Skip to content

SDK Examples

Using the SDK is similar to using the CLI.

Short lived password example

In this example we authenticate to our ISP tenant and create a short-lived password:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package main

import (
    "fmt"
    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    ssomodels "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/sso/models"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/sso"
    "os"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    // Create an SSO service from the authenticator above
    ssoService, err := sso.NewIdsecSIASSOService(ispAuth)
    if err != nil {
        panic(err)
    }

    // Generate a short-lived password
    ssoPassword, err := ssoService.ShortLivedPassword(
        &ssomodels.IdsecSIASSOGetShortLivedPassword{},
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("%s\n", ssoPassword)

    // Generate a short-lived password for RDP
    ssoPassword, err = ssoService.ShortLivedPassword(
        &ssomodels.IdsecSIASSOGetShortLivedPassword{
            Service: "DPA-RDP",
        },
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("%s\n", ssoPassword)
}

Target set example

In this example we authenticate to our ISP tenant and create a target set with a VM secret:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package main

import (
    "fmt"
    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    vmsecretsmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/secretsvm/models"
    targetsetsmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/workspacestargetsets/models"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/sia"
    "os"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    // Add a VM secret
    siaAPI, err := sia.NewIdsecSIAAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    secret, err := siaAPI.VMSecrets().AddSecret(
        &vmsecretsmodels.IdsecSIAVMAddSecret{
            SecretType:          "ProvisionerUser",
            ProvisionerUsername: "CoolUser",
            ProvisionerPassword: "CoolPassword",
        },
    )
    if err != nil {
        panic(err)
    }
    // Add VM target set
    targetSet, err := siaAPI.WorkspacesTargetSets().AddTargetSet(
        &targetsetsmodels.IdsecSIAAddTargetSet{
            Name:       "mydomain.com",
            Type:       "Domain",
            SecretID:   secret.SecretID,
            SecretType: secret.SecretType,
        },
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("Target set %s created\n", targetSet.Name)
}

SIA settings example

In this example we authenticate to our ISP tenant and get and update SIA settings:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package main

import (
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/common"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/sia"
    settingsmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/settings/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }
    siaAPI, err := sia.NewIdsecSIAAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }

    // Load all settings
    settings, err := siaAPI.Settings().ListSettings()
    if err != nil {
        panic(err)
    }
    settings.AdbMfaCaching.IsMfaCachingEnabled = common.Ptr(false)

    // Update settings
    _, err = siaAPI.Settings().SetSettings(settings)
    if err != nil {
        panic(err)
    }

    // Set specific setting partially
    adbMfa := &settingsmodels.IdsecSIASettingsAdbMfaCaching{
        KeyExpirationTimeSec: common.Ptr(7200),
        ClientIPEnforced:     common.Ptr(false),
    }
    _, err = siaAPI.Settings().SetAdbMfaCaching(adbMfa)
    if err != nil {
        panic(err)
    }
}

CMGR example

In this example we authenticate to our ISP tenant and create a network, pool, and identifier:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package main

import (
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/cmgr"
    networksmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/cmgr/networks/models"
    identifiersmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/cmgr/poolidentifiers/models"
    poolsmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/cmgr/pools/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    // Configure a network, pool and identifiers using the CMGR API
    cmgrAPI, err := cmgr.NewIdsecCmgrAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    network, err := cmgrAPI.Networks().Create(&networksmodels.IdsecCmgrAddNetwork{Name: "tlv"})
    if err != nil {
        panic(err)
    }
    pool, err := cmgrAPI.Pools().Create(&poolsmodels.IdsecCmgrAddPool{Name: "tlvpool", AssignedNetworkIDs: []string{network.NetworkID}})
    if err != nil {
        panic(err)
    }
    identifier, err := cmgrAPI.PoolIdentifiers().Create(&identifiersmodels.IdsecCmgrAddPoolSingleIdentifier{PoolID: pool.PoolID, Type: identifiersmodels.GeneralFQDN, Value: "mymachine.tlv.com"})
    if err != nil {
        panic(err)
    }
    fmt.Printf("Added pool: %s\n", pool.PoolID)
    fmt.Printf("Added network: %s\n", network.NetworkID)
    fmt.Printf("Added identifier: %s\n", identifier.IdentifierID)
}

List pCloud Accounts

In this example we authenticate to our ISP tenant and list pCloud accounts:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package main

import (
    "fmt"
    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/pcloud"
    "os"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    // List all of the accounts
    pcloudAPI, err := pcloud.NewIdsecPCloudAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    accountsChan, err := pcloudAPI.Accounts().List()
    if err != nil {
        panic(err)
    }
    for accountsPage := range accountsChan {
        for account := range accountsPage.Items {
            fmt.Printf("Account: %v\n", account)
        }
    }
}

List identities

In this example we authenticate to our ISP tenant and list all of the accounts:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package main

import (
    "fmt"
    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    directoriesmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/identity/directories/models"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/identity"
    "os"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    // List all identities
    identityAPI, err := identity.NewIdsecIdentityAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    identitiesChan, err := identityAPI.Directories().ListEntities(&directoriesmodels.IdsecIdentityListDirectoriesEntities{})
    if err != nil {
        panic(err)
    }
    for loadedIdentity := range identitiesChan {
        fmt.Printf("Identity: %v\n", loadedIdentity)
    }
}

Session Monitoring

In this example we authenticate to our ISP tenant and get all the active sessions: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package main

import (
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/sm/sessions"
    sessionsmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/sm/sessions/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    sessionsService, err := sessions.NewIdsecSMSessionsService(ispAuth)
    if err != nil {
        panic(err)
    }
    filter := &sessionsmodels.IdsecSMSessionsFilter{
        Search: "status IN Active",
    }
    // Get all active sessions
    activeSessions, err := sessionsService.CountBy(filter)
    if err != nil {
        panic(err)
    }
    fmt.Printf("Total Active Sessions: %d\n", activeSessions)
}

Policy

In this example we authenticate to our ISP tenant and create a DB policy: 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
package main

import (
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    commonmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/common"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/policy"
    policycommomodels "github.com/cyberark/idsec-sdk-golang/pkg/services/policy/common/models"
    policydbmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/policy/db/models"
    dbmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/workspacesdb/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    policyAPI, err := policy.NewIdsecPolicyAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    policy, err := policyAPI.Db().CreatePolicy(
        &policydbmodels.IdsecPolicyDBAccessPolicy{
            IdsecPolicyInfraCommonAccessPolicy: policycommomodels.IdsecPolicyInfraCommonAccessPolicy{
                IdsecPolicyCommonAccessPolicy: policycommomodels.IdsecPolicyCommonAccessPolicy{
                    Metadata: policycommomodels.IdsecPolicyMetadata{
                        Name:        "Example DB Access Policy",
                        Description: "This is an example of a DB access policy for Infrastructure.",
                        Status: policycommomodels.IdsecPolicyStatus{
                            Status: policycommomodels.StatusTypeActive,
                        },
                        PolicyEntitlement: policycommomodels.IdsecPolicyEntitlement{
                            TargetCategory: commonmodels.CategoryTypeDB,
                            LocationType:   commonmodels.WorkspaceTypeFQDNIP,
                            PolicyType:     policycommomodels.PolicyTypeRecurring,
                        },
                        PolicyTags: []string{},
                    },
                    Principals: []policycommomodels.IdsecPolicyPrincipal{
                        {
                            Type:                policycommomodels.PrincipalTypeUser,
                            ID:                  "user-id",
                            Name:                "user@cyberark.cloud.12345",
                            SourceDirectoryName: "CyberArk",
                            SourceDirectoryID:   "12345",
                        },
                    },
                },
                Conditions: policycommomodels.IdsecPolicyInfraCommonConditions{
                    IdsecPolicyConditions: policycommomodels.IdsecPolicyConditions{
                        AccessWindow: policycommomodels.IdsecPolicyTimeCondition{
                            DaysOfTheWeek: []int{1, 2, 3, 4, 5},
                            FromHour:      "09:00",
                            ToHour:        "17:00",
                        },
                        MaxSessionDuration: 4,
                    },
                    IdleTime: 10,
                },
            },
            Targets: map[string]policydbmodels.IdsecPolicyDBTargets{
                commonmodels.WorkspaceTypeFQDNIP: {
                    Instances: []policydbmodels.IdsecPolicyDBInstanceTarget{
                        {
                            InstanceName:         "example-db-instance",
                            InstanceType:         dbmodels.FamilyTypeMSSQL,
                            InstanceID:           "1",
                            AuthenticationMethod: policydbmodels.AuthMethodLDAPAuth,
                            LDAPAuthProfile: &policydbmodels.IdsecPolicyDBLDAPAuthProfile{
                                AssignGroups: []string{"mygroup"},
                            },
                        },
                    },
                },
            },
        },
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("Policy created successfully: %s\n", policy.Metadata.PolicyID)
}

In this example we authenticate to our ISP tenant and create a VM policy: 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
package main

import (
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    commonmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/common"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/policy"
    policycommomodels "github.com/cyberark/idsec-sdk-golang/pkg/services/policy/common/models"
    policyvmmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/policy/vm/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    policyAPI, err := policy.NewIdsecPolicyAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    policy, err := policyAPI.VM().CreatePolicy(
        &policyvmmodels.IdsecPolicyVMAccessPolicy{
            IdsecPolicyInfraCommonAccessPolicy: policycommomodels.IdsecPolicyInfraCommonAccessPolicy{
                IdsecPolicyCommonAccessPolicy: policycommomodels.IdsecPolicyCommonAccessPolicy{
                    Metadata: policycommomodels.IdsecPolicyMetadata{
                        Name:        "Example VM Access Policy",
                        Description: "This is an example of a VM access policy for Infrastructure.",
                        Status: policycommomodels.IdsecPolicyStatus{
                            Status: policycommomodels.StatusTypeActive,
                        },
                        PolicyEntitlement: policycommomodels.IdsecPolicyEntitlement{
                            TargetCategory: commonmodels.CategoryTypeVM,
                            LocationType:   commonmodels.WorkspaceTypeFQDNIP,
                            PolicyType:     policycommomodels.PolicyTypeRecurring,
                        },
                        PolicyTags: []string{},
                    },
                    Principals: []policycommomodels.IdsecPolicyPrincipal{
                        {
                            Type:                policycommomodels.PrincipalTypeUser,
                            ID:                  "user-id",
                            Name:                "user@cyberark.cloud.12345",
                            SourceDirectoryName: "CyberArk",
                            SourceDirectoryID:   "12345",
                        },
                    },
                },
                Conditions: policycommomodels.IdsecPolicyInfraCommonConditions{
                    IdsecPolicyConditions: policycommomodels.IdsecPolicyConditions{
                        AccessWindow: policycommomodels.IdsecPolicyTimeCondition{
                            DaysOfTheWeek: []int{1, 2, 3, 4, 5},
                            FromHour:      "09:00",
                            ToHour:        "17:00",
                        },
                        MaxSessionDuration: 4,
                    },
                    IdleTime: 10,
                },
            },
            Targets: policyvmmodels.IdsecPolicyVMPlatformTargets{
                FQDNIPResource: &policyvmmodels.IdsecPolicyVMFQDNIPResource{
                    FQDNRules: []policyvmmodels.IdsecPolicyVMFQDNRule{
                        {
                            Operator:            policyvmmodels.VMFQDNOperatorExactly,
                            ComputernamePattern: "example-vm",
                            Domain:              "mydomain.com",
                        },
                    },
                },
            },
            Behavior: policyvmmodels.IdsecPolicyVMBehavior{
                SSHProfile: &policyvmmodels.IdsecPolicyVMSSHProfile{
                    Username: "root",
                },
                RDPProfile: &policyvmmodels.IdsecPolicyVMRDPProfile{
                    LocalEphemeralUser: &policyvmmodels.IdsecPolicyVMEphemeralUser{
                        AssignGroups: []string{"Remote Desktop Users"},
                    },
                },
            },
        },
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("Policy created successfully: %s\n", policy.Metadata.PolicyID)
}

In this example we authenticate to our ISP tenant and create a Cloud Access policy: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package main

import (
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    commonmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/common"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/policy"
    policycloudaccessmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/policy/cloudaccess/models"
    commonpolicymodels "github.com/cyberark/idsec-sdk-golang/pkg/services/policy/common/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    policyAPI, err := policy.NewIdsecPolicyAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    policy, err := policyAPI.CloudAccess().CreatePolicy(
        &policycloudaccessmodels.IdsecPolicyCloudAccessCloudConsoleAccessPolicy{
            IdsecPolicyCommonAccessPolicy: commonpolicymodels.IdsecPolicyCommonAccessPolicy{
                Metadata: commonpolicymodels.IdsecPolicyMetadata{
                    Name:        "Example SCA Access Policy",
                    Description: "This is an example of a SCA access policy.",
                    Status: commonpolicymodels.IdsecPolicyStatus{
                        Status: commonpolicymodels.StatusTypeValidating,
                    },
                    PolicyEntitlement: commonpolicymodels.IdsecPolicyEntitlement{
                        TargetCategory: commonmodels.CategoryTypeCloudConsole,
                        LocationType:   commonmodels.WorkspaceTypeAWS,
                        PolicyType:     commonpolicymodels.PolicyTypeRecurring,
                    },
                    PolicyTags: []string{},
                },
                Principals: []commonpolicymodels.IdsecPolicyPrincipal{
                    {
                        Type:                commonpolicymodels.PrincipalTypeUser,
                        ID:                  "user-id",
                        Name:                "user@cyberark.cloud.12345",
                        SourceDirectoryName: "CyberArk",
                        SourceDirectoryID:   "12345",
                    },
                },
            },
            Conditions: policycloudaccessmodels.IdsecPolicyCloudAccessConditions{
                IdsecPolicyConditions: commonpolicymodels.IdsecPolicyConditions{
                    AccessWindow: commonpolicymodels.IdsecPolicyTimeCondition{
                        DaysOfTheWeek: []int{1, 2, 3, 4, 5},
                        FromHour:      "09:00:00",
                        ToHour:        "17:00:00",
                    },
                    MaxSessionDuration: 4,
                },
            },
            Targets: policycloudaccessmodels.IdsecPolicyCloudAccessCloudConsoleTarget{
                AwsAccountTargets: []policycloudaccessmodels.IdsecPolicyCloudAccessAWSAccountTarget{
                    {
                        IdsecPolicyCloudAccessTarget: policycloudaccessmodels.IdsecPolicyCloudAccessTarget{
                            RoleID:        "arn:aws:iam::123456789012:role/ExampleRole",
                            RoleName:      "ExampleRole",
                            WorkspaceID:   "123456789012",
                            WorkspaceName: "ExampleWorkspace",
                        },
                    },
                },
            },
        },
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("Policy created successfully: %s\n", policy.Metadata.PolicyID)
}

Shortened connection string

In this example we authenticate to our ISP tenant and generate a shortened connection string: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package main

import (
    "fmt"
    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    shortenedconnectionstringmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/shortenedconnectionstring/models"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/shortenedconnectionstring"
    "os"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    // Generate a shortened connection string
    shortenedConnectionStringService, err := shortenedconnectionstring.NewIdsecSIAShortenedConnectionStringService(ispAuth)
    if err != nil {
        panic(err)
    }
    shortenedConnectionString, err := shortenedConnectionStringService.Generate(
        &shortenedconnectionstringmodels.IdsecSIAGenerateShortenedConnectionString{
            RawConnectionString: "jack.sparrow@caribbean.airlines#caribbean-airlines@the.black.pearl.com103639",
        },
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("Shortened Connection String: %s\n", shortenedConnectionString.ShortenedConnectionString)
}

SIA certificate

In this example we authenticate to our ISP tenant and add a certificate: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package main

import (
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/sia"
    certificatesmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/sia/certificates/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }
    siaAPI, err := sia.NewIdsecSIAAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }

    // Add a new certificate
    cert, err := siaAPI.Certificates().AddCertificate(
        &certificatesmodels.IdsecSIACertificatesAddCertificate{
            CertName:        "My New SIA Certificate",
            CertDescription: "Certificate added via SDK example",
            File:            "/path/to/file",
        },
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("Added certificate: %+v\n", cert)
}

pCloud Import Target Platform

In this example we authenticate to our ISP tenant and add a certificate: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package main

import (
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/pcloud"
    targetplatformsmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/pcloud/targetplatforms/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    // Import and get the target platform
    pcloudAPI, err := pcloud.NewIdsecPCloudAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    importedPlatform, err := pcloudAPI.TargetPlatforms().Import(
        &targetplatformsmodels.IdsecPCloudImportTargetPlatform{PlatformZipPath: "/path/to/platform.zip"},
    )
    if err != nil {
        panic(err)
    }
    fmt.Printf("Imported platform: %v\n", importedPlatform)
}

Identity Policy

In this example we authenticate to our ISP tenant and create an authentication profile and policy 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package main

import (
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/identity"
    authprofilesmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/identity/authprofiles/models"
    policymodels "github.com/cyberark/idsec-sdk-golang/pkg/services/identity/policies/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    // Create auth profile
    identityAPI, err := identity.NewIdsecIdentityAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    authProfile, err := identityAPI.AuthProfiles().CreateAuthProfile(&authprofilesmodels.IdsecIdentityCreateAuthProfile{
        AuthProfileName:   "My Auth Profile",
        FirstChallenges:   []string{"UP"},
        SecondChallenges:  []string{"EMAIL"},
        DurationInMinutes: 60,
    })
    if err != nil {
        panic(err)
    }
    policy, err := identityAPI.Policies().CreatePolicy(&policymodels.IdsecIdentityCreatePolicy{
        PolicyName:      "My Identity Policy",
        PolicyStatus:    policymodels.PolicyStatusActive,
        Description:     "This is my identity policy",
        RoleNames:       []string{"Admin", "User"},
        AuthProfileName: authProfile.AuthProfileName,
        Settings: map[string]interface{}{
            "/Core/Authentication/IwaSetKnownEndpoint":  "false",
            "/Core/Authentication/IwaSatisfiesAllMechs": "false",
            "/Core/Authentication/AllowZso":             "true",
            "/Core/Authentication/ZsoSkipChallenge":     "true",
            "/Core/Authentication/ZsoSetKnownEndpoint":  "false",
            "/Core/Authentication/ZsoSatisfiesAllMechs": "false",
        },
    })
    if err != nil {
        panic(err)
    }
    println("Policy created with name:", policy.PolicyName)
}

Identity User Attributes

In this example we authenticate to our ISP tenant and manage user attributes schema, create a user and set its attributes 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package main

import (
    "fmt"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/identity"
    usersmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/identity/users/models"

    "os"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }

    identityAPI, err := identity.NewIdsecIdentityAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    user, err := identityAPI.Users().Create(&usersmodels.IdsecIdentityCreateUser{Username: "myuser"})
    if err != nil {
        panic(err)
    }
    userSchema, err := identityAPI.Users().UpsertAttributesSchema(&usersmodels.IdsecIdentityUpsertUserAttributesSchema{
        Columns: []usersmodels.IdsecIdentityUserAttributesSchemaColumn{
            {Name: "department_attr1", Type: "string", Description: "Department attribute 1"},
            {Name: "location_attr2", Type: "string", Description: "Location attribute 2"},
        },
    })
    if err != nil {
        panic(err)
    }
    userAttributes, err := identityAPI.Users().UpsertAttributes(&usersmodels.IdsecIdentityUpsertUserAttributes{
        UserID: user.UserID,
        Attributes: map[string]string{
            "department_attr1": "engineering",
            "location_attr2":   "NYC",
        },
    })
    if err != nil {
        panic(err)
    }
    fmt.Printf("User Attributes for user %s: %+v\n", user.Username, userAttributes.Attributes)
    fmt.Printf("User: %v\n", user)
    fmt.Printf("User Attributes Schema: %v\n", userSchema)
}

Identity Webapps

OAuth2 Server Webapp

In this example we authenticate to our ISP tenant and import an oauth2 webapp, and update permissions 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
package main

import (
    "encoding/json"
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/common"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/identity"
    webappsmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/identity/webapps/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }
    identityAPI, err := identity.NewIdsecIdentityAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }
    // Import the OAuth Server template and configure it as an example
    app, err := identityAPI.Webapps().Import(
        &webappsmodels.IdsecIdentityImportWebapp{
            IdsecIdentityWebappAppsConfiguration: webappsmodels.IdsecIdentityWebappAppsConfiguration{
                OAuthProfile: &webappsmodels.IdsecIdentityWebappOAuthProfile{ // #nosec G101
                    AllowedAuth: []string{
                        "ClientCreds",
                    },
                    Audience: common.Ptr("company://audience"),
                    Issuer:   common.Ptr("mycompany.com"),
                    KnownScopes: []webappsmodels.IdsecIdentityWebappOAuthScope{
                        {
                            Scope:       "scope1",
                            Description: "Scope 1",
                        },
                    },
                    TokenType:           "JwtRS256",
                    TokenLifetimeString: "0.05:00:00",
                },
            },
            TemplateName: "OAuth2Server",
            WebappName:   common.Ptr("OAuth App"),
            ServiceName:  common.Ptr("app_id"),
        },
    )
    if err != nil {
        panic(err)
    }
    appJson, err := json.MarshalIndent(app, "", "  ")
    if err != nil {
        panic(err)
    }
    fmt.Printf("Imported App Result:\n%s\n", string(appJson))

    // Configure permissions
    perms, err := identityAPI.Webapps().SetPermissions(&webappsmodels.IdsecIdentitySetWebappPermissions{
        WebappID: app.WebappID,
        Grants: []webappsmodels.IdsecIdentityWebappGrant{
            {
                Principal:     "user@cyberark.cloud.12345",
                PrincipalType: "User",
                Rights: []string{
                    webappsmodels.GrantRightAdmin,
                    webappsmodels.GrantRightGrant,
                    webappsmodels.GrantRightView,
                    webappsmodels.GrantRightViewDetail,
                    webappsmodels.GrantRightExecute,
                    webappsmodels.GrantRightAutomatic,
                    webappsmodels.GrantRightDelete,
                },
            },
        },
    })
    if err != nil {
        panic(err)
    }
    permsJson, err := json.MarshalIndent(perms, "", "  ")
    if err != nil {
        panic(err)
    }
    fmt.Printf("Set Permissions Result:\n%s\n", string(permsJson))
}

AWS Webapp

In this example we authenticate to our ISP tenant and import an aws user password webapp, once with normal credentials, and once with credentials coming from pCloud, and update permissions 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
package main

import (
    "encoding/json"
    "fmt"
    "os"

    "github.com/cyberark/idsec-sdk-golang/pkg/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/common"
    authmodels "github.com/cyberark/idsec-sdk-golang/pkg/models/auth"
    "github.com/cyberark/idsec-sdk-golang/pkg/services/identity"
    webappsmodels "github.com/cyberark/idsec-sdk-golang/pkg/services/identity/webapps/models"
)

func main() {
    // Perform authentication using IdsecISPAuth to the platform
    // First, create an ISP authentication class
    // Afterwards, perform the authentication
    ispAuth := auth.NewIdsecISPAuth(false)
    _, err := ispAuth.Authenticate(
        nil,
        &authmodels.IdsecAuthProfile{
            Username:           "user@cyberark.cloud.12345",
            AuthMethod:         authmodels.Identity,
            AuthMethodSettings: &authmodels.IdentityIdsecAuthMethodSettings{},
        },
        &authmodels.IdsecSecret{
            Secret: os.Getenv("IDSEC_SECRET"),
        },
        false,
        false,
    )
    if err != nil {
        panic(err)
    }
    identityAPI, err := identity.NewIdsecIdentityAPI(ispAuth.(*auth.IdsecISPAuth))
    if err != nil {
        panic(err)
    }

    // Get the template and print it out
    template, err := identityAPI.Webapps().GetTemplate(&webappsmodels.IdsecIdentityGetWebappTemplate{
        WebappTemplateName: "Amazon AWS",
    })
    if err != nil {
        panic(err)
    }
    templateJson, err := json.MarshalIndent(template, "", "  ")
    if err != nil {
        panic(err)
    }
    fmt.Printf("Webapp Template:\n%s\n", string(templateJson))

    // Import the template and configure with the AWS Account
    importedWebapp, err := identityAPI.Webapps().Import(&webappsmodels.IdsecIdentityImportWebapp{
        TemplateName: "Amazon AWS",
        WebappName:   common.Ptr("AWS App Normal"),
        Description:  common.Ptr("This is my imported AWS app"),
        IdsecIdentityWebappAppsConfiguration: webappsmodels.IdsecIdentityWebappAppsConfiguration{
            AdditionalIdentifierValue: common.Ptr("123456789234"),
            UserNameStrategy:          common.Ptr("Fixed"),
            Username:                  common.Ptr("awsuser"),
            Password:                  common.Ptr("mypass"),
        },
        IdsecIdentityWebappPolicyConfiguration: webappsmodels.IdsecIdentityWebappPolicyConfiguration{
            WebAppLoginType:    common.Ptr("AuthenticationRule"),
            DefaultAuthProfile: common.Ptr("AlwaysAllowed"),
            AuthRules: &webappsmodels.IdsecIdentityWebappPolicyAuthRule{
                Enabled:   true,
                Type:      "RowSet",
                UniqueKey: "Condition",
                Value: []webappsmodels.IdsecIdentityWebappPolicyAuthRuleConditions{
                    {
                        Conditions: []webappsmodels.IdsecIdentityWebappPolicyAuthRuleCondition{
                            {
                                Op:   common.Ptr("OpInCorpIpRange"),
                                Prop: common.Ptr("IpAddress"),
                            },
                        },
                        ProfileId: common.Ptr("13e3bc1a-6ff7-4b7d-ae90-0ed21d3c393e"),
                    },
                },
            },
        },
    })
    if err != nil {
        panic(err)
    }
    importedWebappJson, err := json.MarshalIndent(importedWebapp, "", "  ")
    if err != nil {
        panic(err)
    }
    fmt.Printf("Imported Webapp:\n%s\n", string(importedWebappJson))

    // Import another template and configure with the AWS Account and Credentials from pCloud
    importedpCloudWebapp, err := identityAPI.Webapps().Import(&webappsmodels.IdsecIdentityImportWebapp{
        TemplateName: "Amazon AWS",
        WebappName:   common.Ptr("AWS App pCloud"),
        Description:  common.Ptr("This is my imported AWS app"),
        IdsecIdentityWebappAppsConfiguration: webappsmodels.IdsecIdentityWebappAppsConfiguration{
            AdditionalIdentifierValue: common.Ptr("123456789234"),
            UserNameStrategy:          common.Ptr("Fixed"),
            Safe:                      common.Ptr("mysafe"),
            AccountName:               common.Ptr("myaccount"),
            ExtAccountId:              common.Ptr("123_456"),
            IsPrivilegedApp:           common.Ptr(true),
        },
        IdsecIdentityWebappPolicyConfiguration: webappsmodels.IdsecIdentityWebappPolicyConfiguration{
            WebAppLoginType:    common.Ptr("AuthenticationRule"),
            DefaultAuthProfile: common.Ptr("AlwaysAllowed"),
            AuthRules: &webappsmodels.IdsecIdentityWebappPolicyAuthRule{
                Enabled:   true,
                Type:      "RowSet",
                UniqueKey: "Condition",
                Value: []webappsmodels.IdsecIdentityWebappPolicyAuthRuleConditions{
                    {
                        Conditions: []webappsmodels.IdsecIdentityWebappPolicyAuthRuleCondition{
                            {
                                Op:   common.Ptr("OpInCorpIpRange"),
                                Prop: common.Ptr("IpAddress"),
                            },
                        },
                        ProfileId: common.Ptr("13e3bc1a-6ff7-4b7d-ae90-0ed21d3c393e"),
                    },
                },
            },
        },
    })
    if err != nil {
        panic(err)
    }
    importedpCloudWebappJson, err := json.MarshalIndent(importedpCloudWebapp, "", "  ")
    if err != nil {
        panic(err)
    }
    fmt.Printf("Imported pCloud Webapp:\n%s\n", string(importedpCloudWebappJson))

    // Configure permissions for Normal AWS App
    perms, err := identityAPI.Webapps().SetPermissions(&webappsmodels.IdsecIdentitySetWebappPermissions{
        WebappID: importedWebapp.WebappID,
        Grants: []webappsmodels.IdsecIdentityWebappGrant{
            {
                Principal:     "user@cyberark.cloud.12345",
                PrincipalType: "User",
                Rights: []string{
                    webappsmodels.GrantRightAdmin,
                    webappsmodels.GrantRightGrant,
                    webappsmodels.GrantRightView,
                    webappsmodels.GrantRightViewDetail,
                    webappsmodels.GrantRightExecute,
                    webappsmodels.GrantRightAutomatic,
                    webappsmodels.GrantRightDelete,
                },
            },
        },
    })
    if err != nil {
        panic(err)
    }
    permsJson, err := json.MarshalIndent(perms, "", "  ")
    if err != nil {
        panic(err)
    }
    fmt.Printf("Set Permissions Result:\n%s\n", string(permsJson))

    // Configure permissions for pCloud AWS App
    pCloudPerms, err := identityAPI.Webapps().SetPermissions(&webappsmodels.IdsecIdentitySetWebappPermissions{
        WebappID: importedpCloudWebapp.WebappID,
        Grants: []webappsmodels.IdsecIdentityWebappGrant{
            {
                Principal:     "user@cyberark.cloud.12345",
                PrincipalType: "User",
                Rights: []string{
                    webappsmodels.GrantRightAdmin,
                    webappsmodels.GrantRightGrant,
                    webappsmodels.GrantRightView,
                    webappsmodels.GrantRightViewDetail,
                    webappsmodels.GrantRightExecute,
                    webappsmodels.GrantRightAutomatic,
                    webappsmodels.GrantRightDelete,
                },
            },
        },
    })
    if err != nil {
        panic(err)
    }
    pCloudPermsJson, err := json.MarshalIndent(pCloudPerms, "", "  ")
    if err != nil {
        panic(err)
    }
    fmt.Printf("Set Permissions pCloud Result:\n%s\n", string(pCloudPermsJson))
}