Compatibility

Your version of CyberArk determines which functions of psPAS will be supported.

Function List

Check the below table to determine what functions are available for you to use:

The CyberArk Version listed is the minimum required to use the function.

CyberArk Version may affect available capabilities or function parameters. See Notes for more details.

If you are using version 9.7+, and the function being invoked requires version 9.8+, psPAS will attempt to confirm that your version of CyberArk meets the minimum version requirement.

Function Name	CyberArk Version	Description
New-PASSession	9.0 (Notes)	Authenticates a user to CyberArk Vault
Close-PASSession	9.0 (Notes)	Logoff from CyberArk Vault.
Get-PASSession	—	Get psPAS Session Data.
Use-PASSession	—	Set psPAS Session Data.
Add-PASPublicSSHKey	9.6	Adds an authorised public SSH key for a user.
Get-PASPublicSSHKey	9.6	Retrieves a user’s SSH Keys.
Remove-PASPublicSSHKey	9.6	Deletes a Public SSH Key from a user
Add-PASAccountACL	9.0	Adds a new privileged command rule to an account.
Get-PASAccountACL	9.0	Lists privileged commands rule for an account
Remove-PASAccountACL	9.0	Deletes privileged commands rule from an account
Add-PASAccountGroupMember	9.95	Adds an account as a member of an account group.
Get-PASAccountGroup	9.10 (Notes)	Returns account groups in a Safe.
Get-PASAccountGroupMember	9.10	Returns members of an account group.
New-PASAccountGroup	9.95	Adds a new account group
Remove-PASAccountGroupMember	9.10	Deletes a member of an account group
Add-PASAccount	9.0 (Notes)	Adds a new account.
Add-PASPendingAccount	9.7	Adds discovered account or SSH key as a pending account.
Get-PASAccount	9.3 (Notes)	Returns information about accounts.
Get-PASAccountActivity	9.7	Returns activities for an account.
Get-PASAccountPassword	9.7 (Notes)	Returns password for an account.
Remove-PASAccount	9.3 (Notes)	Deletes an account
Set-PASAccount	9.5 (Notes)	Updates details of an account.
Invoke-PASCPMOperation	9.7 (Notes)	Invoke CPM verify, change & reconcile tasks.
Unlock-PASAccount	9.10	Checks in an exclusive-use account.
Add-PASApplication	9.1	Adds a new application
Add-PASApplicationAuthenticationMethod	9.1	Add authentication method to an application
Get-PASApplication	9.1	Returns details of applications
Get-PASApplicationAuthenticationMethod	9.1	Returns application authentication methods
Remove-PASApplication	9.1	Deletes an application
Remove-PASApplicationAuthenticationMethod	9.1	Delete auth method from an application
Import-PASConnectionComponent	10.3	Imports a Connection Component
Get-PASPSMConnectionParameter	9.10 (Notes)	Get required parameters to connect through PSM
Get-PASPSMRecording	9.10 (Notes)	Get details of PSM Recording
Get-PASPSMSession	9.10 (Notes)	Get details of PSM Sessions
Resume-PASPSMSession	10.2	Resumes a Suspended PSM Session.
Stop-PASPSMSession	10.1	Terminates a PSM Session.
Suspend-PASPSMSession	10.2	Suspends a PSM Session.
Get-PASOnboardingRule	9.7	Gets automatic on-boarding rules
New-PASOnboardingRule	9.7 (Notes)	Adds a new on-boarding rule
Remove-PASOnboardingRule	9.7	Deletes an automatic on-boarding rule
Get-PASPlatform	9.10 (Notes)	Retrieves details of a specified platform.
Import-PASPlatform	10.2	Import a new platform
Export-PASPlatform	10.4	Export a platform
Add-PASPolicyACL	9.0	Adds a new privileged command rule
Get-PASPolicyACL	9.0	Lists OPM Rules for a policy
Remove-PASPolicyACL	9.0	Delete privileged commands from policy
Approve-PASRequest	9.10 (Notes)	Confirm a single request
Deny-PASRequest	9.10 (Notes)	Reject a single request
Get-PASRequest	9.10 (Notes)	List requests
Get-PASRequestDetail	9.10 (Notes)	Get request details
New-PASRequest	9.10 (Notes)	Creates an access request for an account
Remove-PASRequest	9.10 (Notes)	Deletes a request
Add-PASSafeMember	9.3	Adds a Safe Member to a safe
Get-PASSafeMember	9.7	Lists the members of a Safe
Remove-PASSafeMember	9.3	Removes a member from a safe
Set-PASSafeMember	9.3	Updates a Safe Member’s Permissions
Add-PASSafe	9.2	Adds a new safe
Get-PASSafe	9.7	Returns safe details
Remove-PASSafe	9.3	Deletes a safe
Set-PASSafe	9.3	Updates a safe
Get-PASSafeShareLogo	9.7	Returns details of SafeShare Logo
Get-PASServer	9.7	Returns details of the Web Service Server
Get-PASServerWebService	9.7	Returns details of the Web Service
Get-PASComponentDetail	10.1	Returns details about component instances.
Get-PASComponentSummary	10.1	Returns consolidated information about components.
Add-PASGroupMember	9.7 (Notes)	Adds a user as a group member
Get-PASLoggedOnUser	9.7	Returns details of the logged on user
Get-PASUserLoginInfo	10.4	Returns login details of the current user
Get-PASUser	9.7 (Notes)	Returns details of a user
New-PASUser	9.7 (Notes)	Creates a new user
Remove-PASUser	9.7 (Notes)	Deletes a user
Set-PASUser	9.7 (Notes)	Updates a user
Unblock-PASUser	9.7 (Notes)	Activates a suspended user
Get-PASDirectory	10.4 (Notes)	Get configured LDAP directories
Add-PASDirectory	10.4 (Notes)	Add a new LDAP directory
New-PASDirectoryMapping	10.4 (Notes)	Create a new LDAP directory mapping
Add-PASPTARule	10.4	Add a new Risky Commandrule to PTA
Get-PASPTAEvent	10.3	Get security events from PTA
Set-PASPTAEvent	11.3	Set status of PTA security events
Get-PASPTARemediation	10.4	Get automatic response config from PTA
Get-PASPTARule	10.4	List Risky Command rules from PTA
Set-PASPTARemediation	10.4	Update automaticresponse config in PTA
Set-PASPTARule	10.4	Update a Risky Commandrule in PTA
Get-PASGroup	10.5	Return group information
Remove-PASGroupMember	10.5	Remove group members
Set-PASOnboardingRule	10.5	Update Onboarding Rules
Add-PASDiscoveredAccount	10.5 (Notes)	Add discovered accounts to the Accounts Feed
Connect-PASPSMSession	10.5	Get required parameters to connect to a PSM Session
Get-PASPSMSessionActivity	10.6	Get activity details from an active PSM Session.
Get-PASPSMSessionProperty	10.6	Get property details from an active PSM Session.
Get-PASPSMRecordingActivity	10.6	Get activity details from a PSM Recording.
Get-PASPSMRecordingProperty	10.6	Get property details from a PSM Recording.
Export-PASPSMRecording	10.6	Save PSM Session Recording to a file.
Request-PASAdHocAccess	10.6	Request temporary access to a server.
Get-PASDirectoryMapping	10.7	Get details of configured directory mappings.
Set-PASDirectoryMapping	10.7 (Notes)	Update a configured directory mapping.
Remove-PASDirectory	10.7	Delete a directory configuration.
Find-PASSafe	10.1	List or Search Safes by name.
Set-PASDirectoryMappingOrder	10.10	Reorder Directory Mappings
Set-PASUserPassword	10.10	Reset a User’s Password
New-PASGroup	11.1	Create a new CyberArk group
Get-PASPlatformSafe	11.1	List details for all platforms
Remove-PASDirectoryMapping	11.1	Deletes a Directory Mapping
Enable-PASCPMAutoManagement	10.4	Enables Automatic CPM Management for an account
Disable-PASCPMAutoManagement	10.4	Disables Automatic CPM Management for an account
Test-PASPSMRecording	11.2	Determine validity of PSM Session Recording

Notes

New-PASSession

• Version 9.7 introduced a new Authentication Options:
  • New Authentication Methods:
    • LDAP
    • RADIUS
    • Shared
    • SAML
• Version 10.4 introduced a new Authentication Option.
  • New Authentication Method:
    • Windows
• Version 11.3 introduced support for concurrent API sessions.
• Version 11.4 introduced updated support for SAML auth.
• The Classic API endpoint can be used by specifying the -UseClassicAPI parameter.

Close-PASSession

• The Classic API endpoint can be used by specifying the -UseClassicAPI parameter.

Get-PASAccountGroup

• Version 10.5 introduced a new API endpoint.
• The Classic API endpoint can be used by specifying the -UseClassicAPI parameter.

Add-PASAccount

• Version 10.4 introduced a new API endpoint.
• The Classic API endpoint can be used by using the ParameterSet which includes the -password parameter.

Get-PASAccount

• Version 10.4 introduced a new API endpoint.
  • Supports:
    • Get details of all matching accounts.
• The Classic API endpoint can be used by using the -Keywords & -Safe parameters.
  • The Classic API is limited to returning the details of only 1 account.

Get-PASAccountPassword

• Version 10.1 introduced a new API endpoint.
  • Supports:
    • Specifying Reason for Access.
    • Supplying Ticketing Information.
    • Requesting specific password versions.
    • Return of SSH key.

Remove-PASAccount

• Version 10.4 introduced a new API endpoint.
• The Classic API endpoint can be used by specifying the -UseClassicAPI parameter.

Set-PASAccount

• Version 10.4 introduced a new API endpoint.
  • Supports:
    • Add/Update/Remove single account property.
    • Perform multiple update operations against account.
  • Requires Parameters:
    • op (for single property update)
    • operations (for multiple updates)
• The Classic API endpoint requires all of the account properties be passed to the function.
  • Any current properties of the account not sent as part of the request will result in them being removed from the account.

Invoke-PASCPMOperation

• Version 9.10 introduced a new API endpoint.
  • Supports:
    • Verify/Change/Reconcile of password.
• Version 10.1 introduced a new API endpoint.
  • Supports:
    • Changing password to specific value.
    • Changing password only in the vault.
• The Classic API endpoint can be used by:
  • Using the -ImmediateChangeByCPM parameter.
  • Specifying the -UseClassicAPI parameter.

Get-PASPSMConnectionParameter

• Version 10.2 introduced a new API endpoint.
  • Supports:
    • Connection via PSM GW.
• Version 10.5 introduced a new API endpoint.
  • Supports:
    • AdHoc Connect.

Get-PASPSMRecording

• Version 10.6 introduced a new API endpoint.
  • Supports:
    • Get recording details by RecordingID.

Get-PASPSMSession

• Version 10.6 introduced a new API endpoint.
  • Supports:
    • Get session details by liveSessionId.

New-PASOnboardingRule

• Version 10.2 introduced a new API endpoint.
  • Supports:
    • Additional filter options
  • Requires Parameters:
    • DecisionSafeName
    • DecisionPlatformId

*-PASRequest*

• The functions related to requests (Approve-PASRequest, Deny-PASRequest, Get-PASRequest, Get-PASRequestDetail, New-PASRequest & Remove-PASRequest), are documented as supported from version 9.10.
  • Reports received from psPAS users, observing that these functions also work in version 9.9.

Add-PASGroupMember

• Version 10.6 introduced a new API endpoint.
  • Requires Parameters:
    • GroupID
    • UserID
• The Classic API endpoint can be used by using the GroupName & UserName parameters.

Get-PASUser

• Version 10.9 introduced a new API endpoint.
  • Supports:
    • Additional query types.
• Version 10.10 introduced a new API endpoint.
  • Supports:
    • Get user by ID.

New-PASUser

• Version 10.9 introduced a new API endpoint.
  • Supports:
    • Additional property parameters.

Unblock-PASUser

• Version 10.10 introduced a new API endpoint.
  • Requires Parameters:
    • userID
• The Classic API endpoint can be used by using the userName parameter.

Get-PASDirectory

• Version 10.5 introduced a new API endpoint.
  • Supports:
    • Get directory details by id.

Add-PASDirectory

• Version 10.7 introduced a new API endpoint.
  • Requires Parameters:
    • DCList Parameter.

New-PASDirectoryMapping

• Version 10.7 introduced a new API endpoint.
  • Supports:
    • VaultGroups.
    • Location.
    • LDAP Query.
• Version 10.10 introduced a new API endpoint.
  • Supports:
    • UserActivityLogPeriod.

Set-PASDirectoryMapping

• Version 10.10 introduced a new API endpoint.
  • Supports:
    • UserActivityLogPeriod.

Add-PASDiscoveredAccount

• Version 10.8 introduced a new API endpoint.
  • Supports:
    • Account Dependancy & AWS specific parameters

Get-PASPlatform

• Version 11.1 introduced a new API endpoint.
  • Supports:
    • New options for finding platforms

Remove-PASUser

• Version 11.1 introduced a new API endpoint.
  • Supports:
    • Delete User by ID

Set-PASUser

• Version 11.1 introduced a new API endpoint.
  • Supports:
    • Additional parameters for updating users.

Get-PASPTAEvent

• Version 11.4 introduced new parameters for filtering events
  • Supports:
    • status
    • accountID