Post

#19 - CyberArk Migrate Accounts via REST API

Posted Updated
By cybrad
1 min read
#19 - CyberArk Migrate Accounts via REST API

This video covers the process of migrating Platforms, Safes and Accounts using the API.

Video Preview

Objectives

  • Migrate Platforms via REST API
  • Migrate Safes via REST API
  • Migrate Accounts via REST API

CyberArk GitHub Documenation

Cyberark epv-api-scripts

PowerShell Commnads Used

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

# Download GitHub repo https://github.com/cyberark/epv-api-scripts
# Unbock Files
dir -r | Unblock-File
# Import Modules
cd "C:\Migration\epv-api-scripts-main\Migration\Migration via REST\"
Import-Module ".\Migrate.psm1" -force
Import-Module "C:\Migration\epv-api-scripts-main\Identity Authentication\IdentityAuth.psm1"

# Export Platforms 
cat ./platformlist.txt
#$SourceUPCred = get-credential
mkdir ./PLATFORMZIPS/
# If auth is CyberArk use this to export platforms
C:\Migration\epv-api-scripts-main\Platforms\Export-Import-Platform.ps1 -PVWAURL https://<SourcePVWA>/PasswordVault/ -ExportFile -ListFile ./platformlist.txt -PlatformZipPath ./PLATFORMZIPS/
# If auth is LDAP use this to export platforms
C:\Migration\epv-api-scripts-main\Platforms\Export-Import-Platform.ps1 -PVWAURL https://<SourcePVWA>/PasswordVault/ -ExportFile -ListFile ./platformlist.txt -PlatformZipPath ./PLATFORMZIPS/ -AuthType ldap

# Import Platforms
$DestUPCred = get-credential
$header = Get-IdentityHeader -IdentityTenantURL <Your_Tenant_Identity_ID>.id.cyberark.cloud -UPCreds $DestUPCred
C:\Migration\epv-api-scripts-main\Platforms\Export-Import-Platform.ps1 -ImportFile -PVWAURL https://<subdomain>.privilegecloud.cyberark.cloud/PasswordVault -ListFile ./PLATFORMZIPS/_Exported.txt -LogonToken $header

# Source PVWA Auth
$SourceUPCred = get-credential
New-SourceSession -srcPVWAURL https://<SourcePVWA>/PasswordVault/ -srcAuthType LDAP -srcPVWACredentials $SourceUPCred

# Export Accounts from Source
Export-Accounts -exportCSV ./export.csv

# Use this to open the CSV file and adjust what needs to be migrated
Start ./export.csv

cat ./Import.csv

# Import Accounts
Import-Accounts -importCSV ./Import.csv

# Command to import Failed accounts
Import-Accounts -importCSV ./FailedAccounts.csv

# Destination PVWA Auth
$DestUPCred = get-credential
$header = Get-IdentityHeader -IdentityTenantURL <identityID>.id.cyberark.cloud -UPCreds $DestUPCred
New-DestinationSession -dstPVWAURL https://<subdomain>.privilegecloud.cyberark.cloud/PasswordVault -dstLogonToken $header

# Sync Safes
Sync-Safes -CreateSafes -CPMOverride "PROD-CPM"

# Sync Accounts
Sync-Accounts -ProgressDetails -verbose

# Handy Command
Get-AccountList

Timeline

  • Intro 0:00
  • Migrate Platforms 1:17
  • Migrate Safes 5:39
  • Migrate Accounts 9:55
CyberArk Privilege Cloud
cyberark privilegecloud API
This post is licensed under CC BY 4.0 by the author.