Linked Accounts

Linked accounts are Directory managed accounts that are linked to asset-based managed systems.

Directory accounts can be linked only to managed assets and managed databases.

Quick Navigation

• GET ManagedSystems/{systemID}/LinkedAccounts
• POST ManagedSystems/{systemID}/LinkedAccounts/{accountID}
• DELETE ManagedSystems/{systemID}/LinkedAccounts
• DELETE ManagedSystems/{systemID}/LinkedAccounts/{accountID}

GET ManagedSystems/{systemID}/LinkedAccounts

Purpose

Returns a list of linked directory managed accounts by managed system ID.

Required Permissions

Password Safe System Management (Read).

URL Parameters

systemID: ID of the managed system.

Request Body

None.

Response Body

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,

        ParentAccountID : int, // can be null
        IsSubscribedAccount : bool,
        LastChangeDate : datetime, // can be null
        NextChangeDate : datetime, // can be null
        IsChanging : bool,
        ChangeState : int,
        UseOwnCredentials : bool,
        ChangeIISAppPoolFlag : bool,
        RestartIISAppPoolFlag : bool,
        WorkgroupID : int, // can be null

        ChangeWindowsAutoLogonFlag : bool,
        ChangeComPlusFlag : bool,
        ChangeDComFlag : bool,
        ChangeSComFlag : bool,    
        },
    …
]

Response Body Details

• DomainName: The domain name for a domain-type account.
• AccountName: The name of the account.
• DistinguishedName: The distinguished name of an LDAP managed account.
• PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
• LoginAccountFlag: True if the account should use the managed system login account for SSH sessions, otherwise false.
• Description: A description of the account.
• PasswordRuleID: ID of the password rule assigned to this managed account.
• ApiEnabled: True if the account can be requested through the API, otherwise false.
• ReleaseNotificationEmail: Email address used for notification emails related to this managed account.
• ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
• RestartServicesFlag: True if services should be restarted after the run as password is changed (see ChangeServicesFlag), otherwise false.
• ReleaseDuration: (minutes: 1-525600) Default release duration.
• MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
• ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
• MaxConcurrentRequests: (0-999, 0 means unlimited) Maximum number of concurrent password requests for this account.
• AutoManagementFlag: True if password auto-management is enabled, otherwise false.
  • DSSAutoManagementFlag: True if DSS key auto-management is enabled, otherwise false.
  • CheckPasswordFlag: True to enable password testing, otherwise false.
  • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
  • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
  • ChangeFrequencyType: The change frequency for scheduled password changes:
    • first: Changes scheduled for the first day of the month.
    • last: Changes scheduled for the last day of the month.
    • xdays: Changes scheduled every x days (see ChangeFrequencyDays).
  • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
  • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
• ParentAccountID: If this is a subscribed account (see IsSubscribedAccount), this is the ID of the parent managed account.
• IsSubscribedAccount: True if the account is a synced or subscribed account, otherwise false.
• LastChangeDate: The date and time of the last password change.
• NextChangeDate: The date and time of the next scheduled password change.
• IsChanging: True if the account credentials are in the process of changing, otherwise false.
• ChangeState: The change state of the account credentials:
  • 0: Idle / no change taking place or scheduled within 5 minutes.
  • 1: Changing / managed account credential currently changing.
  • 2: Queued / managed account credential is queued to change or scheduled to change within 5 minutes.

For more information, please see Configure Subscriber Accounts.

Response Codes

200 - Request successful. Linked managed account in the response body.

For more information, please see Common Response Codes.

POST ManagedSystems/{systemID}/LinkedAccounts/{accountID}

Purpose

Links a directory managed account to the managed system referenced by ID.

Required Permissions

Password Safe System Management (Read/Write).

URL Parameters

• systemID: ID of the managed system.
• accountID: ID of the directory managed account.

Request Body

None.

Response Body

Content-Type: application/json

{
    ManagedAccountID : int,
    ManagedSystemID : int,
    DomainName : string,
    AccountName : string,
    DistinguishedName : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,

    ParentAccountID : int, // can be null
    IsSubscribedAccount : bool,
    LastChangeDate : datetime, // can be null
    NextChangeDate : datetime, // can be null
    IsChanging: bool,
    ChangeState : int,
    UseOwnCredentials : bool,
    ChangeIISAppPoolFlag : bool,
    RestartIISAppPoolFlag : bool,
    WorkgroupID : int, // can be null

    ChangeWindowsAutoLogonFlag : bool,
    ChangeComPlusFlag : bool,
    ChangeDComFlag : bool,
    ChangeSComFlag : bool,
}

Response Body Details

• AccountName: The name of the account.
• PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
• LoginAccountFlag: True if the account should use the managed system login account for SSH sessions, otherwise false.
• Description: A description of the account.
• PasswordRuleID: ID of the password rule assigned to this managed account.
• ApiEnabled: True if the account can be requested through the API, otherwise false.
• ReleaseNotificationEmail: Email address used for notification emails related to this managed account.
• ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
• RestartServicesFlag: True if services should be restarted after the run as password is changed (see ChangeServicesFlag), otherwise false.
• ReleaseDuration:(minutes: 1-525600) Default release duration.
• MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
• ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
• MaxConcurrentRequests: (0-999, 0 is unlimited) Maximum number of concurrent password requests for this account.
• AutoManagementFlag: True if password auto-management is enabled, otherwise false.
  • DSSAutoManagementFlag: True if DSS key auto-management is enabled, otherwise false.
  • CheckPasswordFlag: True to enable password testing, otherwise false.
  • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
  • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
  • ChangeFrequencyType: The change frequency for scheduled password changes:
    • first: Changes scheduled for the first day of the month.
    • last: Changes scheduled for the last day of the month.
    • xdays: Changes scheduled every x days (ChangeFrequencyDays).
  • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
  • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
• ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the parent managed account.
• IsSubscribedAccount: True if the account is a synced or subscribed account, otherwise false.
• LastChangeDate: The date and time of the last password change.
• NextChangeDate: The date and time of the next scheduled password change.
• IsChanging: True if the account credentials are in the process of changing, otherwise false.
• ChangeState: The change state of the account credentials:
  • 0: Idle / no change taking place or scheduled within 5 minutes.
  • 1: Changing / managed account credential currently changing.
  • 2: Queued / managed account credential is queued to change or scheduled to change within 5 minutes.

For more information, please see Configure Subscriber Accounts.

Response Codes

• 200 - Account was already linked. Directory Managed Account in the response body.
• 201 - Account was linked successfully. Directory Managed Account in the response body.

For more information, please see Common Response Codes.

DELETE ManagedSystems/{systemID}/LinkedAccounts

Purpose

Unlinks all directory managed accounts from the managed system by ID.

Required Permissions

Password Safe System Management (Read/Write).

URL Parameters

systemID: ID of the managed system.

Request Body

None.

Response Body

None.

Response Codes

200 - Request successful.

For more information, please see Common Response Codes.

DELETE ManagedSystems/{systemID}/LinkedAccounts/{accountID}

Purpose

Unlinks a directory managed account from the managed system by ID.

Required Permissions

Password Safe System Management (Read/Write).

URL Parameters

• systemID: ID of the managed system.
• accountID: ID of the directory managed account.

Request Body

None.

Response Body

None.

Response Codes

200 - Request successful.

For more information, please see Common Response Codes.