Provisioning

Quick Navigation

GET ManagedAccounts/{id}

Returns a Managed Account by ID.

Password Safe Account Management (Read)

id: ID of the Managed Account.

None

Content-Type: application/json

{
    ManagedAccountID : int,
    ManagedSystemID : int,
    DomainName : string,
    AccountName : string,
    DistinguishedName : string,
    PasswordFallbackFlag : bool,
    UserPrincipalName : string,
    SAMAccountName : string,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,

    ParentAccountID : int, // can be null
    IsSubscribedAccount : bool,
    LastChangeDate: datetime, // can be null
    NextChangeDate: datetime, // can be null
    IsChanging: bool
    UseOwnCredentials: bool,
    WorkgroupID : int // can be null
}
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • UserPrincipalName: (Active Directory Managed Systems only) The account User Principal Name of an Active Directory account.
  • SAMAccountName: (Active Directory Managed Systems only) The account SAM Account Name of an Active Directory account.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, default: 1) Maximum number of concurrent password requests for this account. A value of zero denotes unlimited requests.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • UseOwnCredentials: True if the current account credentials should be used during change operations, otherwise false.
  • WorkgroupID: ID of the assigned Workgroup.

200 - Request successful. Managed Account in the response body.

For more information, please see Common Response Codes.

GET ManagedSystems/{systemID}/ManagedAccounts

Returns a list of Managed Accounts by Managed System ID.

Password Safe Account Management (Read)

systemID: ID of the Managed System.

None

Content-Type: application/json

[
{
    ManagedAccountID : int,
    ManagedSystemID : int,
    DomainName : string,
    AccountName : string,
    DistinguishedName : string,
    PasswordFallbackFlag : bool,
    UserPrincipalName : string,
    SAMAccountName : string,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,

    ParentAccountID : int, // can be null
    IsSubscribedAccount : bool,
    LastChangeDate: datetime, // can be null
    NextChangeDate: datetime, // can be null
    IsChanging: bool
    UseOwnCredentials: bool,
    WorkgroupID : int // can be null
    },
    …
]
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • UserPrincipalName: (Active Directory Managed Systems only) The account User Principal Name of an Active Directory account.
  • SAMAccountName: (Active Directory Managed Systems only) The account SAM Account Name of an Active Directory account.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, default: 1) Maximum number of concurrent password requests for this account. A value of zero denotes unlimited requests.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • WorkgroupID: ID of the assigned Workgroup.

200 - Request successful. Managed Account in the response body.

For more information, please see Common Response Codes.

GET ManagedSystems/{systemID}/ManagedAccounts?name={name}

Returns a Managed Account by Managed System ID and Managed Account name.

Password Safe Account Management (Read)

systemID: ID of the Managed System.

name: Name of the Managed Account.

None

Content-Type: application/json

{
    ManagedAccountID : int,
    ManagedSystemID : int,
    DomainName : string,
    AccountName : string,
    DistinguishedName : string,
    PasswordFallbackFlag : bool,
    UserPrincipalName : string,
    SAMAccountName : string,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,

    ParentAccountID : int, // can be null
    IsSubscribedAccount : bool,
    LastChangeDate: datetime, // can be null
    NextChangeDate: datetime, // can be null
    IsChanging: bool
    UseOwnCredentials: bool,
    WorkgroupID : int // can be null
}
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • UserPrincipalName: (Active Directory Managed Systems only) The account User Principal Name of an Active Directory account.
  • SAMAccountName: (Active Directory Managed Systems only) The account SAM Account Name of an Active Directory account.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, default: 1) Maximum number of concurrent password requests for this account. A value of zero denotes unlimited requests.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • UseOwnCredentials: True if the current account credentials should be used during change operations, otherwise false.
  • WorkgroupID: ID of the assigned Workgroup.

200 - Request successful. Managed Account in the response body.

PUT ManagedAccounts/{id}

Updates an existing Managed Account by ID.

Password Safe Account Management (Read/Write)

  • id: ID of the Managed Account.
  • version: (optional, default: 3.0) Request body model version (3.0, 3.1, 3.2)

Content-Type: application/json

{
    AccountName : string,
    ManagedSystemID: int,
    Password : string,
    PrivateKey : string,
    Passphrase : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
    NextChangeDate : date-formatted string
}

Content-Type: application/json

{ 
    AccountName : string,
    Password : string,
    DomainName : string,
    UserPrincipalName : string,
    SAMAccountName : string,
    DistinguishedName : string,
    PrivateKey : string,
    Passphrase : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
    NextChangeDate : date-formatted string,
    UseOwnCredentials : bool
}

Content-Type: application/json

{ 
    AccountName : string,
    Password : string,
    DomainName : string,
    UserPrincipalName : string,
    SAMAccountName : string,
    DistinguishedName : string,
    PrivateKey : string,
    Passphrase : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
    NextChangeDate : date-formatted string,
    UseOwnCredentials : bool,
    ChangeIISAppPoolFlag : bool,
    RestartIISAppPoolFlag : bool
}

Content-Type: application/json

{ 
    AccountName : string,
    Password : string,
    DomainName : string,
    UserPrincipalName : string,
    SAMAccountName : string,
    DistinguishedName : string,
    PrivateKey : string,
    Passphrase : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
    NextChangeDate : date-formatted string,
    UseOwnCredentials : bool,
    ChangeIISAppPoolFlag : bool,
    RestartIISAppPoolFlag : bool,
    WorkgroupID : int // can be null
}
  • AccountName: (required) The name of the account. Must be unique on the system. Max string length is 245.
  • ManagedSystemID: (required) ID of the Managed System.
  • Password: (required if AutoManagementFlag is false) The account password.
  • DomainName: (optional) This can be given but it must be exactly the same as the Directory. If empty or null, it will be automatically populated from the parent Managed System/Directory. Max string length is 50.
  • UserPrincipalName: (required for Active Directory Managed Systems only) The Active Directory User Principal Name. Max string length is 500.
  • SAMAccountName: (required for Active Directory Managed Systems only) The Active Directory SAM Account Name (Maximum 20 characters). Max string length is 20.
  • DistinguishedName: (required for LDAP Directory managed systems only) The LDAP Distinguished Name. Max string length is 1000.
  • PrivateKey: DSS Private Key. Can be set if Platform.DSSFlag is true.
  • Passphrase: (required when PrivateKey is an encrypted DSS key) DSS Passphrase. Can be set if Platform.DSSFlag is true.
  • PasswordFallbackFlag: (default: false) True if failed DSS authentication can fall back to password authentication, otherwise false. Can be set if Platform.DSSFlag is true.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false. Can be set when the ManagedSystem.LoginAccountID is set.
  • Description: A description of the account. Max string length is 1024.
  • PasswordRuleID: (default: 0) ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: (default: false) True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account. Max string length is 255.
  • ChangeServicesFlag: (default: false) True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: (default: false) True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: (default: false) True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600, default: 120) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600, default: 525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600, default: 120) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 is unlimited, default: 1) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: (default: false) True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: (default: false) True if DSS Key auto-management is enabled, otherwise false. If set to true, and no PrivateKey is provided, immediately attempts to generate and set a new public key on the Server. Can be set if Platform.DSSAutoManagementFlag is true.
    • CheckPasswordFlag: (default: false) True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: (default: false) True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: (default: false) True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: (default: first) The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59, default: 23:30) UTC time of day scheduled password changes take place.
    • NextChangeDate: (date format: YYYY-MM-DD) UTC date when next scheduled password change will occur. If the NextChangeDate + ChangeTime is in the past, password change will occur at the nearest future ChangeTime.
    • UseOwnCredentials: (version 3.1+) True if the current account credentials should be used during change operations, otherwise false.
    • ChangeIISAppPoolFlag: (version 3.2 only) True if IIS Application Pools run, as this user should be updated with the new password after a password change, otherwise false.
    • RestartIISAppPoolFlag: (version 3.2 only) True if IIS Application Pools should be restarted after the run as password is changed (ChangeIISAppPoolFlag), otherwise false.
    • WorkgroupID: ID of the assigned Workgroup.

Content-Type: application/json

{
    ManagedAccountID : int,
    ManagedSystemID : int,
    DomainName : string,
    AccountName : string,
    DistinguishedName : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,

    ParentAccountID : int, // can be null
    IsSubscribedAccount : bool,
    LastChangeDate: datetime, // can be null
    NextChangeDate: datetime, // can be null
    IsChanging: bool
    UseOwnCredentials: bool
}

200 - Request successful. Managed Account in the response body.

For more information, please see Common Response Codes.

POST ManagedSystems/{systemID}/ManagedAccounts

Creates a new Managed Account in the Managed System referenced by ID.

Password Safe Account Management (Read/Write)

systemID: ID of the Managed System.

version: (optional, default: 3.0) Request body model version (3.0, 3.1, 3.2)

Content-Type: application/json

{
    AccountName : string,
    Password : string,
    DomainName : string,
    UserPrincipalName : string,
    SAMAccountName : string,
    DistinguishedName : string,
    PrivateKey : string,
    Passphrase : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
    NextChangeDate : date-formatted string
}

Content-Type: application/json

{ 
    AccountName : string,
    Password : string,
    DomainName : string,
    UserPrincipalName : string,
    SAMAccountName : string,
    DistinguishedName : string,
    PrivateKey : string,
    Passphrase : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
    NextChangeDate : date-formatted string,
    UseOwnCredentials : bool
}

Content-Type: application/json

{ 
    AccountName : string,
    Password : string,
    DomainName : string,
    UserPrincipalName : string,
    SAMAccountName : string,
    DistinguishedName : string,
    PrivateKey : string,
    Passphrase : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
    NextChangeDate : date-formatted string,
    UseOwnCredentials : bool,
    ChangeIISAppPoolFlag : bool,
    RestartIISAppPoolFlag : bool
}

Content-Type: application/json

{ 
    AccountName : string,
    Password : string,
    DomainName : string,
    UserPrincipalName : string,
    SAMAccountName : string,
    DistinguishedName : string,
    PrivateKey : string,
    Passphrase : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
    NextChangeDate : date-formatted string,
    UseOwnCredentials : bool,
    ChangeIISAppPoolFlag : bool,
    RestartIISAppPoolFlag : bool,
    WorkgroupID : int // can be null
}
  • AccountName: (required) The name of the account. Must be unique on the system. Max string length is 245.
  • Password: (required if AutoManagementFlag is false) The account password.
  • DomainName: (optional) This can be given but it must be exactly the same as the Directory. If empty or null, it will be automatically populated from the parent Managed System/Directory. Max string length is 50.
  • UserPrincipalName: (required for Active Directory Managed Systems only) The Active Directory User Principal Name. Max string length is 500.
  • SAMAccountName: (required for Active Directory Managed Systems only) The Active Directory SAM Account Name (Maximum 20 characters). Max string length is 20.
  • DistinguishedName: (required for LDAP Directory managed systems only) The LDAP Distinguished Name. Max string length is 1000.
  • PrivateKey: DSS Private Key. Can be set if Platform.DSSFlag is true.
  • Passphrase: (required when PrivateKey is an encrypted DSS key) DSS Passphrase. Can be set if Platform.DSSFlag is true.
  • PasswordFallbackFlag: (default: false) True if failed DSS authentication can fall back to password authentication, otherwise false. Can be set if Platform.DSSFlag is true.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false. Can be set when the ManagedSystem.LoginAccountID is set.
  • Description: A description of the account. Max string length is 1024.
  • PasswordRuleID: (default: 0) ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: (default: false) True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account. Max string length is 255.
  • ChangeServicesFlag: (default: false) True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: (default: false) True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: (default: false) True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600, default: 120) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600, default: 525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600, default: 120) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 is unlimited, default: 1) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: (default: false) True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: (default: false) True if DSS Key auto-management is enabled, otherwise false. If set to true, and no PrivateKey is provided, immediately attempts to generate and set a new public key on the server. Can be set if Platform.DSSAutoManagementFlag is true.
    • CheckPasswordFlag: (default: false) True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: (default: false) True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: (default: false) True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: (default: first) The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59, default: 23:30) UTC time of day scheduled password changes take place.
    • NextChangeDate: (date format: YYYY-MM-DD) UTC date when next scheduled password change will occur. If the NextChangeDate + ChangeTime is in the past, password change will occur at the nearest future ChangeTime.
    • UseOwnCredentials: (version 3.1+) True if the current account credentials should be used during change operations, otherwise false.
    • ChangeIISAppPoolFlag: (version 3.2 only) True if IIS Application Pools run as this user should be updated with the new password after a password change, otherwise false.
    • RestartIISAppPoolFlag: (version 3.2 only) True if IIS Application Pools should be restarted after the run as password is changed (ChangeIISAppPoolFlag), otherwise false.
    • WorkgroupID: ID of the assigned Workgroup.

Content-Type: application/json

{
    ManagedAccountID : int,
    ManagedSystemID : int,
    DomainName : string,
    AccountName : string,
    DistinguishedName : string,
    PasswordFallbackFlag : bool,
    UserPrincipalName : string,
    SAMAccountName : string,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ChangeTasksFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,

    ParentAccountID : int, // can be null
    IsSubscribedAccount : bool,
    LastChangeDate: datetime, // can be null
    NextChangeDate: datetime, // can be null
    IsChanging: bool
    UseOwnCredentials : bool,
    ChangeIISAppPoolFlag: bool,
    RestartIISAppPoolFlag: bool
}
  • AccountName: The name of the account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • UserPrincipalName: (Active Directory Managed Systems only) The account User Principal Name of an Active Directory account.
  • SAMAccountName: (Active Directory Managed Systems only) The account SAM Account Name of an Active Directory account.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 means unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account, this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • UseOwnCredentials: True if the current account credentials should be used during change operations, otherwise false.
  • ChangeIISAppPoolFlag: True if IIS Application Pools run as this user should be updated with the new password after a password change, otherwise false.
  • RestartIISAppPoolFlag: True if IIS Application Pools should be restarted after the run as password is changed, otherwise false.
  • WorkgroupID: ID of the assigned Workgroup.

201 - Request successful. Managed Account in the response body.

For more information, please see Common Response Codes.

DELETE ManagedAccounts/{id}

Deletes a Managed Account by ID.

Password Safe Account Management (Read/Write)

id: ID of the Managed Account.

None

None

200 - Request successful.

For more information, please see Common Response Codes.

DELETE ManagedSystems/{systemID}/ManagedAccounts/{accountName}

Deletes a Managed Account by Managed System ID and Managed Account name.

Password Safe Account Management (Read/Write)

  • systemID: ID of the Managed System.
  • accountName: Name of the Managed Account.

None

None

200 - Request successful.

For more information, please see Common Response Codes.

DELETE ManagedSystems/{id}/ManagedAccounts

Deletes all Managed Accounts on the Managed System by ID.

Password Safe Account Management (Read/Write)

  • id: ID of the Managed System

None

None

200 - Request successful.

For more information, please see Common Response Codes.