Synced Accounts

Synced Accounts are Managed Accounts subscribed/synced to another Managed Account.

Quick Navigation

GET ManagedAccounts/{id}/SyncedAccounts

Returns a list of subscribed/synced Managed Accounts by Managed Account ID.

Password Safe Account Management (Read)

id: ID of the parent Managed Account.

None

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,

        ParentAccountID : int, // can be null
        IsSubscribedAccount : bool,
        LastChangeDate: datetime, // can be null
        NextChangeDate: datetime, // can be null
        IsChanging: bool
    },
    …
]
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 is unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.

200 – Request successful. Linked Managed Account in the response body.

For more information, please see Common Response Codes.

POST ManagedAccounts/{id}/SyncedAccounts/{syncedAccountID}

Subscribes/syncs a Managed Account to the Managed Account referenced by ID.

Password Safe Account Management (Read/Write)

  • id: ID of the parent Managed Account
  • syncedAccountID: ID of the synced Managed Account

None

Content-type: application/json

{
    ManagedAccountID : int,
    ManagedSystemID : int,
    DomainName : string,
    AccountName : string,
    DistinguishedName : string,
    PasswordFallbackFlag : bool,
    LoginAccountFlag : bool,
    Description : string,
    PasswordRuleID : int,
    ApiEnabled : bool,
    ReleaseNotificationEmail : string,
    ChangeServicesFlag : bool,
    RestartServicesFlag : bool,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,
    MaxConcurrentRequests : int,

    AutoManagementFlag : bool,
    DSSAutoManagementFlag : bool,
    CheckPasswordFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,

    ParentAccountID : int, // can be null
    IsSubscribedAccount : bool,
    LastChangeDate: datetime, // can be null
    NextChangeDate: datetime, // can be null
    IsChanging: bool
}
  • AccountName: The name of the account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled:True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 means unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • 200 – Account was already synced. Managed Account in the response body.
  • 201 – Account was synced successfully. Managed Account in the response body.

For more information, please see Common Response Codes.

DELETE ManagedAccounts/{id}/SyncedAccounts

Unsubscribes/unsyncs all Managed Accounts from the parent Managed Account by ID.

Password Safe Account Management (Read/Write)

id: ID of the parent Managed Account

None

None

200 – Request successful.

For more information, please see Common Response Codes.

DELETE ManagedAccounts/{id}/SyncedAccounts/{syncedAccountID}

Unsubscribes/unsyncs a Managed Account from the Managed Account by ID.

Password Safe Account Management (Read/Write)

  • id: ID of the parent Managed Account
  • syncedAccountID: ID of the synced Managed Account

None

None

200 – Request successful.

For more information, please see Common Response Codes.