privileged_remote_access#

The following methods allow for interaction with the ZPA Privileged Remote Access API endpoints.

Methods are accessible via zpa.privileged_remote_access

class PrivilegedRemoteAccessAPI#

Bases: object

add_approval(email_ids, application_ids, start_time, end_time, status, working_hours, **kwargs)#

Add a privileged remote access approval.

Parameters:

  • email_ids (list) – The email addresses of the users that you are assigning the privileged approval to.

  • application_ids (list of str) – A list of unique identifiers for the associated application segment ids.

  • start_time (str) – The start timestamp in UNIX format for when the approval begins.

  • end_time (str) – The end timestamp in UNIX format for when the approval ends.

  • status (str) – The status of the privileged approval. Supported values are: INVALID, ACTIVE, FUTURE, EXPIRED.

  • working_hours (dict) – Dictionary containing details of working hours.

Keyword Arguments:

payload. (Any additional optional parameters that can be included in the) –

Returns:

The resource record for the newly created approval.

Return type:

Box

Examples

Create a PRA approval with the minimum required parameters and working hours:

>>> zpa.privileged_remote_access.add_approval(
...   email_ids=['jdoe@example.com'],
...   application_ids=['999999999'],
...   start_time='1712856502',
...   end_time='1714498102',
...   status='ACTIVE',
...   working_hours={
...       "start_time_cron": "0 0 16 ? * SUN,MON,TUE,WED,THU,FRI,SAT",
...       "end_time_cron": "0 0 0 ? * MON,TUE,WED,THU,FRI,SAT,SUN",
...       "start_time": "09:00",
...       "end_time": "17:00",
...       "days": ["SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT"],
...       "time_zone": "America/Vancouver"
...   }
... )
add_bulk_console(consoles)#

Adds a list of Privileged Remote Access (PRA) consoles in bulk.

Parameters:

consoles (List[Dict[str, Any]]) – A list of dictionaries where each dictionary contains details of a PRA console to be added. Required keys in each dictionary include ‘name’, ‘pra_application_id’, and ‘pra_portal_ids’. Optionally, ‘enabled’ and ‘description’ can also be included.

Returns:

A Box object containing the details of the newly created consoles.

Return type:

Box

Examples

>>> zpa.privileged_remote_access.add_bulk_console([
...     {
...         'name': 'PRA Console Example 1',
...         'pra_application_id': '999999999',
...         'pra_portal_ids': ['999999998'],
...         'description': 'PRA Console Description 1',
...         'enabled': True
...     },
...     {
...         'name': 'PRA Console Example 2',
...         'pra_application_id': '999999999',
...         'pra_portal_ids': ['999999997'],
...         'description': 'PRA Console Description 2',
...         'enabled': True
...     }
... ])
add_console(name, pra_application_id, pra_portal_ids, enabled=True, **kwargs)#

Adds a new Privileged Remote Access (PRA) console.

Parameters:

  • name (str) – The name of the PRA console.

  • pra_application_id (str) – The unique identifier of the associated PRA application.

  • pra_portal_ids (list of str) – A list of unique identifiers for the associated PRA portals.

  • enabled (bool, optional) – Indicates whether the console is enabled. Defaults to True.

Keyword Arguments:

description (str, optional) – A description for the PRA console.

Returns:

A Box object containing the details of the newly created console.

Return type:

Box

Examples

>>> zpa.privileged_remote_access.add_console(
...     name='PRA Console Example',
...     pra_application_id='999999999',
...     pra_portal_ids=['999999999'],
...     description='PRA Console Description',
...     enabled=True
... )
add_credential(name, credential_type, username=None, password=None, private_key=None, **kwargs)#

Validates input based on credential_type and adds a new credential.

add_portal(name, certificate_id, domain, enabled=True, user_notification_enabled=True, **kwargs)#

Add a privileged remote access portal.

Parameters:

  • name (str) – The name of the privileged portal.

  • enabled (bool) – Whether or not the privileged portal is enabled. Default is True.

  • certificate_id (bool) – The unique identifier of the certificate.

  • domain (str) – The domain of the privileged portal.

  • **kwargs – Optional keyword args.

Keyword Arguments:

  • description (str) – The description of the privileged portal.

  • user_notification (str) – The notification message displayed in the banner of the privileged portallink, if enabled.

  • user_notification_enabled (bool) – Indicates if the Notification Banner is enabled (true) or disabled (false)

Returns:

The resource record for the newly created portal.

Return type:

Box

Examples

Create a pra portal with the minimum required parameters:

>>> zpa.privileged_remote_access.add_portal(
...   name='PRA Portal Example',
...   certificate_id='123456789',
...   user_notification_enabled=True)
delete_approval(approval_id)#

Delete the specified pra approval.

Parameters:

approval_id (str) – The unique identifier for the approval to be deleted.

Returns:

The response code for the operation.

Return type:

int

Examples

>>> zpa.privileged_remote_access.delete_approval('99999')
delete_console(console_id)#

Delete the specified pra console.

Parameters:

console_id (str) – The unique identifier for the console to be deleted.

Returns:

The response code for the operation.

Return type:

int

Examples

>>> zpa.privileged_remote_access.delete_console('99999')
delete_credential(credential_id)#

Delete the specified pra credential.

Parameters:

credential_id (str) – The unique identifier for the credential to be deleted.

Returns:

The response code for the operation.

Return type:

int

Examples

>>> zpa.privileged_remote_access.delete_credential('99999')
delete_portal(portal_id)#

Delete the specified pra portal.

Parameters:

portal_id (str) – The unique identifier for the portal to be deleted.

Returns:

The response code for the operation.

Return type:

int

Examples

>>> zpa.privileged_remote_access.delete_portal('99999')
expired_approval()#

Deletes all expired privileged approvals.

Returns:

The response code for the operation.

Return type:

int

Examples

>>> zpa.privileged_remote_access.expired_approval('99999')
get_approval(approval_id)#

Returns information on the specified pra approval.

Parameters:

approval_id (str) – The unique identifier for the pra approval.

Returns:

The resource record for the pra approval.

Return type:

Box

Examples

>>> pprint(zpa.privileged_remote_access.get_approval('99999'))
get_console(console_id)#

Returns information on the specified pra console.

Parameters:

console_id (str) – The unique identifier for the pra console.

Returns:

The resource record for the pra console.

Return type:

Box

Examples

>>> pprint(zpa.privileged_remote_access.get_console('99999'))
get_console_portal(portal_id)#

Returns information on the specified pra console of the privileged portal.

Parameters:

portal_id (str) – The unique identifier of the privileged portal.

Returns:

The resource record for the privileged portal.

Return type:

Box

Examples

>>> pprint(zpa.privileged_remote_access.get_console_portal('99999'))
get_credential(credential_id)#

Returns information on the specified pra credential.

Parameters:

credential_id (str) – The unique identifier for the pra credential.

Returns:

The resource record for the pra credential.

Return type:

Box

Examples

>>> pprint(zpa.privileged_remote_access.get_credential('99999'))
get_portal(portal_id)#

Returns information on the specified pra portal.

Parameters:

portal_id (str) – The unique identifier for the pra portal.

Returns:

The resource record for the pra portal.

Return type:

Box

Examples

>>> pprint(zpa.privileged_remote_access.get_portal('99999'))
list_approval(**kwargs)#

Returns a list of all privileged remote access approvals.

Keyword Arguments:

  • max_items (int) – The maximum number of items to request before stopping iteration.

  • max_pages (int) – The maximum number of pages to request before stopping iteration.

  • pagesize (int) – Specifies the page size. Default is 20, maximum is 500.

  • search (str, optional) – The search string used to match against features and fields.

  • search_field (str, optional) – The field to search against. Defaults to ‘name’. Commonly used fields include ‘name’ and ‘email_ids’.

Returns:

A list of all configured privileged remote access approvals.

Return type:

BoxList

Examples

Search by default field ‘name’:

>>> for pra_approval in zpa.privileged_remote_access.list_approval(
...     search='Example_Name'):
...     pprint(pra_approval)

Search by ‘email_ids’:

>>> for approval in zpa.privileged_remote_access.list_approval(
...     search='jdoe@example.com', search_field='email_ids'):
...     pprint(approval)

Specify maximum items and use an explicit search field:

>>> approvals = zpa.privileged_remote_access.list_approval(
...     search='Example_Name', search_field='name', max_items=10)
... for approval in approvals:
...     pprint(approval)
list_consoles(**kwargs)#

Returns a list of all privileged remote access consoles.

Keyword Arguments:

  • **max_items (int) – The maximum number of items to request before stopping iteration.

  • **max_pages (int) – The maximum number of pages to request before stopping iteration.

  • **pagesize (int) – Specifies the page size. The default size is 20, but the maximum size is 500.

  • **search (str, optional) – The search string used to match against features and fields.

Returns:

A list of all configured privileged remote access consoles.

Return type:

BoxList

Examples

>>> for pra_console in zpa.privileged_remote_access.list_consoles():
...    pprint(pra_console)
list_credentials(**kwargs)#

Returns a list of all privileged remote access credentials.

Keyword Arguments:

  • **max_items (int) – The maximum number of items to request before stopping iteration.

  • **max_pages (int) – The maximum number of pages to request before stopping iteration.

  • **pagesize (int) – Specifies the page size. The default size is 20, but the maximum size is 500.

  • **search (str, optional) – The search string used to match against features and fields.

Returns:

A list of all configured privileged remote access credentials.

Return type:

BoxList

Examples

>>> for pra_credential in zpa.privileged_remote_access.list_credentials():
...    pprint(pra_credential)
list_portals(**kwargs)#

Returns a list of all privileged remote access portals.

Keyword Arguments:

  • **max_items (int) – The maximum number of items to request before stopping iteration.

  • **max_pages (int) – The maximum number of pages to request before stopping iteration.

  • **pagesize (int) – Specifies the page size. The default size is 20, but the maximum size is 500.

  • **search (str, optional) – The search string used to match against features and fields.

Returns:

A list of all configured privileged remote access portals.

Return type:

BoxList

Examples

>>> for pra_portal in zpa.privileged_remote_access.list_portals():
...    pprint(pra_portal)
update_approval(approval_id, **kwargs)#

Updates a specified approval based on provided keyword arguments. …

update_console(console_id, pra_application_id=None, pra_portal_ids=None, **kwargs)#

Updates the specified PRA console. All the attributes are required by the API.

Parameters:

console_id (str) – The unique identifier of the console being updated.

Keyword Arguments:

  • name (str) – The new name of the PRA console.

  • description (str) – The new description of the PRA console.

  • enabled (bool) – Indicates whether the console should be enabled.

  • pra_application_id (str) – The unique identifier of the associated PRA application to be linked with the console.

  • pra_portal_ids (list of str) – List of unique IDs for the associated PRA portals to be linked with the console.

Returns:

A Box object containing the details of the updated console.

Return type:

Box

Examples

>>> zpa.privileged_remote_access.update_console(
...     console_id='99999',
...     name='Updated PRA Console',
...     description='Updated Description',
...     enabled=True,
...     pra_application_id='999999999',
...     pra_portal_ids=['999999999']
... )
update_credential(credential_id, **kwargs)#

Updates a specified credential based on provided keyword arguments.

Parameters:

credential_id (str) – The unique identifier for the credential being updated.

Keyword Arguments:

  • to (All attributes of the credential that can be updated including but not limited) –

  • username (-) – Username for ‘USERNAME_PASSWORD’ and ‘SSH_KEY’ types.

  • password (-) – Password for ‘USERNAME_PASSWORD’ and ‘PASSWORD’ types.

  • private_key (-) – SSH private key for ‘SSH_KEY’ type.

  • description (-) – Description of the credential.

  • user_domain (-) – Domain associated with the username.

  • passphrase (-) – Passphrase for the SSH private key, applicable only for ‘SSH_KEY’.

Returns:

The resource record for the updated credential.

Return type:

Box

Raises:

Exception – If fetching the credential fails or the required parameters are missing based on the credential type.

Examples

Update a USERNAME_PASSWORD credential: >>> zpa.privileged_remote_access.update_credential( … credential_id=’2223’, … username=’jdoe’, … name=’John Doe’, … credential_type=’USERNAME_PASSWORD’, … password=’******’, … description=’Updated credential description’ … )

update_portal(portal_id, **kwargs)#

Updates the specified pra portal.

Parameters:

  • portal_id (str) – The unique identifier for the portal being updated.

  • **kwargs – Optional keyword args.

Keyword Arguments:

  • name (str) – The name of the privileged portal.

  • description (str) – The description of the privileged portal.

  • enabled (bool) – Whether or not the privileged portal is enabled. Default is True

  • certificate_id (bool) – Whether or not The unique identifier of the certificate.

  • domain (str) – The domain of the privileged portal.

  • user_notification (str) – The notification message displayed in the banner of the privileged portallink, if enabled.

  • user_notification_enabled (bool) – Indicates if the Notification Banner is enabled (true) or disabled (false)

Returns:

The resource record for the updated portal.

Return type:

Box

Examples

Update the name of a portal:

>>> zpa.privileged_remote_access.update_portal(
...   '99999',
...   name='Updated PRA Portal')

Update the pra portal:

>>> zpa.privileged_remote_access.update_portal(
...    '99999',
...    name='Updated PRA Portal')