New-VPASToken

Synopsis
Description
Syntax
Parameters
Examples
Outputs

Supported Environments:

SelfHosted

SharedServices

PCloudStandard

Synopsis:

GET CYBERARK LOGIN TOKEN

Description:

USE THIS FUNCTION TO AUTHENTICATE INTO CYBERARK VIA ONPREM/PCLOUD STANDARD (RADIUS, CYBERARK, WINDOWS, SAML, LDAP, AUTHTOKEN) OR ISPSS (CYBERARK, OAUTH, AUTHTOKEN)

Syntax:

New-VPASToken [-PVWA] <String> [-AuthType] <String> [[-creds] <PSCredential>] [[-HideAscii]] [[-NoSSL]] [[-InitiateCookie]] [[-IDPLogin] <String>] [[-IdentityURL] <String>] [[-AuthToken] <String>] [[-EnableTextRecorder]] [[-HideWarnings]] [[-IdentityOnly]] [<CommonParameters>]

Parameters:

-PVWA <String>
The fully qualified domain name of the PVWA server for SelfHosted environments: server1.vman.com
The baseURL for saas environments: MyCompany.privilegecloud.cyberark.cloud

Required: true
Position: 1
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AuthType <String>
What method of authentication will be used
For saas environments, select the ispss options
Possible values: cyberark, radius, windows, ldap, saml, authtoken, ispss_oauth, ispss_cyberark, ispss_authtoken

Required: true
Position: 2
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-creds <PSCredential>
A credential object containing username and password

Required: false
Position: 3
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-HideAscii [<SwitchParameter>]
To remove the VPasModule logo from appearing in the console

Required: false
Position: 4
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-NoSSL [<SwitchParameter>]
If the environment is not set up for SSL, API calls will be made via HTTP not HTTPS (Not Recommended!)

Required: false
Position: 5
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-InitiateCookie [<SwitchParameter>]
Initiate a cookie variable that will be included in the header from call to call
Very useful in situations where stickiness or persistency is not enabled on PVWA loadbalancer

Required: false
Position: 6
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-IDPLogin <String>
For SAML authentication, the URL of the external IDP users get routed to to complete the SAML authentication challenges

Required: false
Position: 7
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-IdentityURL <String>
For saas environments, the tenant URL of Identity

Required: false
Position: 8
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AuthToken <String>
Provide login token generated externally

Required: false
Position: 9
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-EnableTextRecorder [<SwitchParameter>]
Enable Text Recording feature which will log out every API command, return value, and general information that is generated during the token session
The log file will be located in the current users AppData folder: C:\Users\{current_user}\AppData\Local\VPASModuleOutputs\APITextRecorder

Required: false
Position: 10
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-HideWarnings [<SwitchParameter>]
Hide any warning outputs from the console during the API session

Required: false
Position: 11
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-IdentityOnly [<SwitchParameter>]
Authenticate into Identity only
Useful when the account only has rights in Identity and NOT in PrivilegeCloud

Required: false
Position: 12
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug
ErrorAction, ErrorVariable, WarningAction, WarningVariable
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216)

Examples:

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType radius

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType cyberark

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType windows

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ldap

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType authtoken -AuthToken {AuthToken VALUE}

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType saml -IDPLogin {IDPLogin URL}

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ispss_oauth -IdentityURL {IdentityURL URL}

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ispss_cyberark -IdentityURL {IdentityURL URL}

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ispss_cyberark -IdentityURL {IdentityURL URL} -EnableTextRecorder -IdentityOnly

$token = New-VPASToken -PVWA {PVWA VALUE} -AuthType ispss_authtoken -IdentityURL {IdentityURL URL} -AuthToken {AuthToken VALUE}

Outputs:

If successful:
{
         "IdentityURL": "AA12345.id.cyberark.cloud",
         "SubDomain": "vman",
         "AuditTimeStamp": "08-17-2024_00-23-58",
         "VaultVersion": "14.2.0",
         "session": false,
         "EnableTextRecorder": {
                 "IsPresent": true
         },
         "pvwa": "vman.privilegecloud.cyberark.cloud",
         "NoSSL": {
                 "IsPresent": false
         },
         "ISPSS": true,
         "token": "...1rcg33vtyly...",
         "AuthenticatedAs": "vman@cyberark.cloud.1234",
         "HeaderType": "Bearer ...1rcg33vtyly...",
         "HideWarnings": {
                 "IsPresent": false
         }
}

$false if failed