Jump to content

Expire password through API


sysadmin-z
 Share

Recommended Posts

Hi,

 

I was wondering if it is possible to expire a password through the API. I am able to update a password using the API, but that requires me to generate a password and then update it. I would like to update using the selected password generator and privileged account that is required for resetting the password. Would it be possible to expire it by updating the ExpiryDate? If so, how quickly would a reset happen?

 

Thanks.

Link to comment
Share on other sites

Hello,

 

Yes, you can do something like this, as per the example below in PowerShell. Are you also aware of the GeneratePassword option when updating passwords via the UI as well? This will generate a new password for you, based on the selected Password Generator assigned to the Password List, and then you wouldn't need to change the Expiry Date or Schedule as per below?

 

With this example below, or if you used the GenerarePassword option, the reset would be picked up within the next minutes and processed.

 

$NewExpiryDate = (get-date).AddDays(-1).ToString("yyyy-MM-dd")
$NewSchedule = (get-date).AddMinutes(1).ToString("hh:mm")

$jsonData = '
{
"PasswordID":"57783",
"ExpiryDate":"' + $NewExpiryDate + '",
"PasswordResetSchedule":"' + $NewSchedule + '"
}
'

$PasswordstateUrl = 'https://myurl/api/passwords'
$result = Invoke-Restmethod -Method Put -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -UseDefaultCredentials
Write-Output $result


Regards

Click Studios

Link to comment
Share on other sites

  • 2 years later...

Sorry for dragging up this old post.

Can this process be used in a replacement for LAPS?

Scenario:
Workstation Local Administrator Account: localadmin

Technician retrieves the localadmin password.

 

I am monitoring the PasswordState event log, so at this point I call the above API URL but with modifications to set the expiration, let's say 30 minutes in the future.  This would give the technician a 30 minute window of access.

 

The question:

When the password expires in PasswordState, would PasswordState use it's own internal PowerShell scripts to reset the localadmin password on the workstation?

 

(I can make a new post if prefered)

Link to comment
Share on other sites

Hi Steve,

 

Sorry we missed this post.

 

When you trigger a password reset via our API, it does use our own reset scripts to perform the reset.  It sounds like what you want to do though is give a user access to a password for a specific amount of time, and this can be achieved through the User Interface, which would be much easier.

 

This could either be achieved through requesting access to a password, and the approver can set how long the access lasts for.  Or you could use the Check IN? Check Out feature, which will give the user exclusive access to the password for a set amount of time, and can automatically change the password when they are finished with it.

 

Regards,

Support

Link to comment
Share on other sites

  • 9 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...