v6.0.2

psPAS v6.0.2

Update & Breaking Change

• New-PASSession
  • All Privilege Cloud Shared Services Authentication via the CyberArk Identity Platform now depends on the pspete IdentityCommand module.
  • Adds Identity User Authentication, using the IdentityCommand module to satisfy Identity MFA challenges and obtain required authentication token to use against Privileged Cloud Shared Services.
  • Adds logic to determine correct Identity tenant URL based on provided Privileged Cloud Subdomain value.
  • Both Privileged Cloud API URL & Identity Portal URL are required to be specified if subdomain value is not provided.
  • Service User authentication for Shared Services introduced in recent previous versions requires installation of IdentityCommand module and specification of additional attribute.
  • See the docs & New-PASSession for full details.

v5.6.135

psPAS v5.6.135

Module update to cover all CyberArk 13.2 API features

psPAS Year 6

• New
  • Get-PASUserTypeInfo
    • Output information on User Types
  • Get-PASPTARiskEvent
    • Output PTA Risk Events
  • Set-PASPTARiskEvent
    • Update PTA Risk Events
  • Get-PASPTARiskSummary
    • Output PTA Risk Summary
  • New-PASRequestObject
    • Enables creation of request objects for bulk account access requests using New-PASRequest.
• Updates
  • New-PASSession
    • Adds option for PKIPN authentication.
      • Thanks (JesseMcWilliamss)!
    • Adds options to Shared Services Authentication capability
      • Supports different subdomains for Identity & Privilege Cloud tenants
      • Supports ability to provide tenant URLs for Identity & Privilege Cloud systems.
  • Unlock-PASAccount
    • Adds Unlock capability, in addition to the existing check-in capability.
      • Thanks & Credit to (Qrelis)for this!
  • Get-PASUser
    • Adds source parameter (allows filter by cyberark or ldap source).
    • Adds userStatus parameter (allows filter by active, disabled, or suspended status).
  • New-PASUser & Set-PASUser
    • Adds parameters userActivityLogRetentionDays, loginFromHour & loginToHour
  • New-PASRequest
    • Adds new ParameterSets BulkSearch, BulkFilter & BulkItems.
  • Get-PASRequest
    • Adds id parameter to support get status bulk request actions.

v5.5.110

psPAS v5.5.110

Module update to cover all CyberArk 13.0 API features

• New
  • Adds Get-PASPTAGlobalCatalog & Add-PASPTAGlobalCatalog commands, available for v13.
• Updates
  • New-PASSession
    • Adds Shared Services Auth Support
    • Allows null or empty OTPDelimiter to be specified
  • Set-PASPTARule
    • Updates validation for parameter id
  • Get-PASComponentDetail
    • Adds pta as option for parameter component
  • Add-PASSafe
    • Allows 0 as valid value for parameter NumberOfDaysRetention
  • Add-PASSafeMember
    • Adds optional memberType parameter, accepted from 12.6 onward.
• Other
  • Allow UPN UserName format
    • Updates the parameter validation logic of the *-PASPublicSSHKey functions to allow UPN style usernames to be specified and accepted.
  • Updates psPAS.CyberArk.Vault.OnboardingRule format in line with expected output according to product documentation.
  • Documentation update
    • Correct version requirement information for the Get-PASAccount searchType parameter.

v5.4.101

psPAS v5.4.101

• Fix Get-PASSafeMember
  • Corrects format of URL value when returning many safe members
    • Thanks InconstantRO!
• Documentation
  • Additional example added to Get-PASAccount help file
    • Thanks rorobig!

v5.4.94

psPAS v5.4.94

• Breaking Changes
  • Get-PASAccount
    • Removes Gen2Filter ParameterSet.
    • Equivalent functionality remains available via other available parameters.
  • Get-PASGroup
    • Removes filter ParameterSet.
    • Equivalent functionality remains available via other available parameters.
• New Commands
  • Publish-PASDiscoveredAccount
    • Feature Request: Onboards a discovered account.
    • Based on swagger documentation
  • Get-PASLinkedAccount
    • Gets details of linked accounts
  • Add-PASPersonalAdminAccount
    • Specific for Adding Personal Admin Accounts in Privilege Cloud.
    • Based on swagger documentation
• Other Updates
  • New-PASSession
    • Feature Request: Adds support for PKI Authentication.
  • Get-PASAccount
    • Adds limit & offset parameters.
  • Get-PASSafe
    • Corrects ambiguous invocation options (Gen1).
  • Documentation
    • General updates throughout.

v5.3.76

psPAS v5.3.76

• Updates
  • Set-PASUser / New-PASUser
    • Adds GUI as available parameter value for unAuthorizedInterfaces parameter.
• Gen1 API Specific
  • Add-PASAccount / Set-PASAccount
    • Fixes enumeration of dynamic properties for Gen1 requests.
  • Reverts Gen1 specific URL update introduced in last release for "user" type commands.
    • Removes forward slash (/) to end of request URL

v5.3.69

psPAS v5.3.69

Module update to cover all CyberArk 12.6 API features

• New Commands
  • Enable-PASUser
    • New command, supported from 12.6
  • Disable-PASUser
    • New command, supported from 12.6
• Updates
  • Get-PASAccount
    • Added savedFilter parameter, supported from 12.6
  • Get-PASGroup
    • Added id parameter, supported from 12.6
    • Added groupName parameter, supported from 12.2.
  • Get-PASAccountGroup
    • Depreciated use of "Get Safe account groups" API
    • Makes ParameterSet based on Get account group by Safe API the default.
  • Updates URL formatting to include a forward slash (/) to end of URL for functions which may include a dot (.) via provided parameter values.
  • Updated documentation and help text.

v5.2.59

psPAS v5.2.59

• Fix
  • Resolves issue where Get-PASSafeMember would fail with error when using Gen2 API and specifying MemberName parameter.
  • Resolves issue where Set-PASSafe would fail with error when using Gen2 API.
    • (Thanks alexR148!).

v5.2.54

psPAS v5.2.54

• Fix
  • Added Request-PASJustInTimeAccess as Exported Function in psPAS.psd1.

v5.2.52

psPAS v5.2.52

Module update to cover all CyberArk 12.2 API features

• Breaking Changes
  • Request-PASJustInTimeAccess
    • Command renamed from Request-PASAdHocAccess in line with CyberArk feature nomenclature.
  • Get-PASSafeMember
    • Adds capability to get permissions for individual safe member using the Gen2 API from 12.2 onward.
    • Addition of UseGen1API parameter allows operation against Gen1 API if required.
  • Set-PASSafeMember
    • Adds Gen2 API capability introduced in 12.2.
    • Default operation is now via Gen2 API.
    • Addition of UseGen1API parameter allows operation against Gen1 API if required.
  • Remove-PASSafeMember
    • Adds support for operation against Gen2 API introduced in PAS 12.2
    • Default operation now requires 12.2
    • UseGen1API parameter added to force operation against Gen1 API for earlier PAS versions.
  • Set-PASSafe
    • Adds Gen2 API capability introduced in 12.2.
    • Default operation is now via Gen2 API.
    • Addition of UseGen1API parameter allows operation against Gen1 API if required.
• New Commands
  • Get-PASAccountDetail
    • New experimental function developed using unofficial documentation
  • Revoke-PASJustInTimeAccess
    • New API function supported from 12.0 (previously missed)
    • Revokes requested JIT access.
  • Clear-PASLinkedAccount
    • Unlinks associated Logon/Reconcile/ExtraPass accounts
  • Get-PASPlatformSummary
    • Returns basic platform system type information
• Other Updates
  • Get-PASSafe
    • Implements Get Individual Safe details using Gen2 API feature of PAS 12.2.
    • Adds UseGen1API parameter to allow backward compatibility when using the SafeName parameter.
    • Changes depreciation of Gen1 API operations from 12.2 to 12.3.
  • Get-PASUser
    • New sort parameter added, supported from 12.2.
    • Added ability to filter by UserName using Gen2 API.
    • Gen1 search by UserName now accessible by also specifying the introduced UseGen1API parameter.
  • Get-PASGroup
    • New sort parameter added, supported from 12.2.
  • Add-PASGroupMember
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • New-PASUser
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • Remove-PASUser
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • Set-PASUser
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • Unblock-PASUser
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • Account Methods updated to apply to account details obtained via Gen2 API calls
    • VerifyPassword()
      • Updated method to use Invoke-PASCPMOperation
    • ChangePassword()
      • Updated method to use Invoke-PASCPMOperation
    • ReconcilePassword()
      • New method using Invoke-PASCPMOperation
    • GetDetails()
      • New method using Get-PASAccountDetail
  • Alias Removal
    • Removed alias values for previously depreciated command names