Updates & Changelog

Expand a version to view New commands, Bug fixes, Miscellaneous Notes, and Breaking Changes.

Roadmap / In‑Progress

Invoke-VPASReporting: Build upon this command to add more reporting capabilities such as Discovered Accounts, Account Compliance, etc.
Metrics (general): expand the metric capabilities to other fields of CyberArk (other components, other requests, etc), as well as enhancing the visual outputs
Expand further into CyberArk's Identity APIs
Expand further into CyberArk's ConnectorManagement APIs
Expand further into CyberArk's DPA/SIA APIs
Expand further into -WhatIf parameter and build upon the implications of -WhatIf parameter
Introduce -EnableTroubleshooting flag to self diagnose failed api calls and provide reasons as to why
Standardize the LOG file created by the -APITextRecording parameter
Invoke-VPASHealthCheck: dip into other various services (SIA, Identity, CM, etc.) and report on best practices
Better optimize current commands for a more seamless experience

v14.6.0 Published July 20, 2025

New Commands

New-VPASMFACacheSSHKey: Generate a new MFA Cache SSH Key for current user or on behalf of another user
Remove-VPASMFACacheSSHKey: Remove an MFA cache SSH Key for current user, on behalf of a user, or for all users
Get-VPASStoredPlatformDetails: Retrieve details for a temporarily stored platform
Remove-VPASStoredPlatform: Delete a temporarily stored platform
Set-VPASStoredPlatform: Overwrites a platform with the temporarily stored platform
Import-VPASStoredPlatform: Import a stored platform with new values to clear platform conflict
Get-VPASMasterPolicySettings: Retrieve Master Policy settings for a target platform
Update-VPASMasterPolicySettings: Update Master Policy setting for a target platform
Get-VPASAllMasterPolicySettings: Retrieve Master Policy settings for all target platforms
Get-VPASAllDependentAccounts: Retrieve all dependent accounts (usages) in the environment
Get-VPASDependentAccounts: Retrieve dependent accounts (usages) attached to an account
Get-VPASDependentAccountDetails: Retrieve details for a dependent account (usages)
Add-VPASDependentAccount: Add a dependent account (usage)
Remove-VPASDependentAccount: Remove a dependent account (usage)
Resume-VPASDependentAccount: Resume a dependent account (usage) that has been disabled by either CPM or user
Push-VPASDependentAccountSecret: Push or Sync a secret to a dependent account (usage)
Update-VPASDependentAccount: update a property for a dependent account (usage)
Add-VPASOnboardingRule: Add an onboarding rule for automatic onboarding
Get-VPASAllOnboardingRules: Retrieve all onboarding rules for automatic onboarding in the environment
Get-VPASOnboardingRules: Retrieve onboarding rules for automatic onboarding in the environment via search query
Remove-VPASOnboardingRule: delete an existing onboarding rule for automatic onboarding in the environment
Get-VPASAllReports: Retrieve all reports available to the current user
Get-VPASAllTasks: Retrieve all scheduled reports available to the current user
Get-VPASIdentityAllApplicationTemplates: Retrieve all application templates from Identity
Get-VPASIdentityApplicationTemplates: Retrieve application templates from Identity based on a search query
Get-VPASIdentityApplicationDetails: Retrieve details for an application in Identity
Get-VPASIdentityAllApplications: Retrieve details for all applications in Identity
Get-VPASIdentityApplications: Retrieve details for an application in Identity based on a search query
Test-VPASIdentityApplicationCatalog: Tests to see if the application is still available in the application catalog

Bug Fixes

Invoke-VPASCredentialProvider: fixed bug if password being pulled contained a comma would return incorrect values
Update-VPASAccountFields: fixed case sensitivity issue that prevented updating "RemoteMachinesAccess" parameter for an account
Get-VPASAllPlatforms: fixed bug where -ExportToCSV would display incorrect information if Get-VPASAllTargetPlatforms was run instead
Remove-VPASAuthenticationMethod: fixed bug where -WhatIf did not function correctly if the target authentication method does not exist

Miscellaneous Notes

Updated Metrics: Updated the metrics output and graphs for the following commands:

Invoke-VPASMetricsAccounts

Invoke-VPASMetricsCPM

Invoke-VPASMetricsPlatforms

Invoke-VPASMetricsProviders

Invoke-VPASMetricsPSM

Breaking Changes

None: I actively try to keep it this way 😎

v14.4.1 Published February 5, 2025

New Commands

Get-VPASSearchProperties: retrieve the search properties that can be used to search for an account (SelfHosted only at this time)
Get-VPASEmptySafes: returns a list of safes that do not have any accounts stored inside (based on safe permissions)
Get-VPASEmptyPlatforms: returns a list of platforms that do not have any accounts attached to it
Get-VPASAccountDetailsExtended: returns extended data for an account object such as compliance, dependencies, etc.
Get-VPASAccountCompliance: returns the compliance status for accounts in cyberark based on a search query
Invoke-VPASHealthCheck: runs several checks on an environment and prints out recommendations on the following (READ ONLY, does not make any changes):

Account Compliance: reports on accounts that are non compliant

Component Status: reports on any disconnected components

Empty Safes: reports on any safes that do not contain accounts

Inactive Platforms: reports on accounts that are assigned to inactive platforms

Inactive User: reports on any users that have not logged into the system in the last 365 days

Application Authentications: reports on any appIDs that have been created with no authentication methods

reports on unused providers that have not been added to any safes

reports on unused appIDs that have been created but not assigned to any safes

reports on active platforms that have no accounts assigned to them

reports on active CPMs that are not assigned to any safe

reports on unused or unknown connection components (psm connectors)

reports on unused or unknown PSMServerIDs that have not been assigned to any platform

Version Check: reports on components that do not match the vault version

Find-VPASTargetValue: queries the environment to find a target value, queries the following:

Safes: name, description, and creator

SafeMembers: member name

Accounts: name, address, username, required properties, optional properties

Platforms: ID, name, description, required properties, optional properties

EPVUsers: username, firstname, lastname

EPVGroups: name, description

ApplicationIDs: ID, owner email, owner first name, owner last name

ApplicationID Authentications: auth value

Roles: ID, name, description

Identities: display name, name, mail, description

Get-VPASAllCustomThemes: retrieve all custom themes in the environment
Get-VPASCustomTheme: retrieve details for a custom theme
Enable-VPASCustomTheme: enable a custom theme
Disable-VPASCustomTheme: disable custom theme and revert back to default theme
Get-VPASCurrentCustomTheme: retrieve details for the currently enabled custom theme
Remove-VPASCustomTheme: deletes a custom theme in the environment
Update-VPASCustomThemeDraft: update a custom themes isDraft property

Bug Fixes

Platform related commands: to prevent the following error from appearing "ErrorCode: CAWS00001E, ErrorMessage: The given key was not present in the dictionary" the following commands will run Get-VPASAllTargetPlatforms instead of Get-VPASAllPlatforms:

Get-VPASAllPlatforms

Get-VPASPlatformDetailsSearch

Get-VPASSQLPlatforms

Get-VPASReporting

CyberArk Community

Miscellaneous Notes

New-VPASToken: -HideWarnings parameter ADDED to supress any output to the console, for cosmetics
Get-VPASAccountDetails: -ExactMatch parameter ADDED to return values with an exact match (not a wildcard search)
Get-VPASPSMSessions: -FromTime and -ToTime parameters ADDED to filter search to a specified date range
Invoke-VPASMetricsAccounts: reworked the logic for AccountCompliance metric to utilize Get-VPASAccountCompliance
Get-VPASIncomingRequestDetails: changed return type from a hashtable to an array for consistency purposes
Get-VPASAccountRequestDetails: changed return type from a hashtable to an array for consistency purposes
New flags added -ExportToCSV and -CSVDirectory to export the results to a csv file:

Disable-VPASCustomTheme

Enable-VPASCustomTheme

Find-VPASTargetValue

Get-VPASAccountActivity

Get-VPASAccountCompliance

Get-VPASAccountDetails

Get-VPASAccountDetailsExtended

Get-VPASAccountGroupMembers

Get-VPASAccountGroups

Get-VPASAccountRequestDetails

Get-VPASActiveSessionActivities

Get-VPASActiveSessionProperties

Get-VPASActiveSessions

Get-VPASAllAccountRequests

Get-VPASAllAccounts

Get-VPASAllActiveSessions

Get-VPASAllApplications

Get-VPASAllConnectionComponents

Get-VPASAllCustomThemes

Get-VPASAllDirectories

Get-VPASAllEPVGroups

Get-VPASAllEPVUsers

Get-VPASAllGroupPlatforms

Get-VPASAllIncomingRequests

Get-VPASAllowedIPs

Get-VPASAllowedReferrer

Get-VPASAllPlatforms

Get-VPASAllPSMServers

Get-VPASAllPSMSessions

Get-VPASAllRotationalPlatforms

Get-VPASAllSafes

Get-VPASAllTargetPlatforms

Get-VPASAllUsagePlatforms

Get-VPASApplicationAuthentications

Get-VPASApplicationDetails

Get-VPASAuthenticationMethods

Get-VPASCMAllComponents

Get-VPASCMAllConnectorComponents

Get-VPASCMAllConnectorPools

Get-VPASCMAllConnectors

Get-VPASCMComponentLogList

Get-VPASCMConnectorComponentDetails

Get-VPASCMConnectorDetails

Get-VPASCMConnectorPoolDetails

Get-VPASCMConnectors

Get-VPASCurrentCustomTheme

Get-VPASCurrentEPVUserDetails

Get-VPASCustomTheme

Get-VPASDirectoryDetails

Get-VPASDirectoryMappingDetails

Get-VPASDirectoryMappings

Get-VPASDPAAllPolicies

Get-VPASDPAAllStrongAccounts

Get-VPASDPAAllStrongAccountSets

Get-VPASDPAPolicies

Get-VPASDPASettings

Get-VPASDPAStrongAccountDetails

Get-VPASDPAStrongAccounts

Get-VPASEmptyPlatforms

Get-VPASEmptySafes

Get-VPASEPVGroupDetails

Get-VPASEPVUserDetails

Get-VPASEPVUserDetailsSearch

Get-VPASEPVUserTypes

Get-VPASGroupPlatformDetails

Get-VPASIdentityAdminSecurityQuestion

Get-VPASIdentityAllAdminSecurityQuestions

Get-VPASIdentityAllRoles

Get-VPASIdentityAllUsers

Get-VPASIdentityCurrentUserDetails

Get-VPASIdentityCurrentUserSecurityQuestions

Get-VPASIdentityRoleDetails

Get-VPASIdentityRoles

Get-VPASIdentityTenantDetails

Get-VPASIdentityUserDetails

Get-VPASIdentityUserSecurityQuestions

Get-VPASIncomingRequestDetails

Get-VPASPasswordHistory

Get-VPASPlatformDetails

Get-VPASPlatformDetailsSearch

Get-VPASPSMSessionActivities

Get-VPASPSMSessionDetails

Get-VPASPSMSessionProperties

Get-VPASPSMSessions

Get-VPASPSMSettingsByPlatformID

Get-VPASRotationalPlatformDetails

Get-VPASSafeDetails

Get-VPASSafeMembers

Get-VPASSafeMemberSearch

Get-VPASSafes

Get-VPASSafesByPlatformID

Get-VPASSearchProperties

Get-VPASSpecificAuthenticationMethod

Get-VPASSystemComponents

Get-VPASSystemHealth

Get-VPASUsagePlatformDetails

Get-VPASVaultDetails

Get-VPASVaultVersion

Invoke-VPASHealthCheck

Remove-VPASCustomTheme

Update-VPASCustomThemeDraft

Breaking Changes

HideWarnings parameter: -HideWarnings parameter is now handled as part of New-VPASToken command, the -HideWarnings parameter has been removed from the following commands:

Add-VPASApplicationAuthentication

Add-VPASSafe

Get-VPASAccountDetails

Get-VPASDiscoveredAccountsDependencies

Invoke-VPASAccountPasswordAction

Add-VPASApplication

Add-VPASAccount: CHANGED -extraprops from a string to hashtable like so: @{PropertyName1 = "PropertyValue1"}, update any scripts using this command passing extra platform properties

v14.3.0 Published November 20, 2024

New Commands

None

Bug Fixes

None to report

Miscellaneous Notes

ParameterSets: Added ParameterSets to every command to help avoid adding unnecessary parameters to an API call
InputParameters: Added -InputParameters flag to every command to support passing an object directly to the API call containing required + optional parameters
New-VPASToken: Added new AuthTypes (Added new flag -AuthToken to support two new AuthTypes):

ispss_AuthToken: support the ability to provide an Identity login token generated externally

AuthToken: support the ability to provide a token generated externally

Update-VPASAccountFields: Added AutomaticManagementEnabled and ManualManagementReason as editable fields (same fields as Status and StatusReason)

Status and StatusReason will still work, but recommended to switch to AutomaticManagementEnabled (status) and ManualManagementReason (StatusReason) sooner rather then later

Breaking Changes

Add-VPASSafeMember: -MemberType parameter flipped to MANDATORY to reflect the change in the API call
- Add -MemberType and a value to any script using Add-VPASSafeMember
Update-VPASSafe: Removed OLACEnabled as an editable field, this field can not be updated and should not have been functioning to begin with
LookupBy + LookupVal parameter: -LookupBy parameter and -LookupVal parameter have been replaced with -EPVUsername and -EPVUserID

For any commands using the syntax: "-LookupBy Username -LookupVal TargetUsername" replace with "-EPVUsername TargetUsername"

For any commands using the syntax: "-LookupBy UserID -LookupVal TargetID" replace with "-EPVUserID TargetID"

Affected Commands:

Enable-VPASEPVUser

Disable-VPASEPVUser

Get-VPASEPVUserDetails

Reset-VPASEPVUserPassword

Remove-VPASEPVUser

Update-VPASEPVUser

GroupLookupBy + GroupLookupVal parameter: -GroupLookupBy parameter and -GroupLookupVal parameter have been replaced with -GroupName and -GroupID

For any commands using the syntax: "-GroupLookupBy GroupName -GroupLookupVal TargetGroupName" replace with "-GroupName TargetGroupName"

For any commands using the syntax: "-GroupLookupBy GroupID -GroupLookupVal TargetGroupID" replace with "-GroupID TargetGroupID"

Affected Commands:

Add-VPASMemberEPVGroup

Remove-VPASEPVGroup

Update-VPASEPVGroup

Remove-VPASMemberEPVGroup

v14.2.2 Published August 22, 2024

New Commands

None

Bug Fixes

InitiateCPMAccountManagementOperations: Automatically adding -InitiateCPMAccountManagementOperations safe permission when adding -SpecifyNextAccountContent as it is a requirement for adding this safe permission, affects the following commands:

Add-VPASBulkSafeMembers

Update-VPASSafeMember

Add-VPASSafeMember

File Path Issue: Fixed file path issue preventing saving and opening generated RDPFiles, affects the following commands:

Watch-VPASActivePSMSession

New-VPASPSMSession

API Limit: Fixed issue where api call would only return the first 1,000 PSMSessions, command will now loop until all sessions are captured that fit the search criteria, affects the following commands:

Get-VPASPSMSessions

Get-VPASAllPSMSessions

Invoke-VPASMetricsProviders: fixed bug on reporting "A null key is not allowed in a hash literal"

Miscellaneous Notes

Get-VPASAllPSMSessions: -Confirm parameter added to confirm running the command as it WILL take some time to query all PSMSessions depending on retention period and size of the environment
Search + Ignore Parameters: Query parameters and ignore parameters have been added to the Metrics commands to better target or ignore certain data sets from appearing in the results, following parameters added to these commands:

Invoke-VPASMetricsCPM: -SafeSearchQuery and -IgnoreSafes have been added

Invoke-VPASMetricsAccounts: -SafeSearchQuery, PlatformSearchQuery, UsernameSearchQuery, -IgnoreSafes, -IgnorePlatforms, and -IgnoreUsernames have been added

Invoke-VPASMetricsPlatforms: -SafeSearchQuery, PlatformSearchQuery, UsernameSearchQuery, -IgnoreSafes, -IgnorePlatforms, and -IgnoreUsernames have been added

Invoke-VPASMetricsProviders: -SafeSearchQuery, PlatformSearchQuery, UsernameSearchQuery, -IgnoreSafes, -IgnorePlatforms, and -IgnoreUsernames have been added

Invoke-VPASMetricsPSM: -PlatformSearchQuery, -UsernameSearchQuery, -IgnorePlatforms, and -IgnoreUsernames have been added

Breaking Changes

limit parameter: -limit parameter REMOVED, command will now loop until all results are retrieved instead of prompting for an upper limit, affecting the following commands:

Invoke-VPASReporting

Get-VPASSafes

v14.2.1 Published July 17, 2024

New Commands

New-VPASDPASetupScript: Generate an installation script that will deploy an SIA/DPA connector
Get-VPASDPAPolicies: Retrieve details for policies in SIA/DPA via search query
Get-VPASDPAAllPolicies: Retrieve details for all policies in SIA/DPA
Get-VPASDPAPolicyDetails: Retrieve details for a specific policy in SIA/DPA
Remove-VPASDPAPolicy: Delete a policy from SIA/DPA
Get-VPASDPASettings: Retrieve SIA/DPA configurations and settings
Get-VPASDPAAllStrongAccountSets: Retrieve all strong account sets from SIA/DPA
Get-VPASDPAAllStrongAccounts: Retrieve details for all strong accounts from SIA/DPA
Get-VPASDPAStrongAccounts: Retrieve details for strong accounts from SIA/DPA via search query
Get-VPASDPAStrongAccountDetails: Retrieve details for a specific strong account from SIA/DPA
Remove-VPASDPAStrongAccount: Delete a strong account from SIA/DPA
Get-VPASCMAllComponents: Retrieve details for all components from ConnectorManagement
Get-VPASCMAllConnectors: Retrieve details for all connectors from ConnectorManagement
Get-VPASCMConnectorDetails: Retrieve details for a specific ConnectorManagement connector
Get-VPASCMConnectors: Retrieve details for ConnectorManagement connectors via search query
Get-VPASCMAllConnectorComponents: Retrieve details for all components in a specific ConnectorManagement connector
Get-VPASCMConnectorComponentDetails: Retrieve details for a component in a specific ConnectorManagement connector via search query
Get-VPASCMComponentLogList: Retrieve available log list for a component in a ConnectorManagement connector
Get-VPASCMComponentLogs: Retrieve logs for a component in a ConnectorManagement connector
Get-VPASCMAllConnectorPools: Retrieve details for all available pools from ConnectorManagement
Get-VPASCMConnectorPoolDetails: Retrieve details of a pool assigned to a ConnectorManagement connector
Invoke-VPASCentralCredentialProvider: Pull password for an account object via Central Credential Provider (CCP)
Invoke-VPASCredentialProvider: Pull password for an account object via Credential Provider (CP)

Bug Fixes

None to report

Miscellaneous Notes

HideRawData: Parameter added to hide raw data from the metric outputs, helpful when exporting the output as a pdf or document, affecting the following commands:

Invoke-VPASMetricsAccounts

Invoke-VPASMetricsCPM

Invoke-VPASMetricsPlatforms

Invoke-VPASMetricsProviders

Invoke-VPASMetricsPSM

Breaking Changes

None: I actively try to keep it this way 😎

v14.2.0 Published June 20, 2024

New Commands

Invoke-VPASMetricsPlatforms: Generate Platform related metrics:

Amount of Accounts Assigned to which Platforms

Amount of Accounts Assigned to Platforms with Automatic vs Manual Rotation Flows

Amount of Accounts Assigned to Platforms with Automatic vs Manual Verification Flows

Invoke-VPASMetricsProviders: Generate Provider related metrics

Amount of safes that contain ApplicationIDs

Amount of accounts that can be pulled via the providers

Get-VPASAllDiscoveredAccounts: Get all discovered accounts in the pending safe list

Bug Fixes

WhatIf: -WhatIf parameter has been fixed for the following commands:

Remove-VPASSafeMember

Remove-VPASPlatform

Remove-VPASMemberEPVGroup

Remove-VPASIdentityRole

Remove-VPASEPVGroup

Remove-VPASApplication

Remove-VPASAccount

Miscellaneous Notes

Invoke-VPASReporting: Added two new reporting metrics:

ApplicationIDAuthentications: lists out every authentication method required by each ApplicationID

PlatformLinkedAccounts: lists out every linked account found on each platform

Breaking Changes

Get-VPASCurrentEPVUserDetails: no longer works for privilegecloud standard environments, logic placed to handle that
Invoke-VPASUserLicense: does not work for SelfHosted environments, message will now display stating that instead of just failing

v14.1.0 Published May 18, 2024

New Commands

Invoke-VPASMetricsPSM: Generate PSM related metrics:

PSM sessions in the last X days

PSM servers utilized in the last X days

PSM connection components used in the last X days

Users connecting via PSM in the last X days

Invoke-VPASMetricsCPM: Generate CPM related metrics:

CPMs assigned to safes

CPMs assigned to accounts

CPM management status

Invoke-VPASMetricsAccounts: Generate Account related metrics:

Onboarded account types

Accounts onboarded in the last X days

Account compliance status

Get-VPASAllowedIPs: retrieve the allowed or whitelisted IPs that cyberark cloud communicates with
Add-VPASAllowedIPs: add an allowed or whitelisted IP for cyberark cloud to communicate to
Get-VPASAllEPVUsers: retrieve all EPVUser details
Import-VPASConnectionComponent: imports a zip folder holding the contents for a connection component
Add-VPASAccountRequest: create an account request for an account with dual control enabled
Get-VPASAccountRequestDetails: retrieve details for an existing account request made by user
Get-VPASAllAccountRequests: retrieve all account requests made by user
Remove-VPASAccountRequest: delete an existing account request made by user
Get-VPASAllIncomingRequests: retrieve all incoming requests made by users
Get-VPASIncomingRequestDetails: retrieve details for an incoming request made by users
Approve-VPASIncomingRequest: approve an incoming request for an account requiring approval
Deny-VPASIncomingRequest: deny an incoming request for an account requiring approval
Invoke-VPASUserLicenseReport: run a report to display current license usage
Get-VPASAllTargetPlatforms: retrieve all target platform details

Bug Fixes

None to report

Miscellaneous Notes

New-VPASToken: -HideWarnings parameter ADDED to supress any output to the console, for cosmetics
Get-VPASPSMSessions: -FromTime and -ToTime parameters ADDED to filter search to a specified date range

Breaking Changes

None: I actively try to keep it this way 😎

v14.0.3 Published March 12, 2024

New Commands

Get-VPASEPVUserTypes: Retrieve the various types of EPV users (SelfHosted Only)
Get-VPASAllEPVGroups: Retrieve all EPVGroups
Get-VPASAllSafes: Retrieve all Safes
Get-VPASAllAccounts: Retrieve all Accounts
Get-VPASAccountPrivateSSHKey: Retrieve private SSH Key and save to a PEM file
Get-VPASAllPlatforms: Retrieve all platforms details
Get-VPASAllRotationalPlatforms: Retrieve all rotational group platforms details
Get-VPASAllGroupPlatforms: Retrieve all group platforms details
Get-VPASAllUsagePlatforms: Retrieve all usage platforms details
Get-VPASIdentityAllRoles: Retrieve all roles in Identity
Get-VPASAllActiveSessions: Retrieve all active sessions
Get-VPASAllPSMSessions: Retrieve all psm sessions

Bug Fixes

Get-VPASPlatformDetailsSearch: return value now returns all platform properties
New-VPASToken: fixed the APITextRecording to handle the different tenants with retrieving the current logged in user

Miscellaneous Notes

Add-VPASSafeMember: Added the ability to input a hashtable of safe permissions (Hashtable of permissions will take priority over the flags passed)
Get-VPASSafes: -IncludeAccounts parameter added to include accounts in the return value
Get-VPASSafeDetails: -IncludeAccounts parameter added to include accounts in the return value
Get-VPASSafeMembers: -LimitSearchTo parameter added to return either UsersOnly or GroupsOnly
Update-VPASSafeMember: Added the ability to input a hashtable of safe permissions (Hashtable of permissions will take priority over the flags passed)
Get-VPASAccountDetails: -SavedFilter parameter added to run prebuilt search queries:

Regular

Recently

Link

Deleted

PolicyFailures

AccessedByUsers

ModifiedByUsers

ModifiedByCPM

DisabledPasswordByUser

DisabledPasswordByCPM

ScheduledForChange

ScheduledForVerify

ScheduledForReconcile

SuccessfullyReconciled

FailedChange

FailedVerify

FailedReconcile

LockedOrNew

Locked

Favorites

Unlock-VPASExclusiveAccount: -AdminUnlock parameter added to unlock an exclusive account skipping the release workflow
Add-VPASBulkAccounts: added support for additional PlatformAccountProperties
Invoke-VPASReporting: added more fields to the plaform export report, including required and optional properties
Add-VPASSafemember: -searchIn parameter changed to optional

Breaking Changes

Add-VPASApplication: -Disabled parameter has been changed to be a flag instead of a String
Add-VPASApplicationAuthentication: -AuthType parameter validateset updated address to machineAddress and Certificate to certificateSerialNumber
Get-VPASSafeAccountGroups: This command is no longer needed as Get-VPASAccountGroups achieves the same functionality
Get-VPASAllSafes: removed -Limit and -Offset parameters, api will loop in batches of 25 until there are no more safes
Get-VPASEPVCurrentEPVUserDetails: re-reroutes to Get-VPASIdentityCurrentUserDetails for ISPSS Tenants + returns false for Standard tenants

v13.2.0 Published November 12, 2023

New Commands

Add-VPASIdentityRole: add a role into identity
Get-VPASIdentityTenantDetails: retrieve internal identity tenant details
Get-VPASIdentityUserSecurityQuestions: retrieve a users security questions set to reset credentials, questions only
Reset-VPASIdentityUserSecurityQuestions: reset all security questions for a user
Add-VPASIdentityUserSecurityQuestions: add a new security question for a user
Get-VPASIdentityRoles: retrieve details for roles in identity based on a search query
Get-VPASIdentityRoleDetails: retrieve details for a specific role in identity

Bug Fixes

Add-VPASSafe: fixed bug where -NumberOfDaysRetention and -NumberOfVersionRetention parameters would clash and overwrite each other
Get-VPASAccountGroupMembers: fixed bug where -NoSSL preference would enable https instead of http

Miscellaneous Notes

WhatIf/HideWhatIfOutput: -WhatIf + -HideWhatIfOutput parameters added to every Remove command to simulate what would happen if the target API call is invoked and what implications that call would have

WORK IN PROGRESS - will build on this in future releases

APITextRecording: -APITextRecording parameter added to New-VPASToken command to enable a text recording of every command run, return values, and outputs for the duration of the APIToken. Output is saved to a LOG file to the user's AppData directory
Update-VPASAccountFields: added -LogonDomain and -CustomField parameters to better handle optional platform properties
Add-VPASEPVUser + Update-VPASEPVUser: added -AuthenticationMethod and -DistinguishedName parameters as more optional parameters when creating or updating an EPVUser

Breaking Changes

NoSSL: -NoSSL parameter removed from every command and will only need to be initiated via New-VPASToken command and the preference will be carried over for the duration of the APIToken

v13.1.1 Published June 28, 2023

New Commands

Add-VPASIdentityRole: add a role in identity
Add-VPASIdentitySecurityQuestionAdmin: add an admin security question to identity
Get-VPASIdentityAdminSecurityQuestion: get an admin security question based on a search query
Get-VPASIdentityAllAdminSecurityQuestions: get all admin security questions in identity
Get-VPASIdentityAllUsers: retrieve all users from identity
Get-VPASIdentityCurrentUserDetails: retrieve details of the current user authenticated in
Get-VPASIdentityCurrentUserSecurityQuestions: get the users current security questions that are set, questions only
Get-VPASIdentityUserDetails: retrieve details for a user in identity based on a search query
New-VPASIdentityGenerateUserPassword: generate a new password for a user, note this only generates the password, it does not set the password
Remove-VPASIdentityAdminSecurityQuestion: delete an admin sevurity questions from identity
Remove-VPASIdentityRole: delete a role from identity
Set-VPASIdentityUserState: set the state of a user in identity, enabled or disabled
Set-VPASIdentityUserStatus: set the status of a user in identity, locked or not
Test-VPASIdentityUserLocked: confirm if a user in identity is locked or not
Update-VPASIdentityCurrentUserPassword: update the credential of the currently logged in user
Update-VPASIdentityRole: update an existing role in identity

Bug Fixes

Outpus: Fixed several bugs discovered in commands in regards to visual outputs (wrong command names, wrong variable types, etc)

Miscellaneous Notes

BIG CHANGE: Reworked the way a login token is generated and stored, removing the need to pass -token to every command

passing the token will still work, just not needed in most use cases

New-VPASToken: added a new auth method "ispss_cyberark" which gives the ability to authenticate into ISPSS via internal authentication
Get-Help: Added parameter descriptions to ever parameter in VpasModule to better understand information if "get-help" is run
Verbose: Updated verbose comments to better log what is happening if commands are run with the -verbose flag
QOL: Many quality of life updates made to VpasModule itself to better conform to powershell "best practices"

Breaking Changes

BIG CHANGE: every command in VpasModule was changed to follow powershell best practive verb-noun, every script will have to be updated with new command names

A change this large is rare, and I will prevent from doing these in the future

v13.0.0 Published February 19, 2023

New Commands

VDisableEPVUser: Disables an active epv user
VEnableEPVUser: Enables a disabled epv user
VUpdateEPVGroup: Update an existing EPVGroup that exists in the vault

Bug Fixes

VGetPlatformDetailsSearch: fixed the blank searchQuery to find all platforms
SharedServices Limitation: The following commands are not available in SharedServices, but are functioning properly for SelfHosted environments

VDeleteApplicationAuthentication

VGetAllApplications

VGetApplicationDetails

VGetApplicationAuthIDHelper

VGetApplicationAuthentications

VDeleteApplication

VAddApplication

VAddApplicationAuthentication

VGetDirectoryDetails

VDeleteDirectory

VGetAllDirectories

VGetDirectoryMappings

VGetDirectoryMappingDetails

VGetDirectoryMappingIDHelper

Miscellaneous Notes

VGetBulkTemplateFiles: added -ISPSS as optional to account for memberType in PrivilegeCloud Shared Services add safe member API call
VBulkValidateFile: added -ISPSS as optional to account for memberType in PrivilegeCloud Shared Services add safe member api call
VGetPasswordValue: added -HideOutput as optional to hide messages if needed
VReporting: added -HideOutput as optional to hide messages if needed
VAddSafeMember: added -MemberType parameter as optional, possible values: User, Group, Role to handle the api change in PrivilegeCloud
VGetDiscoveredAccounts: added the following parameters to better query discovered accounts:

-PlatformType('Windows Server Local','Windows Desktop Local','Windows Domain','Unix','Unix SSH Key','AWS','AWS Access Keys','Azure Password Management')

-Privileged('true','false')

-Enabled('true','false')

VLogin: added new parameters

AuthType: added "ISPSS" as an option to authenticate into PrivilegeCloud Shared Services via Oauth

IdentityURL: Added -IdentityURL parameter to facilitate logging into SharedServices

To set this authentication up, please view this article by CyberArk: IdentityAPIs

Breaking Changes

VGetDiscoveredAccounts: removed -Limit and -Offset as parameters

v12.6.1 Published December 23, 2022

New Commands

VGetEPVUserDetailsSearch: Retrieve details for an epv user based on a search query

Bug Fixes

VBulkValidateFile: fixed AddUpdateSafeMembers CSV file flagging RequestsAuthorizationLevel1 + RequestsAuthorizationLevel2 incorrectly
VGetUsagePlatformDetails: changed platformID variable to be mandatory
VReporting: added -Limit parameter to handle default safe return size of only 25

Miscellaneous Notes

VGetEPVGroupDetails: added -IncludeMembers parameter to the api call to return GroupMembers as well
VGetPlatformDetailsSearch: fixed description comment to be more accurate
VConnectWithPSM: removed unused parameter -ActiveSessionID
VGetPasswordValue: added -CopyToClipboard parameter to api call to return the secret to the clipboard instead of printing it out to the console
VUpdatePSMSettingsByPlatformID: added -Action parameter to api call to better distinguish adding or removing ConnectionComponents
VLogin: added the ability to authenticate in via saml

Breaking Changes

VDeleteUsagePlatform: fixed return comment, true if successful otherwise false
VGetGroupPlatformDetails: changed platformID variable to be mandatory
VGetRotationalPlatformDetails: changed platformID variable to be mandatory

v12.6.0 Published October 17, 2022

New Commands

VGetAuthenticationMethodIDHelper: helper function to retrieve the ID of an authentication method for an applicationID
VGetDirectoryMappingIDHelper: helper function to retrieve the ID of a directory mapping
VGetRecordingIDHelper: helper function to retrieve the ID for a PSM recording
VActionActiveSession: action on an active PSM session
VAddAuthenticationMethod: add an authentication method to cyberark
VConnectWithPSM: generate and open a PSM connection
VDeleteAuthenticationMethod: remove an authentication method from cyberark
VDeleteDirectory: remove a directory
VGetActiveSessionActivities: retrieve the activies of an active psm session
VGetActiveSessionProperties: retrieve the session properties of an active psm session
VGetAllDirectories: retrieve all the currently configured directories
VGetAuthenticationMethods: retieve cyberark authentication methods based on a search query
VGetDirectoryDetails: retrieve an existing directory details
VGetDirectoryMappingDetails: retrieve the directory mapping of a target directory
VGetDirectoryMappings: retieve all directory mappings currently configured
VGetPSMSessionActivities: retrieve the activies of a PSM session
VGetPSMSessionDetails: retrieve details for a target PSM session
VGetPSMSessionProperties: retrieve the properties for a target PSM session
VGetSpecificAuthenticationMethod: retieve the details for a specific authentication method configured in cyberark
VGetVaultDetails: retrieve details of the vault
VGetVaultVersion: retrieve the current version of the vault
VImportPlatform: import a platform from a prepackaged folder structure
VMonitorActiveSession: watch an ongoing active PSM session
VUpdateAuthenticationMethod: update an existing authentication method

Bug Fixes

VBulkValidateFile: fixed AddUpdateSafeMembers CSV file flagging RequestsAuthorizationLevel1 + RequestsAuthorizationLevel2 incorrectly

Miscellaneous Notes

LTS: CyberArk v12.6 is the new long term service version
Get-Help: Cleaned up various Get-Help tags in newer commands
VReporting: Added more report types and report outputs
SQL Commands: Updated table names and layout for each export command

Breaking Changes

None: I actively try to keep it this way 😎

v12.2.3 Published July 31, 2022

New Commands

None

Bug Fixes

None to report

Miscellaneous Notes

LTS: Last update to v12.2 as CyberArk is moving to new long term service version v12.6

Breaking Changes

VLogin: Added PVWA variable into the token variable, removing the need to pass it into any command except VLogin to initialize it

v12.2.2 Published July 13, 2022

New Commands

VCheckSQLConnectionDetails: checks the ocnnection to the sql database using the credentials or connection method provided
VGetSQLAccounts: export account details into a sql database table
VGetSQLPlatforms: export platform details into a sql database table
VGetSQLSafes: export safe details into a sql database table
VQueryDB: query the sql database to retrieve exported data
VSetSQLConnectionDetails: set the connection method and credentials used to connect to the sql database
VRunAuditSafeTest: runs an audit against the safes in the environment based on predefined parameters
VSetAuditSafeTest: set the parameters of what to audit for a safe audit

Bug Fixes

None to report

Miscellaneous Notes

SQL Request: added support to export data into a SQL database
Safe Audit: define and execute a read only audit against the safes in the environment to confirm standards are being followed

Breaking Changes

None: I actively try to keep it this way 😎

v12.2.1 Published June 20, 2022

New Commands

VBulkAddUpdateSafeMembers: add and update safe members in bulk via CSV file
VBulkCreateAccounts: create accounts in bulk via CSV file
VBulkCreateSafes: create safes in bulk via CSV file
VBulkValidateFile: validates a CSV file used for bulk operations
VGetBulkTemplateFiles: generate template CSV files for bulk operations
VReporting: reporting function that reports in various metrics and kpis

Work in progress: more metrics and kpis will be added in future releases

Bug Fixes

None to report

Miscellaneous Notes

VLogin: added -InitiateCookie parameter to inject websessions into api calls, helpful in situations where the PVWA LoadBalancer is not setup properly with sticky sessions

Breaking Changes

None: I actively try to keep it this way 😎

v12.2.0 Published May 3, 2022

New Commands

VAddAllowedReferrer: add an allowed referrer to the system (source able to redirect to PVWA)
VDeleteAllDiscoveredAccounts: remove all pending accounts that have been discovered via Accounts Discovery
VGetActiveSessions: retrieve active PSM sessions
VGetAllowedReferrer: retrieve all the allowed referrers in the system (sources able to redirect to PVWA)
VGetDiscoveredAccounts: retrieve details for pending accounts disocvered via Accounts Discovery
VGetPasswordHistory: retrieve an accounts password history
VGetPSMSessions: retrieve details for previously made PSM sessions
VGetSafeMemberSearch: retrieve safe member details for a target safe member via search query
VLinkAccount: assign an extra account to an existing account object (LogonAccount, ReconcileAccount, JumpAccount)
VUnlinkAccount: remove an extra account from an existing account object (LoginAccount, ReconcileAccount, JumpAccount)

Bug Fixes

None to report

Miscellaneous Notes

Minimal Changes: No significant changes to the API from v11.6 up to v12, development started for v12.2 as the long term support version of CyberArk

Breaking Changes

None: I actively try to keep it this way 😎

v11.6.0 Published April 18, 2022

New Commands

VDeleteEPVGroup: removes an existing EPV group
VGetAllConnectionComponents: retrieve details for all connection components currently configured
VGetAllPSMServers: retrieve details for all PSM servers currently deployed
VGetPSMSettingsByPlatformID: retrieve PSM settings via target platformID
VUpdatePSMSettingsByPlatformID: update PSM settings based on target platformID
VGetCurrentEPVUserDetails: retrieve details for the current logged in user

Bug Fixes

None to report

Miscellaneous Notes

None to call out

Breaking Changes

None: I actively try to keep it this way 😎

v11.5.0 Published March 29, 2022

New Commands

VActivateGroupPlatform: enable a group platform
VDeactivateGroupPlatform: disable a group platform
VDeleteGroupPlatform: remove a group platform
VDuplicateGroupPlatform: duplicate a group platform from an existing group platform
VGetGroupPlatformDetails: retrieve details of a target group platform
VActivateRotationalPlatform: enable a rotational platforms
VDeactivateRotationalPlatform: disable a rotational platform
VDeleteRotationalPlatform: remove a rotational platform
VDuplicateRotationalPlatform: duplicate a rotational platform from an existing rotational platform
VGetRotationalPlatformDetails: retrieve details for a target rotational platform
VDeleteUsagePlatform: remove a usage (dependency) platform
VDuplicateUsagePlatform: duplicate a usage platform from an existing usage (dependency) platform
VGetUsagePlatformDetails: retrieve details for a target usage (dependency) platform
VActivatePlatform: activate a target platform
VDeactivatePlatform: deactivate a target platform
VDeletePlatform: remove a target platform
VDuplicatePlatform: duplicate a target platform from an existing target platform

Bug Fixes

None to report

Miscellaneous Notes

Platform Types: Platforms now categorized as Rotational, Group, Usage or Target

Breaking Changes

None: I actively try to keep it this way 😎

v11.4.0 Published March 11, 2022

New Commands

None

Bug Fixes

Broken SearchQuery: issue found in the searchquery logic to find target assets, has been resolved, affected commands:

VGetPlatformDetailsSearch

VGetAccountIDHelper

VGetApplicationAuthIDHelper

VGetEPVGroupIDHelper

VGetEPVUserIDHelper

Miscellaneous Notes

VLogin: added ConcurrentSessions logic built into VLogin to allow more then one session to occur at once

Breaking Changes

None: I actively try to keep it this way 😎

v11.3.0 Published March 3, 2022

New Commands

None

Bug Fixes

None to report

Miscellaneous Notes

Get-Help: Added Get-Help content to every command (Descriptions, Examples, Syntax, Return Values, etc.)

Breaking Changes

None: I actively try to keep it this way 😎

v11.2.0 Published March 1, 2022

New Commands

None

Bug Fixes

None to report

Miscellaneous Notes

CyberArk Versioning: No updates, just keeping up with CyberArk's versioning

Breaking Changes

None: I actively try to keep it this way 😎

v11.1.0 Published February 22, 2022

New Commands

VCreateEPVGroup: Create an EPV group
VGetPlatformDetailsSearch: retrieve platform details via search query
VGetSafesByPlatformID: retrieve safes based on a platform id search query

Bug Fixes

None to report

Miscellaneous Notes

VLogin: added TLS 1.2 support + modified api call from a WebRequest to a RestMethod
VAddSafeMember: added grouped safe permissions to lessen the amount of flags needed to pass to the command
- AllPerms: enable all safe permissions
- AllAccess: UseAccounts, RetrieveAccounts, ListAccounts
- AllAccountManagement: AddAccounts, UpdateAccountContent, UpdateAccountProperties, InitiateCPMAccountManagementOperations, SpecifyNextAccountContent, RenameAccounts, DeleteAccounts, UnlockAccounts
- AllMonitor: ViewAuditLog, ViewSafeMembers
- AllSafeManagement: ManageSafe, ManageSafeMembers, BackupSafe
- AllWorkflow: RequestsAuthorizationLevel1, AccessWithoutConfirmation
- AllAdvanced: CreateFolders, DeleteFolders, MoveAccountsAndFolders

Breaking Changes

Return Values: modified return values from 0,1 to $true/$false

v10.10.0 Published February 12, 2022

New Commands

VAccountPasswordAction: initiate a CPM action for a target account

Verify

Change

Reconcile

ChangeSetNew

ChangeOnlyInVault

GenerateNewPass

VActivateEPVUser: enable a deactivated EPV user
VAddAccountGroup: create an account group to syncronize passwords
VAddAccountToAccountGroup: add an account to an existing account group
VAddApplication: add an applicationID
VAddApplicationAuthentication: add an authentication method to an applicationID
VAddEPVUser: create a new EPV user
VAddMemberEPVGroup: add an EPV user to an EPV group
VAddSafeMember: add a safe member to a safe
VCheckInAccount: check in (release) a checked out account for exclusive access
VCreateAccount: create a new account object
VCreateSafe: create a new safe
VDeleteAccount: remove an account object
VDeleteAccountFromAccountGroup: remove an account from an account group
VDeleteApplication: remove an applicationID
VDeleteApplicationAuthentication: remove an authentication method from an applicationID
VDeleteEPVUser: remove an EPV user
VDeleteMemberEPVGroup: remove an EPV user from an EPV group
VDeleteSafe: remove a safe
VDeleteSafeMember: remove a safe member from a safe
VExportPlatform: export a platform to a zipped folder
VGetAccountActivity: retrieve the activity for a target account
VGetAccountDetails: retrieve the details for a target account
VGetAccountGroupMembers: retrieve the members of a target account group
VGetAccountGroups: retrieve account groups
VGetAllApplications: retrieve all applicationIDs
VGetApplicationAuthentications: retrieve a target applicationIDs authentication methods
VGetApplicationDetails: retrieve details for a target applicationID
VGetEPVGroupDetails: retrieve details for a target EPV group
VGetEPVUserDetails: retrieve details for a target EPV user
VGetPasswordValue: retrieve the secret or password of a target account, assuming safe permissions allow
VGetPlatformDetails: retrieve details for a target platform
VGetSafeAccountGroups: retrieve the account groups assigned at a safe level
VGetSafeDetails: retrieve details for a target safe
VGetSafeMembers: retrieve safe members for a target safe
VGetSafes: retrieve details for safes based on a search query
VLogin: authentication into the CyberArk APIs by generating a login token
VLogoff: invalidate the login token
VResetEPVUserPassword: reset the credentials of a target EPV user
VSystemComponents: retrieve details for various components (CPM, PSM, PVWA, AIM, etc.)
VSystemHealth: retrieve details for the current health status of various components (CPM, PSM, PVWA, AIM, etc.)
VUpdateAccountFields: update a target field for an existing account object
VUpdateEPVUser: update a target field for an existing EPV user
VUpdateSafe: update a target field for a target safe
VUpdateSafeMember: update safe permissions for a target safe member

Bug Fixes

None to report

Miscellaneous Notes

VpasModule Debut!:

Breaking Changes

None: I actively try to keep it this way 😎