Issue on adding ExtraPass3Name on platformAccountProperties

[kentLee170]

Describe the issue A concise summary of the issue Hi Expert, I am having issue to adding ExtraPass3Name value when creating bulk accounts with Add-PASAccount below are the csv file

To Reproduce Steps to reproduce the behavior:

Expected behavior A clear and concise description of what you expected to happen.

Screenshots & Console Output If applicable, add screenshots to help explain your problem.

Console Output Code Block:

`
$Accounts = Import-Csv -Path .\Accounts.csv
foreach($Account in $Accounts){

$Password = ConvertTo-SecureString -String $Account.Password -AsPlainText -Force
$platformAccountProperties = @{
"ExtraPass3Name"=$Account.ExtraPass3Name
"UseSudoOnReconcile"="$true"}

Add-PASAccount -secretType Password `
-secret $Password `
-SafeName $Account.SafeName `
-PlatformID $Account.PlatformID `
-Address $Account.Address `
-Username $Account.Username `
-platformAccountProperties $platformAccountProperties

}

`

Your Environment Include relevant details about your environment

• PowerShell Version:
• psPAS Version: psPAS-v4.4.71
• CyberArk Version: 11.3

Additional context Add any other context about the problem here.

[pspete]

See #168

[kentLee170]

Hi Pspete, thanks fro the update but #168 is only query on ExtraPass3Name attribute, what i need is add this attribute together with Add-PASAccount.

[NathanielMaier]

@kentLee170, the same is true for Add-, Set-, and Get - the platform needs to have a property matching the name of any of those ExtraPass* file categories your want.

I agree this is an unfortunate limitation from CyberArk, and maybe there should be an Enhancement Request with them to offer a different solution.

[olegasdo]

Property need to be added to the platform explicitly to be accessible via the RestAPI

[kentLee170]

@NathanielMaier and @olegasdo
thanks for the update. The problem is that each Linux server has 1 local reconcile account to manage all 1000 local accounts, so I need to map all 1000 accounts to the same reconcile account with ExtraPass3Name attribute. And this setting cannot be applied to the platform, because each Linux device has a different address name. But the way, i have more than 200 Linux device with 20k account, how i add it one by one on pvwa... anyone have any advice on this

[olegasdo]

you can set it on the platform level. You can have different "placeholders" in the platform settings. like {address}, {domain} etc. if the account is the same for all the servers just use "account name" without placeholders.

[NathanielMaier]

@kentLee170 - As @olegasdo recommended, there are many ways to accomplish this, but the psPAS module is working as expected. If CyberArk updates the REST API in the future to allow setting File Categories which are not defined as properties in a Platform, this could change, but until then this is an issue with your CyberArk PAS environment.

[pspete]

The instructions from the vendor around using the api with the extrapass* platform properties are here: https://cyberark-customers.force.com/s/article/Add-Reconcile-and-Login-Accounts-to-an-Account-using-V10-REST-API

For the alternative approach, configuring dynamic rules at the platform level is documented on this page: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Accounts-for-Automatic-Management.htm

@kentLee170 it is up to you to choose which option is preferable for you, but there is no fix to be made in any of the modules code.

[kentLee170]

hi Pspete, thanks for the advice above, but is having on ExtraPass3Folder now...LOL

` $Accounts = Import-Csv -Path .\Accounts.csv foreach($Account in $Accounts){

$Password = ConvertTo-SecureString -String $Account.Password -AsPlainText -Force $platformAccountProperties = @{ "ExtraPass3Name"=$Account.ExtraPass3Name "ExtraPass3Safe"=$Account.ExtraPass3Safe

"UseSudoOnReconcile"="$true"}

Add-PASAccount -secretType Password -secret $Password -SafeName $Account.SafeName -PlatformID $Account.PlatformID -Address $Account.Address -Username $Account.Username -platformAccountProperties $platformAccountProperties

}

Logoff

` adding ExtraPass3Name and ExtraPass3Safe is working on Add-PASAccount now but is there any different with and without ExtraPass3Folder

[pspete]

Please use your usual support channels with the vendor for this query; it's not relevant to psPAS.

[kentLee170]

Hi Pspete, thanks for the update, just find out that i can update ExtraPass3Folder "root" on platform optional.