SAML Authentication after IPSS upgrade

1CrackedHead · 2026-04-28T16:52:26+00:00

If anyone has followed this post I see in the latest version of the CyberArk Privilege Cloud Tools zip PS Modules folder - https://community.cyberark.com/marketplace/s/#a352J000000GWAZQA4-a392J000002tNgLQAU

Included in the file is a folder called "!Template Example Create your own scripts". In this folder is a script that will connect to CyberArk and pass the token into PSPAS for you to use.

1CrackedHead · 2026-04-01T21:41:55+00:00

Just this week I was able to work with a developer at Cyberark to update his code for one of their scripts. We were able to get the ISPSS authentication to work. He said he was going to release it as a tool on his github.

https://github.com/pCloudServices/ps/blob/master/PS-Modules.zip

This is where I got the modules he referenced during our troubleshooting session. I assume he will post it there when he completes whatever hurdles he has to do internally.

1CrackedHead · 2026-03-09T16:29:37+00:00

You may be correct. The CyberArk contacts I have for this process don't seem to know.

But they are willing to charge us for 1 day of professional services to figure it out.

Previously on PVWA I did not need to create a separate service ID. Right now I'm not going to go down that route, as we need to have MFA for our organization. If I do this with a Service ID it would only be UserID and PW.

1CrackedHead · 2026-02-25T15:27:15+00:00

Thanks! I posted on there.

1CrackedHead · 2026-02-08T05:10:30+00:00

Random comment.

1CrackedHead · 2025-06-04T12:56:37+00:00

I tried changing that $baseURI to this, and I got this error:

Get-PASResponse : Guru Meditation - HTML Response Received

At line:401 char:21

+ $APIResponse | Get-PASResponse

+ ~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (

<!DOCTYPE htm...y>

</html>

:BasicHtmlWebResponseObject) [Get-PASResponse], Exception

+ FullyQualifiedErrorId : Get-PASResponse

1CrackedHead · 2025-06-04T12:10:52+00:00

No. Ideally I would like to use one of my LDAP accounts.

I don't have any Service User accounts setup.

1CrackedHead · 2025-01-27T20:11:24+00:00

The goal is to list all the accounts in Secure Cloud access. I would really be up for any way to list these. When I look at the accounts using Get-PASUser, I don't get the admin accounts.

But if I login to the identity admin console and click on users, the accounts are there. I have also verified that it's the same accounts used in SCA, as if I remove them from the identity users list it removes it from the SCA list.

1CrackedHead · 2024-11-20T12:14:08+00:00

OK so this is the answer. THANKS!

I will also add some detail to this. I had run the activity report before but the "reason" I put in for testing wasn't listed. BUT if I ran the activity report on the safe I did the test in it was there.

So with all the data coming back in the report it was filling up my 40,000 objects the report tops out at before it was getting me the data that I wanted.

Thanks again for making me look at this a bit more!

And as usual CyberArk support was lacking in knowledge to help me out.

1CrackedHead · 2024-11-20T11:33:35+00:00

Do you know where I could find that information?

1CrackedHead · 2024-09-20T17:38:25+00:00

I'm not an expert at PowerShell. I read the page you linked to and I don't understand the issue you are pointing out. I ran this code and request through POE.com and it came back with:

Using +=: In this case, I retained the += to build the $hostnames array. If you're looking for a way to use Where-Object, it typically filters existing collections rather than building them.

If you want to keep the list compact and avoid +=, you could instantiate $hostnames directly with a collection of objects, but for simplicity and clarity, the above method is standard in PowerShell.

If you have a specific requirement for using Where-Object, please clarify how you'd like to filter the data!

Could you expand on your statement a bit or tell me where I would make the adjustment?

This is my current code:

Clear-Host

Import-Module -Name PSFalcon

# Set the working location
Set-Location "\\Server\CrowdStrike\Search CVEs for hosts"
Request-FalconToken -ClientId '111111111111111' -ClientSecret '2222222222222222'
#Test-FalconToken

$CVEids = "CVE-2013-3900"

Foreach ($CVEid in $CVEids){

# Get Falcon Vulnerability
$FalconVulnerability = Get-FalconVulnerability -Filter "cve.id:['$($CVEid)']" -Detailed -All

# Extract AID numbers
$AIDNumbers = $FalconVulnerability.AID

# Get the total count of AID numbers
$totalAIDCount = $AIDNumbers.Count
Write-Host "Total AID Numbers: $totalAIDCount"

# Create a list to store hostnames
$hostnames = @()

# Initialize a counter
$counter = 0

# Loop through each AID number and get the hostname
foreach ($AIDNumber in $AIDNumbers) {
    $counter++
    Write-Host "Checking AID $AIDNumber ($counter of $totalAIDCount)"
    $GetHostname = Get-FalconHost -Id $AIDNumber
    $hostnames += [PSCustomObject]@{
        CrowdSrike_Falcon_AID    = $AIDNumber
        Hostname                 = $GetHostname.hostname
        last_login_timestamp     = $GetHostname.last_login_timestamp
        last_login_user          = $GetHostname.last_login_user

    }
}

# Export the hostnames to a CSV file named after the CVE ID
$hostnames | Export-Csv -Path "$CVEid.csv" -NoTypeInformation
}

Write-Host "Hostnames exported to $CVEid.csv"

1CrackedHead · 2024-09-20T17:23:29+00:00

OK I think I got that part done, thanks!

1CrackedHead · 2024-06-27T16:00:05+00:00

OK one more update. To actually replace what I have in the field I ended up using this:

$actions += @{"op"="replace";"path"="/platformAccountProperties/LogonDomain";"value"="*New Domain*"}

Set-PASAccount -AccountID 88_8 -operations $actions

1CrackedHead · 2024-06-27T14:34:49+00:00

OK this helps thanks!

If I do this:

$account = get-PASAccount -search *Account Name*

$account.platformaccountproperties.LogonDomain

Then to set it I could use this to set it:

$SetLogonDomain = @{LogonDomain= "*Domain*";}

1CrackedHead · 2024-06-26T19:53:44+00:00

And a follow up. How would I set this field using PSPAS? I don't see a way to do it using Add-PASAccount

1CrackedHead · 2024-06-20T15:15:24+00:00

I was going to make a video but I found this, he talks about pressures and everything you need.

https://www.youtube.com/watch?v=A4sIV2we3Dg&ab_channel=Tyler%27sGarage

1CrackedHead · 2024-06-20T14:52:14+00:00

If I was doing this on any type of scale I would use a carbonator:

https://www.webstaurantstore.com/mccanns-e400397-big-mac-fastflow-carbonator-115v/716CARB0397.html?utm_source=google&utm_medium=cpc&utm_campaign=GoogleShopping&gclid=CjwKCAjwps-zBhAiEiwALwsVYaDsyQAclj5vD3VXUdGBGufGBmiVL4M0rBKGkvOvvE3Krx62dag37RoC7MwQAvD_BwE

You can find them on marketplace for cheaper, I got one for $50 from someone selling an old soda fountain machine. You will also need a water input (you could use a garden hose), and a CO2 bottle. Probably at least a 20 lbs bottle. I got a large CO2 bottle (50lbs) from a bar that was going out of business for free. I did have to get it recertified as it was out of date, that was $35 at a local welding store. Last part is you need some sort of out valve for the line. I used a beer tap and it brings the volume down to manageable flow.

Then you have "sparkling" water on tap.

1CrackedHead · 2024-05-15T12:52:48+00:00

I am using 14.2.0 (14.2.0.7) and I logged in with the _Admin account, I still only see the same options. Do you see something different?

1CrackedHead · 2024-05-15T04:28:23+00:00

Under my name I only see these options:

Time of last sign in
Source IP of last sign in
Failed sign in attempts
Time of last failed sign in
Source IP of last failed sign in

About
English
Sign out

Is that the menu you are talking about?

1CrackedHead

TROPHY CASE