Skip to content

UAP VM policy CLI workflow

Here is an example workflow for adding a UAP VM policy via the CLI:

  1. Install Ark SDK: pip3 install ark-sdk-python
  2. Create a profile:
    • Interactively: 
      ark configure
    • Silently: 
      ark configure --silent --work-with-isp --isp-username myuser
  3. Log in to Ark: 
    ark login --silent --isp-secret <my-ark-secret>

  4. Create UAP VM Policy using a defined json file 

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
    {
  "metadata": {
    "name": "Cool Policy",
    "description": "Cool Policy Description",
    "status": {
      "status": "Active",
      "statusDescription": "Example status description"
    },
    "timeFrame": {
      "fromTime": null,
      "toTime": null
    },
    "policyEntitlement": {
      "targetCategory": "VM",
      "locationType": "FQDN/IP",
      "policyType": "Recurring"
    },
    "createdBy": {
      "user": "cool_user",
      "time": "2025-02-08T22:46:06"
    },
    "updatedOn": {
      "user": "cool_user",
      "time": "2025-02-08T22:46:06"
    },
    "policyTags": [
      "cool_tag",
      "cool_tag2"
    ],
    "timeZone": "Asia/Jerusalem"
  },
  "principals": [
    {
      "id": "principal_id",
      "name": "tester@cyberark.cloud",
      "type": "User",
      "sourceDirectoryName": "CyberArk Cloud Directory",
      "sourceDirectoryId": "source_directory_id"
    }
  ],
  "delegationClassification": "Unrestricted",
  "conditions": {
    "accessWindow": {
      "daysOfTheWeek": [
        0,
        1,
        2,
        3,
        4,
        5,
        6
      ],
      "fromHour": "05:00",
      "toHour": "23:59"
    },
    "maxSessionDuration": 2,
    "idleTime": 1
  },
  "targets": {
    "fqdnipResource": {
      "fqdnRules": [
        {
          "operator": "EXACTLY",
          "computernamePattern": "myvm.mydomain.com",
          "domain": "domain.com"
        }
      ],
      "ipRules": [
        {
          "operator": "EXACTLY",
          "ipAddresses": [
            "192.168.12.34"
          ],
          "logicalName": "CoolLogicalName"
        }
      ]
    }
  },
  "behavior": {
    "sshProfile": {
      "username": "ssh_user"
    },
    "rdpProfile": {
      "domainEphemeralUser": {
        "assignGroups": [
          "rdp_users"
        ],
        "enableEphemeralUserReconnect": false,
        "assignDomainGroups": [
          "domain_rdp_users"
        ]
      }
    }
  }
}


    1
    ark exec --request-file /path/to/policy-request.json uap vm add-policy