Linked Accounts

Linked Accounts are Directory Managed Accounts that are linked to Asset-based Managed Systems.

Directory Accounts can be linked only to managed Assets and managed Databases.

Quick Navigation

GET ManagedSystems/{systemID}/LinkedAccounts

Returns a list of linked Directory Managed Accounts by Managed System ID.

Password Safe System Management (Read)

systemID: ID of the Managed System.

None

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,

        ParentAccountID : int, // can be null
        IsSubscribedAccount : bool,
        LastChangeDate: datetime, // can be null
        NextChangeDate: datetime, // can be null
        IsChanging: bool
    },
    …
]
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (see ChangeServicesFlag), otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 means unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (see ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (see IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.

200 - Request successful. Linked Managed Account in the response body.

For more information, please see Common Response Codes.

POST ManagedSystems/{systemID}/LinkedAccounts/{accountID}

Links a Directory Managed Account to the Managed System referenced by ID.

Password Safe System Management (Read/Write)

  • systemID: ID of the Managed System.
  • accountID: ID of the Directory Managed Account.

None

Content-Type: application/json

{
    ManagedAccountID : int,
    ManagedSystemID : int,
    DomainName : string,
    AccountName : string,
    DistinguishedName : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,

    ParentAccountID : int, // can be null
    IsSubscribedAccount : bool,
    LastChangeDate: datetime, // can be null
    NextChangeDate: datetime, // can be null
    IsChanging: bool
}
  • AccountName: The name of the account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (see ChangeServicesFlag), otherwise false.
  • ReleaseDuration:(minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 is unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • 200 - Account was already linked. Directory Managed Account in the response body.
  • 201 - Account was linked successfully. Directory Managed Account in the response body.

For more information, please see Common Response Codes.

DELETE ManagedSystems/{systemID}/LinkedAccounts

Unlinks all Directory Managed Accounts from the Managed System by ID.

Password Safe System Management (Read/Write)

systemID: ID of the Managed System.

None

None

200 - Request successful.

For more information, please see Common Response Codes.

DELETE ManagedSystems/{systemID}/LinkedAccounts/{accountID}

Unlinks a Directory Managed Account from the Managed System by ID.

Password Safe System Management (Read/Write)

  • systemID: ID of the Managed System.
  • accountID: ID of the Directory Managed Account.

None

None

200 - Request successful.

For more information, please see Common Response Codes.