Linked Accounts
Linked accounts are Directory managed accounts that are linked to asset-based managed systems.
Directory accounts can be linked only to managed assets and managed databases.
Quick Navigation
- GET ManagedSystems/{systemID}/LinkedAccounts
- POST ManagedSystems/{systemID}/LinkedAccounts/{accountID}
- DELETE ManagedSystems/{systemID}/LinkedAccounts
- DELETE ManagedSystems/{systemID}/LinkedAccounts/{accountID}
GET ManagedSystems/{systemID}/LinkedAccounts
Purpose
Returns a list of linked directory managed accounts by managed system ID.
Required Permissions
Password Safe System Management (Read).
URL Parameters
systemID: ID of the managed system.
Request Body
None.
Response Body
Content-Type: application/json
[ { ManagedAccountID : int, ManagedSystemID : int, DomainName : string, AccountName : string, DistinguishedName : string, PasswordFallbackFlag : bool, LoginAccountFlag : bool, Description : string, PasswordRuleID : int, ApiEnabled : bool, ReleaseNotificationEmail : string, ChangeServicesFlag : bool, RestartServicesFlag : bool, ReleaseDuration : int, MaxReleaseDuration : int, ISAReleaseDuration : int, MaxConcurrentRequests : int, AutoManagementFlag : bool, DSSAutoManagementFlag : bool, CheckPasswordFlag : bool, ResetPasswordOnMismatchFlag : bool, ChangePasswordAfterAnyReleaseFlag : bool, ChangeFrequencyType : string, ChangeFrequencyDays : int, ChangeTime : string, ParentAccountID : int, // can be null IsSubscribedAccount : bool, LastChangeDate : datetime, // can be null NextChangeDate : datetime, // can be null IsChanging : bool, ChangeState : int, UseOwnCredentials : bool, ChangeIISAppPoolFlag : bool, RestartIISAppPoolFlag : bool, WorkgroupID : int, // can be null ChangeWindowsAutoLogonFlag : bool, ChangeComPlusFlag : bool, ChangeDComFlag : bool, ChangeSComFlag : bool, }, … ]
Response Body Details
- DomainName: The domain name for a domain-type account.
- AccountName: The name of the account.
- DistinguishedName: The distinguished name of an LDAP managed account.
- PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
- LoginAccountFlag: True if the account should use the managed system login account for SSH sessions, otherwise false.
- Description: A description of the account.
- PasswordRuleID: ID of the password rule assigned to this managed account.
- ApiEnabled: True if the account can be requested through the API, otherwise false.
- ReleaseNotificationEmail: Email address used for notification emails related to this managed account.
- ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
- RestartServicesFlag: True if services should be restarted after the run as password is changed (see ChangeServicesFlag), otherwise false.
- ReleaseDuration: (minutes: 1-525600) Default release duration.
- MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
- ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
- MaxConcurrentRequests: (0-999, 0 means unlimited) Maximum number of concurrent password requests for this account.
- AutoManagementFlag: True if password auto-management is enabled, otherwise false.
- DSSAutoManagementFlag: True if DSS key auto-management is enabled, otherwise false.
- CheckPasswordFlag: True to enable password testing, otherwise false.
- ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
- ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
- ChangeFrequencyType: The change frequency for scheduled password changes:
- first: Changes scheduled for the first day of the month.
- last: Changes scheduled for the last day of the month.
- xdays: Changes scheduled every x days (see ChangeFrequencyDays).
- ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
- ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
- ParentAccountID: If this is a subscribed account (see IsSubscribedAccount), this is the ID of the parent managed account.
- IsSubscribedAccount: True if the account is a synced or subscribed account, otherwise false.
- LastChangeDate: The date and time of the last password change.
- NextChangeDate: The date and time of the next scheduled password change.
- IsChanging: True if the account credentials are in the process of changing, otherwise false.
- ChangeState: The change state of the account credentials:
- 0: Idle / no change taking place or scheduled within 5 minutes.
- 1: Changing / managed account credential currently changing.
- 2: Queued / managed account credential is queued to change or scheduled to change within 5 minutes.
For more information, please see Configure Subscriber Accounts.
Response Codes
200 - Request successful. Linked managed account in the response body.
For more information, please see Common Response Codes.
POST ManagedSystems/{systemID}/LinkedAccounts/{accountID}
Purpose
Links a directory managed account to the managed system referenced by ID.
Required Permissions
Password Safe System Management (Read/Write).
URL Parameters
- systemID: ID of the managed system.
- accountID: ID of the directory managed account.
Request Body
None.
Response Body
Content-Type: application/json
{ ManagedAccountID : int, ManagedSystemID : int, DomainName : string, AccountName : string, DistinguishedName : string, PasswordFallbackFlag : bool, LoginAccountFlag : bool, Description : string, PasswordRuleID : int, ApiEnabled : bool, ReleaseNotificationEmail : string, ChangeServicesFlag : bool, RestartServicesFlag : bool, ReleaseDuration : int, MaxReleaseDuration : int, ISAReleaseDuration : int, MaxConcurrentRequests : int, AutoManagementFlag : bool, DSSAutoManagementFlag : bool, CheckPasswordFlag : bool, ResetPasswordOnMismatchFlag : bool, ChangePasswordAfterAnyReleaseFlag : bool, ChangeFrequencyType : string, ChangeFrequencyDays : int, ChangeTime : string, ParentAccountID : int, // can be null IsSubscribedAccount : bool, LastChangeDate : datetime, // can be null NextChangeDate : datetime, // can be null IsChanging: bool, ChangeState : int, UseOwnCredentials : bool, ChangeIISAppPoolFlag : bool, RestartIISAppPoolFlag : bool, WorkgroupID : int, // can be null ChangeWindowsAutoLogonFlag : bool, ChangeComPlusFlag : bool, ChangeDComFlag : bool, ChangeSComFlag : bool, }
Response Body Details
- AccountName: The name of the account.
- PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
- LoginAccountFlag: True if the account should use the managed system login account for SSH sessions, otherwise false.
- Description: A description of the account.
- PasswordRuleID: ID of the password rule assigned to this managed account.
- ApiEnabled: True if the account can be requested through the API, otherwise false.
- ReleaseNotificationEmail: Email address used for notification emails related to this managed account.
- ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
- RestartServicesFlag: True if services should be restarted after the run as password is changed (see ChangeServicesFlag), otherwise false.
- ReleaseDuration:(minutes: 1-525600) Default release duration.
- MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
- ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
- MaxConcurrentRequests: (0-999, 0 is unlimited) Maximum number of concurrent password requests for this account.
- AutoManagementFlag: True if password auto-management is enabled, otherwise false.
- DSSAutoManagementFlag: True if DSS key auto-management is enabled, otherwise false.
- CheckPasswordFlag: True to enable password testing, otherwise false.
- ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
- ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
- ChangeFrequencyType: The change frequency for scheduled password changes:
- first: Changes scheduled for the first day of the month.
- last: Changes scheduled for the last day of the month.
- xdays: Changes scheduled every x days (ChangeFrequencyDays).
- ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
- ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
- ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the parent managed account.
- IsSubscribedAccount: True if the account is a synced or subscribed account, otherwise false.
- LastChangeDate: The date and time of the last password change.
- NextChangeDate: The date and time of the next scheduled password change.
- IsChanging: True if the account credentials are in the process of changing, otherwise false.
- ChangeState: The change state of the account credentials:
- 0: Idle / no change taking place or scheduled within 5 minutes.
- 1: Changing / managed account credential currently changing.
- 2: Queued / managed account credential is queued to change or scheduled to change within 5 minutes.
For more information, please see Configure Subscriber Accounts.
Response Codes
- 200 - Account was already linked. Directory Managed Account in the response body.
- 201 - Account was linked successfully. Directory Managed Account in the response body.
For more information, please see Common Response Codes.
DELETE ManagedSystems/{systemID}/LinkedAccounts
Purpose
Unlinks all directory managed accounts from the managed system by ID.
Required Permissions
Password Safe System Management (Read/Write).
URL Parameters
systemID: ID of the managed system.
Request Body
None.
Response Body
None.
Response Codes
200 - Request successful.
For more information, please see Common Response Codes.
DELETE ManagedSystems/{systemID}/LinkedAccounts/{accountID}
Purpose
Unlinks a directory managed account from the managed system by ID.
Required Permissions
Password Safe System Management (Read/Write).
URL Parameters
- systemID: ID of the managed system.
- accountID: ID of the directory managed account.
Request Body
None.
Response Body
None.
Response Codes
200 - Request successful.
For more information, please see Common Response Codes.