks liamwh!).
Set-PASUser- Sets
ValueFromPipelinebyPropertyName = $falseforExpiryDateparameter, avoids parameter validation exception when piping object representing user, such as the output fromGet-PASUSer, intoSet-PASUser.
- Sets
Get-PASAccountPassword- MachineName parameter changed to
stringtype (previously was incorrectly specified asswitch) - Added
UserNameparameter &ToPsCredential()Method to enable return of Credential Object.- (Thanks zamothh!)
- MachineName parameter changed to
- Resolves issue where the
- Updates
Get-PASSession- Catch errors getting the username of the logged on user so session token and other information can still be extracted from the module scope.
Add-PASSafeMember- Makes
InitiateCPMAccountManagementOperationsnon-mandatory; fixes issue introduced in5.1.16.
- Makes
Remove-PASGroupMember- Resolves issue where attempting to remove group member with an '@' symbol in the user name reported a 404 error.
Get-PASPlatform- Fixes issue where expected output was not displayed when using the
platformsparameterset.
- Fixes issue where expected output was not displayed when using the
- Updates
New-PASSession- Introduce support for providing response to RADIUS challenges featuring sub-options.
- Fixes Gen2 SAML Authentication:
- Code to get SAML Response via SSO using default credentials updated to correctly format authentication request.
SAMLResponseParameter added for user to provide their own SAMLResponse as string value.
Add-PASSafeMember- Fixes issue where some permissions may not be applied when piping object into function and using the Gen2 API.
- Breaking Changes
Get-PASSafeMember,Add-PASSafe,Get-PASSafe,Add-PASSafeMember,Remove-PASSafe- Default operation of these functions is now to use the Gen2 API.
- The
-UseGen1APIParameter can be specified to force use of the Gen1 API for the following commands:Get-PASSafeMemberAdd-PASSafeMemberAdd-PASSafeRemove-PASSafe
Find-PASSafe- External changes to the API mean
Find-PASSafecannot be used past version 11.7. - Equivalent API functionality now exists in
Get-PASSafeusing the Gen2 ParameterSet.
- External changes to the API mean
- New Functions For CyberArk Version 12.0:
New-PASAccountPassword- Defines a password value based on the policy for an account
Set-PASGroup- Updates vault groups
- New Functions For CyberArk version 12.1:
Clear-PASDiscoveredAccountList- Clears Pending Accounts List
Get-PASAccountPasswordVersion- Returns details of available password versions
Set-PASLinkedAccount- Associates Linked Logon & Reconcile accounts
New-PASPrivateSSHKey- Generates new MFA Caching Private SSH Key
Remove-PASPrivateSSHKey- Deletes an MFA Caching Private SSH Key
Clear-PASPrivateSSHKey- Removes all MFA Caching Private SSH Keys
- Updated Functions For CyberArk Version 12.0:
Get-PASSafeMember- Updated to use the new Gen2 API endpoint available from version 12.0
MemberNameParameter depreciated past 12.2
Add-PASSafe- Updated to use the new Gen2 API endpoint available from version 12.0
Get-PASSafe- Updated to use the new Gen2 API endpoint available from version 12.0
- Updated Functions For CyberArk Version 12.1:
Add-PASSafeMember- Updated to use the new Gen2 API endpoint available from version 12.1
- Gen 1 will not work post 12.2
Get-PASSafeMember- Updated to include new filter parameters available from version 12.1
- Additional Gen2 Parameters available
Get-PASSafe- Updated to include new Parameter available in 12.1
Remove-PASSafe- Updated to use the new Gen2 API endpoint available from version 12.1
- Gen 1 will not work post 12.2
Get-PASUser- Updated to include the new
ExtendedDetailsparameter available from version 12.1 - Additional Gen2 Parameter available
- Updated to include the new
- Other
Get-PASAccount- Removed depreciated Parameter
offset - Removed depreciated Parameter
limit
- Removed depreciated Parameter
- Fixes
Set-PASAccount- Fix issue where JSON was not formatted as required when attempting to execute multiple operations in a single request.
- New Functions
Add-PASOpenIDConnectProvider- Adds a new OIDC authentication provider configuration
Get-PASOpenIDConnectProvider- Lists configured OIDC authentication providers
Set-PASOpenIDConnectProvider- Updates a configured OIDC authentication provider
Remove-PASOpenIDConnectProvider- Deletes a configured OIDC authentication provider
Remove-PASAuthenticationMethod- Deletes a configured auth method
- Updated Functions
Add-PASDiscoveredAccount- Adds support for Azure platform
Get-PASDiscoveredAccount- Adds support for Azure platform
- Other Updates & Fixes
Set-PASAccount- Fix issue where JSON was truncated when attempting to perform multiple operations.
New-PASSession- Fix issue where
concurrentSessionbody was not sent with request when using integrated authentication.
- Fix issue where
- Replaced comment based help with external help.
- New Functions
Start-PASAccountImportJob- Add multiple accounts to existing safes
Get-PASAccountImportJob- Get status of bulk account import jobs
New-PASAccountObject- Formats an object to include in the list of accounts to be added using
Start-PASAccountImportJob.
- Formats an object to include in the list of accounts to be added using
Get-PASDiscoveredAccount- Search for and list discovered accounts.
- Updated Functions
Get-PASAccount- Updated to remove repeated code
Add-PASAccount- Updated to use
New-PASAccountObjectto create required request object.
- Updated to use
New-PASUser- Updated to remove repeated code
Set-PASUser- Updated to remove repeated code
- Fixes
Get-PASAccount- Fixes issue where no output would be shown if
filterparameter was used.
- Fixes issue where no output would be shown if
Get-PASApplicationAuthenticationMethod- Adds properties
Subject,Issuer&SubjectAlternativeNameto output view.
- Adds properties
- Updated Functions
New-PASRequest- Added Parameters:
AllowMappingLocalDrivesAllowConnectToConsoleRedirectSmartCardsPSMRemoteMachineLogonDomainAllowSelectHTML5
- These are the documented properties expected to be sent as connectionParams.
- Removes the need for a module user to specify these as a hashtable.
- Added Parameters:
Get-PASAccountcategoryModificationTimeadded to list output
Get-PASUser- Fixed issue where an object with no property values would be returned if no user was found.
Get-PASPTAEvent- Adds parameter
fromUpdateDate. - Removes parameter
UseLegacyMethod. - Lowers required version from 11.4 to 11.3 when using certain parameter combinations.
- Adds parameter
- Other Fixes & Updates
- Fixed issue where json displayed in debug output may not have been valid.
- Updates to codebase and refactored functions to remove repeated code.
- Behaviour Changes
- Renamed
Get-PASPSMConnectionParametertoNew-PASPSMSession
- Renamed
- New Functions
Get-PASAllowedReferrer- Lists configured allowed referrers.
- Requires PAS 11.5
Add-PASAllowedReferrer- Adds a new allowed referrer
- Requires PAS 11.5
Get-PASAccountSSHKey- Retrieves Private SSH Key of Account
- Requires PAS 11.5
Get-PASAuthenticationMethod- Lists Authentication method details
- Requires PAS 11.5
Add-PASAuthenticationMethod- Adds new authentication method
- Requires PAS 11.5
Set-PASAuthenticationMethod- Updates authentication method
- Requires PAS 11.5
Get-PASConnectionComponent- Lists all connection components
- Requires PAS 11.5
Get-PASPSMServer- Lists all configured PSM Servers
- Requires PAS 11.5
Get-PASPlatformPSMConfig- Returns PSM configuration of Platform
- Requires PAS 11.5
Set-PASPlatformPSMConfig- Updates PSM configuration of platform
- Requires PAS 11.5
- Updated Functions
New-PASPSMSession- Removed Parameter:
connectionParams - Added Parameters:
AllowMappingLocalDrivesAllowConnectToConsoleRedirectSmartCardsPSMRemoteMachineLogonDomainAllowSelectHTML5
- These are the documented properties expected to be sent as connectionParams.
- This update removes the need for a module user to specify these as a hashtable.
- Removed Parameter:
Get-PASAccount- Added parameters
safeName&modificationTime.- Can be used instead of specifying a correctly formated value for
filter. modificationTimeis documented as a valid filter option since 11.4
- Can be used instead of specifying a correctly formated value for
- Added parameters
Get-PASGroup- Adds parameter
groupType- Can be used instead of specifying a correctly formated value for
filter.
- Can be used instead of specifying a correctly formated value for
- Adds parameter
- Other Fixes & Updates
New-PASRequest- Fixed potential issue with date values converted into UNIXTimeStamp.
Get-PASAccount- Fixed potential issue with date values converted into UNIXTimeStamp.
Add-PASDiscoveredAccount- Fixed potential issue with date values converted into UNIXTimeStamp.
-
Behaviour Changes
Get-PASPlatform- When invoked with no parameters to return details of all configured platforms, defaults to operation against the endpoint for the 11.4 API.
- When invoked with a value provided for the
Activeparameter, will perform operation against the endpoint for the 11.4 API. - To utilise the 11.1 api endpoint, a value should be provided for the
PlatformTypeand/orSearchparameters, or,ActiveandPlatformTypeand/orSearchparameters.
New-PASSession- Value for OTP will be prompted for if no value is provided for this parameter.
- The prompt will now relay the text of the response from the RADIUS server.
- Value for OTP will be prompted for if no value is provided for this parameter.
-
New Functions
Copy-PASPlatform- Duplicates target, dependent, group or rotational group platform to a new platform.
- 11.4 functionality, missed in the
4.0.0release.
Disable-PASPlatform- Disables, target, group or rotational group platform.
- 11.4 functionality, missed in the
4.0.0release.
Enable-PASPlatform- Enables, target, group or rotational group platform.
- 11.4 functionality, missed in the
4.0.0release.
Remove-PASPlatform- Deletes, target, dependent, group or rotational group platform.
- 11.4 functionality, missed in the
4.0.0release.
Remove-PASGroup- Deletes a specified vault user group
- 11.5 functionality.
-
Updated Functions
Get-PASPlatform- Update to enable query of dependent, group, rotational group platforms
- Update to include additional filters available for querying target platoforms
- 11.4 functionality, missed in the
4.0.0release. - Function now defaults to 11.4 target platform endpoint if no parameters are specified.
Get-PASUser- 11.5 output includes group membership details.
- group membership property may be included in output when function is executed from earlier versions, but its content will be blank.
New-PASSession- OTP can now be omitted entirely from used parameters in scenarios where the value is unknown.
- Response from RADIUS now used as message for Read-Host prompt for OTP.
- Depreciated need for use of OTPMode parameter when a prompt for the OTP is required.
-
Other Fixes & Updates
- Documentation updated.
- Duplicated code for creating the query portion of a URL replaced with new helper function internal to the module.
-
Breaking Changes
Get-PASSafeMember,Add-PASSafeMember&Set-PASSafeMember: Output Changed- "Permission" property of returned object now contains a nested property=value pair for each permission instead of an array containing only the name of the assigned permissions.
- Existing scripts which rely on the legacy array value of the
Permissionsproperty when working with the*-PASSafeMemberfunctions must either be updated to work with the new output or use an earlier compatible psPAS version.
-
New Function
- Added
Set-PASPTAEvent- Appeared in 11.3
- Set status of PTA events
- Added
-
Updated Functions
New-PASSession- Adds support for updated saml auth updated in 11.4
Get-PASPTAEvent- Adds newly documented parameters for 11.4 and updates request format for filtering events
-
Fixes
Set-PASUser- Corrects issue where an incorrectly formed json body was being sent with the request if using the parameters introduced in psPAS 3.3.88.
Add-PASSafeMember&Set-PASSafeMember- Update ensures json body of request is always sent with the permission properties statically ordered.
- Changes minimum required PowerShell version to 5.1
- Updates + Fixes
- Marginal performance improvement by suppressing progress bar for
Invoke-WebRequest. Add-PASAccount- Fixed bug where mandatory username parameter is not sent in the request body when using the classic API.
Get-PASDirectoryMapping- include MappingID in default table output
Get-PASSafeMember- Updated help text to clarify
MemberNameparameter and expected failure conditions due to request method (PUTinstead ofGET)
- Updated help text to clarify
- Marginal performance improvement by suppressing progress bar for
- Breaking Changes
Add-PASApplicationAuthenticationMethod- Parameters Changed- Removed
AuthName&AuthValueparameters - Added named parameters for each authentication type, which accept the
AuthValuestring.
- Removed
- Updates + Fixes
New-PASSession- Added Parameter
concurrentSession- supported from 11.3 - Added support for Windows + RADIUS authentication
- PSCredential object can now be used for Windows/IIS Authentication.
- Added logic to prompt for OTP by supplying a value of
passcodeto theOTPparameter
- Added Parameter
Add-PASApplicationAuthenticationMethod- Added support for configuring Certificate Attribute authentication method
-
Breaking Changes
- Parameters Changed:
New-PASDirectoryMapping&Set-PASDirectoryMapping- Functions updated to use enum flag for mapping authorization options
MappingAuthorizations- Parameter now accepts string values representing the authorizations to configure for the mapping instead of an integer representation of them.
- The following parameters are no longer accepted by the functions, the string values must now be provided to the
MappingAuthorizationsparameter instead:AddUpdateUsersAddSafesAddNetworkAreasManageServerFileCategoriesAuditUsersBackupAllSafesRestoreAllSafesResetUsersPasswordsActivateUsers
- Parameters Changed:
-
New Function
- Added
Test-PASPSMRecording- New in 11.2
- Added
-
Fixes & Other Updates
- Update
Get-PASAccountto acceptsearchTypeparameter. Relevant to 11.2+. - Fixed incorrectly declared mandatory parameter in
Set-PASUser- No longer required to set new password on user update.
- Update
psPAS.CyberArk.Vault.User.Formats- Include expiry & last logon date in friendly format.
- New table format for displaying user information returned from API requests.
- Performance related updates to internal module mechanics.
- All functions help text updated to include link to function documentation on https://pspas.pspete.dev
- Corrections & updates to documentation on https://pspas.pspete.dev
- Update
-
New Functions
New-PASGroup- Creates CyberArk Groups
- Requires 11.1
Get-PASPlatformSafe- List safes by platform id
- Requires 11.1
Remove-PASDirectoryMapping- Delete Directory Mappings
- Requires 11.1
Enable-PASCPMAutoManagement- Enable Automatic CPM Management for an Account.
- Requires 10.4+
Disable-PASCPMAutoManagement- Disable Automatic CPM Management for an Account.
- Requires 10.4+
-
Updated Functions
Set-PASDirectoryMapping- MappingAuthorizations parameter no longer accepts pipeline input
Add-PASDiscoveredAccount- Added features introduced in version 10.8
- Supports Account Dependency & AWS specific parameters
Get-PASPlatforms- Added features introduced in version 11.1
- New options for finding platforms
Remove-PASUser- Added features introduced in version 11.1
- Delete User by ID
Set-PASUser- Added features introduced in version 11.1
- Expanded options for updating users.
New-PASSession- Added
Certificateparameter to allow specification of a client certificate to be used for a secure web request.
- Added
-
Fixes & Other Updates
Get-PASAccountPassword- Fixed incorrectly escaped value for passwords beginning with ""
New-PASRequest- Fixed incorrect parameter name which prevented requests specifying multiple access as required being created.
- Error Reporting
- Added more verbose error messages.
- Update Format for
psPAS.CyberArk.Vault.User- Change default displayed properties when searching users with V10 API.
- Minor updates to Help Text.
- Clarified version requirements for parameters & api capabilities.
- Fixes
Add-PASSafeMember- Update validation of MemberName parameter to not accept values containing
&symbol.
- Update validation of MemberName parameter to not accept values containing
- Update
- Raise minimum required PowerShell version to 5.0.
-
Updates
New-PASSession- Adds support for sending OTP in response to RADIUS Challenge
- Adds support to skip certificate validation
-
Fixes
Get-PASAccountPassword- Parameter name corrected to
TicketingSystemfromTicketingSystemName
- Parameter name corrected to
- Fixes
New-PASSession- Fixes issue where authentication token was not available to other module functions after authenticating via the v10 API endpoint from CyberArk v9.X.
- Fixes
Set-PASAccount- Fixes non-terminating error when not piping an object into the function and using the Classic API.
- Updates
Add-PASSafeMember- Added parameter aliases for permission name equivalent names returned from Get-PASSafeMember.
Get-PASSafeMember- Updated help text to detail permission name equivalents returned from the API.
- New Functions
Set-PASUserPassword- Reset user passwords
Set-PASDirectoryMappingOrder- Reorder directory mappings
- Updated Functions
New-PASDirectoryMapping- Added parameter
UserActivityLogPeriodfor 10.10 API
- Added parameter
Set-PASDirectoryMapping- Added parameter
UserActivityLogPeriodfor 10.10 API
- Added parameter
Get-PASUser- Added parameter
idfor 10.10 API
- Added parameter
Unblock-PASUser- Added parameter
idfor 10.10 API endpoint
- Added parameter
2 years since first commit Anniversary Edition
- Breaking Changes
- Module Wide Parameter Changes
BaseURI,WebSession,PVWAAppName,SessionToken,ExternalVersion- no longer required parameters.
New-PASSessionstill requiresBaseURI, and will acceptPVWAAppName
UseV9API&UseV10APIParameters renamed toUseClassicAPI- Where functions support operations against both Classic & V10 API, default behaviour is to use the V10 API.
- Specify the
UseClassicAPIswitch parameter to force usage of the Classic API Endpoint.
- Values for
BaseURI,WebSession,PVWAAppName,SessionToken&ExternalVersionare not returned from module functions in output.
- Functions Removed
New-PASSAMLSession- Functionality moved into
New-PASSession.
- Functionality moved into
New-PASSharedSession- Functionality moved into
New-PASSession.
- Functionality moved into
Close-PASSAMLSession- Functionality moved into
Close-PASSession.
- Functionality moved into
Close-PASSharedSession- Functionality moved into
Close-PASSession.
- Functionality moved into
Start-PASCredChange- Functionality moved into
Invoke-PASCPMOperation.
- Functionality moved into
Start-PASCredVerify- Functionality moved into
Invoke-PASCPMOperation.
- Functionality moved into
Invoke-PASCredChange- Functionality moved into
Invoke-PASCPMOperation.
- Functionality moved into
Invoke-PASCredVerify- Functionality moved into
Invoke-PASCPMOperation.
- Functionality moved into
Invoke-PASCredReconcile- Functionality moved into
Invoke-PASCPMOperation.
- Functionality moved into
- Aliases Removed
Get-PASApplications- Removed old pluralised aliasGet-PASApplicationAuthenticationMethods- Removed old pluralised aliasGet-PASAccountCredentials- Removed old pluralised aliasGet-PASSafeMembers- Removed old pluralised alias
- Module Wide Parameter Changes
- New Functions
Find-PASSafe(Thanks (again) steveredden!)- List or search safes by name
Invoke-PASCPMOperation- Invoke CPM Verify, Change & Reconcile via v10 or Classic API.
Get-PASSession- Return module scope variable values which are used to perform each request to the API.
Use-PASSession- Set module scope variable values which are used to perform each request to the API.
- Updated Functions
New-PASSession- Added
CertificateThumbprintParameter- Allows requests to be sent with details required for Client Certificate authentication.
- Added
OTPParameter- Allows One Time Passcode to be provided, which is then sent with the password value.
- Tested with Duo RADIUS.
- Allows One Time Passcode to be provided, which is then sent with the password value.
- Added SAML authentication option.
- Added Shared authentication option
- Removed
$SecureMode&$AdditionalInfoparameters.
- Added
Get-PASPSMConnectionParameter- Now saves an RDP file returned from an API request.
pathparameter now expects a folder to save the file to.- Output file is named automatically
Export-PASPlatformpathparameter now expects a folder to save the file to.- Output file is named automatically
Export-PASPSMRecordingpathparameter now expects a folder to save the file to.- Output file is named automatically
- Fixes
New-PASUser- Added
ChangePassOnNextLogonparameter for working with latest API method - Fixes issue where
New-PASUserwas failing to set the change password at next logon flag for a new user.
- Added
- Other
- Improvements to exception handling and error reporting.
- Fix
Add-PASDirectory- Parameter
SSLConnectadded (required if adding LDAPS hosts) - Thanks (again) jmk-foofus!
- Parameter
- Updated Functions
New-PASUser- Added support for the updated Add User API method for v10.9
Get-PASUser- Added support for the updated Get Users API method for v10.9
- Updates
Get-PASSafeMember- Added
MemberNameparameter- Returns all safe permissions of a specific user.
- Added
Get-PASAccountActivity- Added Alias
idtoAccountIDparameter
- Added Alias
Invoke-PASCredChange- Added Alias
idtoAccountIDparameter
- Added Alias
Invoke-PASCredReconcile- Added Alias
idtoAccountIDparameter
- Added Alias
Invoke-PASCredVerify- Added Alias
idtoAccountIDparameter
- Added Alias
Start-PASCredChange- Added Alias
idtoAccountIDparameter
- Added Alias
Start-PASCredVerify- Added Alias
idtoAccountIDparameter
- Added Alias
Unlock-PASAccount- Added Alias
idtoAccountIDparameter
- Added Alias
- Fix
Add-PASApplication- Parameter
BusinessOwnerPhonechanged to[string]type
- Parameter
- Updated Functions (Thanks steveredden!)
Get-PASAccount- Support for nextLink implemented to return maximum number of query results.
- TimeoutSec parameter added
Get-PASSafe- TimeoutSec parameter added
- New Functions
Get-PASDirectoryMapping- Get directory mappings configured for a directory
Get-PASDirectoryMapping- Adds a new Directory Mapping for an existing directory
Remove-PASDirectory- Removes a directory configured in the Vault
- Updated Functions
Add-PASDirectory- Added parameter
DCList
- Added parameter
Get-PASDirectory- Function output updated to contain more properties
New-PASDirectoryMapping- Added parameters
VaultGroups,Location,LDAPQuery
- Added parameters
Set-PASSafe- Now supports renaming a safe via
NewSafeNameparameter
- Now supports renaming a safe via
- Other Updates
- Updated comment based help content based on user feedback.
-
Updated Functions / Bug Fix / Breaking Change
Close-PASSession- Now sends request to V10 URL by default.
- New parameter added to send request to V9 API if required.
psPAS.psm1- Updated to improve module load time.
- Original import method can be forced by specifying
Import-Module -Name psPAS -ArgumentList $true
-
Fixed
New-PASSession- Fixed unexpected element in request body when specifying UseDefaultCredentials with Windows Authentication.
- Bug Fix
- Remove debug output which could contain plaintext passwords.
- Thanks karrth!
- Remove debug output which could contain plaintext passwords.
- New Functions
Get-PASPSMSessionActivity- Returns activity details from an active PSM Session.
Get-PASPSMSessionProperty- Returns property details from an active PSM Session.
Get-PASPSMRecordingActivity- Returns activity details from a PSM Recording.
Get-PASPSMRecordingProperty- Returns property details from a PSM Recording.
Export-PASPSMRecording- Allows saving of PSM Session Recording to a file.
Request-PASAdHocAccess- Enables request of temporary administrative access to a server.
- Updated Functions
Get-PASPSMRecording- Now able to query PSM recordings by ID.
Get-PASAccount- Updated to include return of
InternalPropertiesproperty when using the V9 API.
- Updated to include return of
Get-PASPSMConnectionParameter- Added support for RDP File output
- Fixed
Invoke-PASRestMethod- Specify "UseBasicParsing" on each request to prevent issues when run on machines which do not have IE available and initialized.
-
New Functions
Get-PASGroup- Enables querying of Vault Groups
Remove-PASGroupMember- Enables removal of vault group members
Set-PASOnboardingRule- Enables updates to existing Onboarding Rules
Add-PASDiscoveredAccount- Enables addition of discovered accounts or SSH keys as a pending account in the accounts feed
Connect-PASPSMSession- Retrieves parameters needed to monitor an in-progress PSM session
-
Updated Functions
Get-PASDirectory- Now possible to query LDAP Directory by name
Get-PASAccountGroup- Updated to use API endpoint in 10.5
Get-PASPSMConnectionParameter- Updated to cater for Ad-Hoc Connections with unmanaged accounts
-
Bug Fixes
- Use of TLS 1.2 Protocol enforced when using PSCore
- Update
New-PASSession- Option added to use Windows integrated authentication with default credentials
- Thanks steveredden!
- Option added to use Windows integrated authentication with default credentials
- Bug Fix
Get-PASAccountPassword- Fix applied to allow accountID from version 10 to be accepted from pipeline object.
Get-PASAccount- Validation added to
limitparameter.
- Validation added to
- Bug Fix
Get-PASAccountPassword- Backward compatibility for retrieving password values from CyberArk version 9 restored.
- Bug Fix
Export-PASPlatform- Exported files were invalid, now fixed.
- Thanks jmk-foofus!
- New Functions
Get-PASPTAEvent- function added, returns security events from PTA.Get-PASPTARule- function added, returns rules from PTA.Get-PASPTARemediation- function added, returns automatic remediation settings frm PTA.Add-PASPTARule- function added, adds a new rule to PTA.Set-PASPTARule- function added, updates a rule in PTA.Set-PASPTARemediation- function added, updates automatic remediation.settings in PTA.
- Updated Function
Set-PASAccount, updated to support new 10.4 API features.- Thanks Assaf!
The 1 year since first commit anniversary edition
-
Breaking Changes
New-PASSession- Function now defaults to the v10 API Endpoints
- Users on CyberArk Version 9 need to specify the
-UseV9APIswitch parameter
New-PASOnboardingRule- Function now defaults to the ParameterSet relating to version 10.2 onwards
Add-PASPendingAccount- Parameter
AccountDiscoveryDatechanged to type[datetime]
- Parameter
Add-PASApplication- Parameter
ExpirationDatechanged to type[datetime]
- Parameter
Add-PASSafeMember- Parameter
MembershipExpirationDatechanged to type[datetime]
- Parameter
Set-PASSafeMember- Parameter
MembershipExpirationDatechanged to type[datetime]
- Parameter
New-PASUser- Parameter
ExpiryDatechanged to type[datetime]
- Parameter
Set-PASUser- Parameter
ExpiryDatechanged to type[datetime]
- Parameter
-
New Functions
Export-PASPlatformfunction added, allows export of platform to a zip file.Get-PASUserLoginInfofunction added, retrieves logon information for the authenticated user.Add-PASDirectoryfunction added, adds a new LDAP directory for authentication.Get-PASDirectoryfunction added, lists LDAP directories.New-PASDirectoryMappingfunction added, creates new LDAP Directory mappings.
-
Bug Fixes
New-PASSession- Fixed issue where module was not returning authentication token when using LDAP credentials in version 10.3.
- To use LDAP authentication the
-type LDAPmust be specified as a parameter.
- To use LDAP authentication the
- Fixed issue where module was not returning authentication token when using LDAP credentials in version 10.3.
-
Other Updates
Remove-PASAccount, updated to support new 10.4 API features.Get-PASAccount, updated to support new 10.4 API features.- Version Check:
- All logon functions now attempt to query the version of CyberArk in use, and return the External Version number as an additional output property.
- The version check after logon can be skipped by specifying the
-SkipVersionCheckparameter.
- The version check after logon can be skipped by specifying the
- Functions, or, functions with specific parameters, that have minimum version requirements will assert that the version being used can support the action being requested.
- If a minimum version requirement is not met, a descriptive error will be thrown.
- If the version of CyberArk is unknown, or the version check has been skipped, version assertion will not occur.
- All logon functions now attempt to query the version of CyberArk in use, and return the External Version number as an additional output property.
- Output:
- Any function that does return output, now includes the CyberArk ExternalVersion as a standard property.
- This enables functions along the pipeline to receive the information and assert and minimum version requirements.
- Any function that does return output, now includes the CyberArk ExternalVersion as a standard property.
- PSCore:
- All testing via Appveyor has now been transitioned to, and is performed in, PSCore.
-
New Function
Import-PASConnectionComponentfunction added, allows import of connection component from zip file.
-
Bug Fixes
- Updates to some functions and test scripts to fix Pester & PSScriptAnalyzer failures/violations/errors
- Updates to some pester tests to allow them to run & pass in PowerShell Core
-
Other Updates
- Build, Test, Deploy process updated to run in PowerShell Core instead of Windows PowerShell 5
- Removed about_psPAS_Versions.help.txt - an unhelpful help file.
- Bug Fix:
- Fix added to specify
-SkipHeaderValidationonInvoke-WebRequestif using PowerShell Core.- Thanks Serge!
- Fix added to specify
- Bug Fixes:
New-PASSession,New-PASSAMLSession&New-PASSharedSessionprevented from providing output (except error message) in the event of a failure
-
New Functions
New-PASOnboardingRulehas added parameters available from 10.2 onwards. The 9.8 & 10.2 parameters are configured as separate parametersets.Get-PASOnboardingRulehas a new parameter added, allowing search of Onboarding rules by name in version 10.2Import-PASPlatformfunction added, allowing import of CPM PlatformsGet-PASPSMConnectionParametersupdated to facilitate return of HTML5 connection data when PSMGW is configured.Suspend-PASPSMSession&Resume-PASPSMSessionfunctions added, expanding on the automatic mitigation capability for PSM Sessions.
-
Attained 100% Code Coverage in the Tests for the module.
- Bug Fixes:
Add-PASAccountGroupMembernow sends AccountID with request.New-PASAccountGroupfixed an incorrect parameter name (GroupPlatformID).New-PASSAMLSession- basic authentication token now sent in request header.Get-PASOnboardingRule,New-PASOnboardingRule&Remove-PASOnboardingRule, parameters updated to allow specification of alternate PVWA application name (in-line with the rest of the module's functions).
Published to PowerShell Gallery