Compatibility

Your version of CyberArk determines which functions of psPAS will be supported.

Function List

Check the below table to determine what functions are available for you to use:

The CyberArk Version listed is the minimum required to use the function.

CyberArk Version may affect available capabilities or function parameters. See Notes for more details.

If you are using version 9.7+, and the function being invoked requires version 9.8+, psPAS will attempt to confirm that your version of CyberArk meets the minimum version requirement.

Function Name	CyberArk Version	Description
`New-PASSession`	9.0 (Notes)	Authenticates a user to CyberArk Vault
`Close-PASSession`	9.0 (Notes)	Logoff from CyberArk Vault.
`Get-PASSession`	—	Get `psPAS` Session Data.
`Use-PASSession`	—	Set `psPAS` Session Data.
`Add-PASPublicSSHKey`	9.6	Adds an authorised public SSH key for a user.
`Get-PASPublicSSHKey`	9.6	Retrieves a user’s SSH Keys.
`Remove-PASPublicSSHKey`	9.6	Deletes a Public SSH Key from a user
`Add-PASAccountACL`	9.0	Adds a new privileged command rule to an account.
`Get-PASAccountACL`	9.0	Lists privileged commands rule for an account
`Remove-PASAccountACL`	9.0	Deletes privileged commands rule from an account
`Add-PASAccountGroupMember`	9.95	Adds an account as a member of an account group.
`Get-PASAccountGroup`	9.10 (Notes)	Returns account groups in a Safe.
`Get-PASAccountGroupMember`	9.10	Returns members of an account group.
`New-PASAccountGroup`	9.95	Adds a new account group
`Remove-PASAccountGroupMember`	9.10	Deletes a member of an account group
`Add-PASAccount`	9.0 (Notes)	Adds a new account.
`Add-PASPendingAccount`	9.7	Adds discovered account or SSH key as a pending account.
`Get-PASAccount`	9.3 (Notes)	Returns information about accounts.
`Get-PASAccountActivity`	9.7	Returns activities for an account.
`Get-PASAccountPassword`	9.7 (Notes)	Returns password for an account.
`Remove-PASAccount`	9.3 (Notes)	Deletes an account
`Set-PASAccount`	9.5 (Notes)	Updates details of an account.
`Invoke-PASCPMOperation`	9.7 (Notes)	Invoke CPM verify, change & reconcile tasks.
`Unlock-PASAccount`	9.10	Checks in an exclusive-use account.
`Add-PASApplication`	9.1	Adds a new application
`Add-PASApplicationAuthenticationMethod`	9.1	Add authentication method to an application
`Get-PASApplication`	9.1	Returns details of applications
`Get-PASApplicationAuthenticationMethod`	9.1	Returns application authentication methods
`Remove-PASApplication`	9.1	Deletes an application
`Remove-PASApplicationAuthenticationMethod`	9.1	Delete auth method from an application
`Import-PASConnectionComponent`	10.3	Imports a Connection Component
`New-PASPSMSession`	9.10 (Notes)	Get required parameters to connect through PSM
`Get-PASPSMRecording`	9.10 (Notes)	Get details of PSM Recording
`Get-PASPSMSession`	9.10 (Notes)	Get details of PSM Sessions
`Resume-PASPSMSession`	10.2	Resumes a Suspended PSM Session.
`Stop-PASPSMSession`	10.1	Terminates a PSM Session.
`Suspend-PASPSMSession`	10.2	Suspends a PSM Session.
`Get-PASOnboardingRule`	9.7	Gets automatic on-boarding rules
`New-PASOnboardingRule`	9.7 (Notes)	Adds a new on-boarding rule
`Remove-PASOnboardingRule`	9.7	Deletes an automatic on-boarding rule
`Get-PASPlatform`	9.10 (Notes)	Retrieves details of a specified platform.
`Import-PASPlatform`	10.2	Import a new platform
`Export-PASPlatform`	10.4	Export a platform
`Add-PASPolicyACL`	9.0	Adds a new privileged command rule
`Get-PASPolicyACL`	9.0	Lists OPM Rules for a policy
`Remove-PASPolicyACL`	9.0	Delete privileged commands from policy
`Approve-PASRequest`	9.10 (Notes)	Confirm a single request
`Deny-PASRequest`	9.10 (Notes)	Reject a single request
`Get-PASRequest`	9.10 (Notes)	List requests
`Get-PASRequestDetail`	9.10 (Notes)	Get request details
`New-PASRequest`	9.10 (Notes)	Creates an access request for an account
`Remove-PASRequest`	9.10 (Notes)	Deletes a request
`Add-PASSafeMember`	9.3	Adds a Safe Member to a safe
`Get-PASSafeMember`	9.7	Lists the members of a Safe
`Remove-PASSafeMember`	9.3	Removes a member from a safe
`Set-PASSafeMember`	9.3	Updates a Safe Member’s Permissions
`Add-PASSafe`	9.2	Adds a new safe
`Get-PASSafe`	9.7	Returns safe details
`Remove-PASSafe`	9.3	Deletes a safe
`Set-PASSafe`	9.3	Updates a safe
`Get-PASSafeShareLogo`	9.7	Returns details of SafeShare Logo
`Get-PASServer`	9.7	Returns details of the Web Service Server
`Get-PASServerWebService`	9.7	Returns details of the Web Service
`Get-PASComponentDetail`	10.1	Returns details about component instances.
`Get-PASComponentSummary`	10.1	Returns consolidated information about components.
`Add-PASGroupMember`	9.7 (Notes)	Adds a user as a group member
`Get-PASLoggedOnUser`	9.7	Returns details of the logged on user
`Get-PASUserLoginInfo`	10.4	Returns login details of the current user
`Get-PASUser`	9.7 (Notes)	Returns details of a user
`New-PASUser`	9.7 (Notes)	Creates a new user
`Remove-PASUser`	9.7 (Notes)	Deletes a user
`Set-PASUser`	9.7 (Notes)	Updates a user
`Unblock-PASUser`	9.7 (Notes)	Activates a suspended user
`Get-PASDirectory`	10.4 (Notes)	Get configured LDAP directories
`Add-PASDirectory`	10.4 (Notes)	Add a new LDAP directory
`New-PASDirectoryMapping`	10.4 (Notes)	Create a new LDAP directory mapping
`Add-PASPTARule`	10.4	Add a new Risky Commandrule to PTA
`Get-PASPTAEvent`	10.3	Get security events from PTA
`Set-PASPTAEvent`	11.3	Set status of PTA security events
`Get-PASPTARemediation`	10.4	Get automatic response config from PTA
`Get-PASPTARule`	10.4	List Risky Command rules from PTA
`Set-PASPTARemediation`	10.4	Update automaticresponse config in PTA
`Set-PASPTARule`	10.4	Update a Risky Commandrule in PTA
`Get-PASGroup`	10.5	Return group information
`Remove-PASGroupMember`	10.5	Remove group members
`Set-PASOnboardingRule`	10.5	Update Onboarding Rules
`Add-PASDiscoveredAccount`	10.5 (Notes)	Add discovered accounts to the Accounts Feed
`Connect-PASPSMSession`	10.5	Get required parameters to connect to a PSM Session
`Get-PASPSMSessionActivity`	10.6	Get activity details from an active PSM Session.
`Get-PASPSMSessionProperty`	10.6	Get property details from an active PSM Session.
`Get-PASPSMRecordingActivity`	10.6	Get activity details from a PSM Recording.
`Get-PASPSMRecordingProperty`	10.6	Get property details from a PSM Recording.
`Export-PASPSMRecording`	10.6	Save PSM Session Recording to a file.
`Request-PASAdHocAccess`	10.6	Request temporary access to a server.
`Get-PASDirectoryMapping`	10.7	Get details of configured directory mappings.
`Set-PASDirectoryMapping`	10.7 (Notes)	Update a configured directory mapping.
`Remove-PASDirectory`	10.7	Delete a directory configuration.
`Find-PASSafe`	10.1	List or Search Safes by name.
`Set-PASDirectoryMappingOrder`	10.10	Reorder Directory Mappings
`Set-PASUserPassword`	10.10	Reset a User’s Password
`New-PASGroup`	11.1	Create a new CyberArk group
`Get-PASPlatformSafe`	11.1	List details for all platforms
`Remove-PASDirectoryMapping`	11.1	Deletes a Directory Mapping
`Enable-PASCPMAutoManagement`	10.4	Enables Automatic CPM Management for an account
`Disable-PASCPMAutoManagement`	10.4	Disables Automatic CPM Management for an account
`Test-PASPSMRecording`	11.2	Determine validity of PSM Session Recording
`Copy-PASPlatform`	11.4	Duplicate a platform
`Enable-PASPlatform`	11.4	Enable a platform
`Disable-PASPlatform`	11.4	Disable a platform
`Remove-PASPlatform`	11.4	Delete a platform
`Remove-PASGroup`	11.5	Delete a user group
`Get-PASAllowedReferrer`	11.5	List PVWA Allowed Referrer
`Add-PASAllowedReferrer`	11.5	Add PVWA Allowed Referrer
`Get-PASAccountSSHKey`	11.5	Get Private SSH Key value of Account
`Get-PASAuthenticationMethod`	11.5	List authentication methods
`Add-PASAuthenticationMethod`	11.5	Add authentication method
`Set-PASAuthenticationMethod`	11.5	Update authentication method
`Get-PASConnectionComponent`	11.5	List configured connection components
`Get-PASPSMServer`	11.5	List configured PSM Servers
`Get-PASPlatformPSMConfig`	11.5	List Platform PSM configuration
`Set-PASPlatformPSMConfig`	11.5	Update Platform PSM configuration
`Start-PASAccountImportJob`	11.6	Add multiple accounts to existing Safes.
`Get-PASAccountImportJob`	11.6	Get status of account import
`New-PASAccountObject`	—	Format an object to include in an import list
`Get-PASDiscoveredAccount`	11.6	List discovered accounts
`Add-PASOpenIDConnectProvider`	11.7	Adds an OIDC Authentication Provider
`Get-PASOpenIDConnectProvider`	11.7	Gets details of configured OIDC Authentication Providers
`Remove-PASOpenIDConnectProvider`	11.7	Deletes an OIDC Authentication Provider
`Set-PASOpenIDConnectProvider`	11.7	Updates an OIDC Authentication Provider
`Remove-PASAuthenticationMethod`	11.7	Delete an authentication method

Notes

New-PASSession

Version 9.7 introduced a new Authentication Options:
- New Authentication Methods:
  - LDAP
  - RADIUS
  - Shared
  - SAML
Version 10.4 introduced a new Authentication Option.
- New Authentication Method:
  - Windows
Version 11.3 introduced support for concurrent API sessions.
Version 11.4 introduced updated support for SAML auth.
The 1st gen API endpoint can be used by specifying the -UseGen1API parameter.

Close-PASSession

The 1st gen API endpoint can be used by specifying the -UseGen1API parameter.

Get-PASAccountGroup

Version 10.5 introduced a new API endpoint.
The 1st gen API endpoint can be used by specifying the -UseGen1API parameter.

Add-PASAccount

Version 10.4 introduced a new API endpoint.
The 1st gen API endpoint can be used by using the ParameterSet which includes the -password parameter.

Get-PASAccount

11.4 introduced ability to filter by modificationTime
Version 10.4 introduced a new API endpoint.
- Supports:
  - Get details of all matching accounts.
The 1st gen API endpoint can be used by using the -Keywords & -Safe parameters.
- The 1st gen API is limited to returning the details of only 1 account.

Get-PASAccountPassword

Version 10.1 introduced a new API endpoint.
- Supports:
  - Specifying Reason for Access.
  - Supplying Ticketing Information.
  - Requesting specific password versions.
  - Return of SSH key.

Remove-PASAccount

Version 10.4 introduced a new API endpoint.
The 1st gen API endpoint can be used by specifying the -UseGen1API parameter.

Set-PASAccount

Version 10.4 introduced a new API endpoint.
- Supports:
  - Add/Update/Remove single account property.
  - Perform multiple update operations against account.
- Requires Parameters:
  - op (for single property update)
  - operations (for multiple updates)
The 1st gen API endpoint requires all of the account properties be passed to the function.
- Any current properties of the account not sent as part of the request will result in them being removed from the account.

Invoke-PASCPMOperation

Version 9.10 introduced a new API endpoint.
- Supports:
  - Verify/Change/Reconcile of password.
Version 10.1 introduced a new API endpoint.
- Supports:
  - Changing password to specific value.
  - Changing password only in the vault.
The 1st gen API endpoint can be used by:
- Using the -ImmediateChangeByCPM parameter.
- Specifying the -UseGen1API parameter.

New-PASPSMSession

Version 10.2 introduced a new API endpoint.
- Supports:
  - Connection via PSM GW.
Version 10.5 introduced a new API endpoint.
- Supports:
  - AdHoc Connect.

Get-PASPSMRecording

Version 10.6 introduced a new API endpoint.
- Supports:
  - Get recording details by RecordingID.

Get-PASPSMSession

Version 10.6 introduced a new API endpoint.
- Supports:
  - Get session details by liveSessionId.

New-PASOnboardingRule

Version 10.2 introduced a new API endpoint.
- Supports:
  - Additional filter options
- Requires Parameters:
  - DecisionSafeName
  - DecisionPlatformId

`-PASRequest`

The functions related to requests (Approve-PASRequest, Deny-PASRequest, Get-PASRequest, Get-PASRequestDetail, New-PASRequest & Remove-PASRequest), are documented as supported from version 9.10.
- Reports received from psPAS users, observing that these functions also work in version 9.9.

Add-PASGroupMember

Version 10.6 introduced a new API endpoint.
- Requires Parameters:
  - GroupID
  - UserID
The 1st gen API endpoint can be used by using the GroupName & UserName parameters.

Get-PASUser

Version 10.9 introduced a new API endpoint.
- Supports:
  - Additional query types.
Version 10.10 introduced a new API endpoint.
- Supports:
  - Get user by ID.
Version 11.5 returns additional group membership detail for user accounts.

New-PASUser

Version 10.9 introduced a new API endpoint.
- Supports:
  - Additional property parameters.

Unblock-PASUser

Version 10.10 introduced a new API endpoint.
- Requires Parameters:
  - userID
The 1st gen API endpoint can be used by using the userName parameter.

Get-PASDirectory

Version 10.5 introduced a new API endpoint.
- Supports:
  - Get directory details by id.

Add-PASDirectory

Version 10.7 introduced a new API endpoint.
- Requires Parameters:
  - DCList Parameter.

New-PASDirectoryMapping

Version 10.7 introduced a new API endpoint.
- Supports:
  - VaultGroups.
  - Location.
  - LDAP Query.
Version 10.10 introduced a new API endpoint.
- Supports:
  - UserActivityLogPeriod.

Set-PASDirectoryMapping

Version 10.10 introduced a new API endpoint.
- Supports:
  - UserActivityLogPeriod.

Add-PASDiscoveredAccount

Version 10.8 introduced a new API endpoint.
- Supports:
  - Account Dependency & AWS specific parameters
Version 11.7
- Supports
  - Azure specific parameter

Get-PASPlatform

Version 11.1 introduced a new API endpoint.
- Supports:
  - New options for finding platforms
Version 11.4 introduced new API endpoints
- Parameters added to enable more filtering options for querying target platforms
- Parameters addded to request details of dependent, group & rotational group platforms.
Version 9.10+ When specifying PlatformID
- if the platform properties contain a semicolon (‘;’), the API may not return the complete value.
  - noted for ChangeCommand, ReconcileCommand & ConnectionCommand properties

Remove-PASUser

Version 11.1 introduced a new API endpoint.
- Supports:
  - Delete User by ID

Set-PASUser

Version 11.1 introduced a new API endpoint.
- Supports:
  - Additional parameters for updating users.

Get-PASPTAEvent

Version 11.3 introduced new parameters for filtering events
- Supports:
  - status
  - fromUpdateDate
Version 11.4 introduced new parameters for filtering events
- Supports:
  - accountID