v5.2.59

psPAS v5.2.59

• Fix
  • Resolves issue where Get-PASSafeMember would fail with error when using Gen2 API and specifying MemberName parameter.
  • Resolves issue where Set-PASSafe would fail with error when using Gen2 API.
    • (Thanks alexR148!).

v5.2.54

psPAS v5.2.54

• Fix
  • Added Request-PASJustInTimeAccess as Exported Function in psPAS.psd1.

v5.2.52

psPAS v5.2.52

Module update to cover all CyberArk 12.2 API features

• Breaking Changes
  • Request-PASJustInTimeAccess
    • Command renamed from Request-PASAdHocAccess in line with CyberArk feature nomenclature.
  • Get-PASSafeMember
    • Adds capability to get permissions for individual safe member using the Gen2 API from 12.2 onward.
    • Addition of UseGen1API parameter allows operation against Gen1 API if required.
  • Set-PASSafeMember
    • Adds Gen2 API capability introduced in 12.2.
    • Default operation is now via Gen2 API.
    • Addition of UseGen1API parameter allows operation against Gen1 API if required.
  • Remove-PASSafeMember
    • Adds support for operation against Gen2 API introduced in PAS 12.2
    • Default operation now requires 12.2
    • UseGen1API parameter added to force operation against Gen1 API for earlier PAS versions.
  • Set-PASSafe
    • Adds Gen2 API capability introduced in 12.2.
    • Default operation is now via Gen2 API.
    • Addition of UseGen1API parameter allows operation against Gen1 API if required.
• New Commands
  • Get-PASAccountDetail
    • New experimental function developed using unofficial documentation
  • Revoke-PASJustInTimeAccess
    • New API function supported from 12.0 (previously missed)
    • Revokes requested JIT access.
  • Clear-PASLinkedAccount
    • Unlinks associated Logon/Reconcile/ExtraPass accounts
  • Get-PASPlatformSummary
    • Returns basic platform system type information
• Other Updates
  • Get-PASSafe
    • Implements Get Individual Safe details using Gen2 API feature of PAS 12.2.
    • Adds UseGen1API parameter to allow backward compatibility when using the SafeName parameter.
    • Changes depreciation of Gen1 API operations from 12.2 to 12.3.
  • Get-PASUser
    • New sort parameter added, supported from 12.2.
    • Added ability to filter by UserName using Gen2 API.
    • Gen1 search by UserName now accessible by also specifying the introduced UseGen1API parameter.
  • Get-PASGroup
    • New sort parameter added, supported from 12.2.
  • Add-PASGroupMember
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • New-PASUser
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • Remove-PASUser
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • Set-PASUser
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • Unblock-PASUser
    • Added version check to prevent use of Gen1 API starting from 12.3 in line with documented plan for API depreciation
  • Account Methods updated to apply to account details obtained via Gen2 API calls
    • VerifyPassword()
      • Updated method to use Invoke-PASCPMOperation
    • ChangePassword()
      • Updated method to use Invoke-PASCPMOperation
    • ReconcilePassword()
      • New method using Invoke-PASCPMOperation
    • GetDetails()
      • New method using Get-PASAccountDetail
  • Alias Removal
    • Removed alias values for previously depreciated command names

v5.1.44

psPAS v5.1.44

• Updates
  • Get-PASGroup
    • Added includeMembers parameter based on this article.

v5.1.37

psPAS v5.1.37

• Updates
  • Resolves issue where the ConvertTo-UnixTime helper function provided invalid values when the culture was not 'en-US'.
    • (Thanks liamwh!).
  • Set-PASUser
    • Sets ValueFromPipelinebyPropertyName = $false for ExpiryDate parameter, avoids parameter validation exception when piping object representing user, such as the output from Get-PASUSer, into Set-PASUser.
  • Get-PASAccountPassword
    • MachineName parameter changed to string type (previously was incorrectly specified as switch)
    • Added UserName parameter & ToPsCredential() Method to enable return of Credential Object.
      • (Thanks zamothh!)

v5.1.21

psPAS v5.1.21

• Updates
  • Get-PASSession
    • Catch errors getting the username of the logged on user so session token and other information can still be extracted from the module scope.
  • Add-PASSafeMember
    • Makes InitiateCPMAccountManagementOperations non-mandatory; fixes issue introduced in 5.1.16.
  • Remove-PASGroupMember
    • Resolves issue where attempting to remove group member with an '@' symbol in the user name reported a 404 error.
  • Get-PASPlatform
    • Fixes issue where expected output was not displayed when using the platforms parameterset.

v5.1.16

psPAS v5.1.16

• Updates
  • New-PASSession
    • Introduce support for providing response to RADIUS challenges featuring sub-options.
    • Fixes Gen2 SAML Authentication:
      • Code to get SAML Response via SSO using default credentials updated to correctly format authentication request.
      • SAMLResponse Parameter added for user to provide their own SAMLResponse as string value.
  • Add-PASSafeMember
    • Fixes issue where some permissions may not be applied when piping object into function and using the Gen2 API.

v5.0.0

psPAS v5.0.0

Module update to cover all CyberArk 12.0 & 12.1 API features

• Breaking Changes
  • Get-PASSafeMember, Add-PASSafe, Get-PASSafe, Add-PASSafeMember, Remove-PASSafe
    • Default operation of these functions is now to use the Gen2 API.
    • The -UseGen1API Parameter can be specified to force use of the Gen1 API for the following commands:
      • Get-PASSafeMember
      • Add-PASSafeMember
      • Add-PASSafe
      • Remove-PASSafe
  • Find-PASSafe
    • External changes to the API mean Find-PASSafe cannot be used past version 11.7.
    • Equivalent API functionality now exists in Get-PASSafe using the Gen2 ParameterSet.
• New Functions For CyberArk Version 12.0:
  • New-PASAccountPassword
    • Defines a password value based on the policy for an account
  • Set-PASGroup
    • Updates vault groups
• New Functions For CyberArk version 12.1:
  • Clear-PASDiscoveredAccountList
    • Clears Pending Accounts List
  • Get-PASAccountPasswordVersion
    • Returns details of available password versions
  • Set-PASLinkedAccount
    • Associates Linked Logon & Reconcile accounts
  • New-PASPrivateSSHKey
    • Generates new MFA Caching Private SSH Key
  • Remove-PASPrivateSSHKey
    • Deletes an MFA Caching Private SSH Key
  • Clear-PASPrivateSSHKey
    • Removes all MFA Caching Private SSH Keys
• Updated Functions For CyberArk Version 12.0:
  • Get-PASSafeMember
    • Updated to use the new Gen2 API endpoint available from version 12.0
    • MemberName Parameter depreciated past 12.2
  • Add-PASSafe
    • Updated to use the new Gen2 API endpoint available from version 12.0
  • Get-PASSafe
    • Updated to use the new Gen2 API endpoint available from version 12.0
• Updated Functions For CyberArk Version 12.1:
  • Add-PASSafeMember
    • Updated to use the new Gen2 API endpoint available from version 12.1
    • Gen 1 will not work post 12.2
  • Get-PASSafeMember
    • Updated to include new filter parameters available from version 12.1
    • Additional Gen2 Parameters available
  • Get-PASSafe
    • Updated to include new Parameter available in 12.1
  • Remove-PASSafe
    • Updated to use the new Gen2 API endpoint available from version 12.1
    • Gen 1 will not work post 12.2
  • Get-PASUser
    • Updated to include the new ExtendedDetails parameter available from version 12.1
    • Additional Gen2 Parameter available
• Other
  • Get-PASAccount
    • Removed depreciated Parameter offset
    • Removed depreciated Parameter limit

v4.5.90

psPAS v4.5.90

v4.5.87

psPAS v4.5.87