Enterprise Management Commands

This page gives information of commands related to Enterprise Management functions

Overview

The Enterprise Management Commands in Keeper Commander CLI provide administrators with powerful tools to manage and configure enterprise-level settings. These commands facilitate the administration of users, roles, teams, nodes, and compliance reporting, enabling efficient oversight and control across the organisation.

Commmands

This Section details and exposes following commands

Enterprise Down Command

Download enterprise data to local cache.

DotNet CLI

Command: enterprise-get-data

Example:

My Vault> enterprise-get-data

DotNet SDK

Function: public async Task Load()

public async Task Load()

PowerCommander

Command: Sync-KeeperEnterprise

Flag:

PS> Sync-KeeperEnterprise

Python CLI

Command: enterprise-down

Options:

--reset Reload enterprise data

Example:

My Vault> enterprise-down --reset

Python SDK

Function: enterprise_loader.load()

from keepersdk.enterprise import enterprise_loader

enterprise_loader = enterprise_loader.EnterpriseLoader(KeeperAuth)
enterprise_loader.load()

Audit Log

Export and display the enterprise audit log.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-log

Parameters:

--target - Target for audit log export: json (required)
--record - Keeper record name or UID

Options:

--anonymize - Anonymises audit log by replacing email and user name with corresponding enterprise user id. If user was removed or if user's email was changed then the audit report will show that particular entry as deleted user.
--shared-folder-uid - Filter: Shared Folder UID(s). Overrides existing setting in config record and sets new field value. Can be repeated.
--node-id - Filter: Node ID(s). Overrides existing setting in config record and sets new field value. Can be repeated.
--days - Filter: max event age in days. Overrides existing "last_event_time" value in config record

Example:

My vault> audit-log --target json --record "Audit Log Config" --days 30

Python SDK

Not Supported

Audit Report

Run an audit trail report.

DotNet CLI

Command : audit-report [options]

Options:

--limit <number> - Maximum number of returned events (default: 100)
--order <asc|desc> - Sort order
--created <datetime> - Filter by event creation datetime
--event-type <types> - Comma-separated audit event types
--username <users> - Username(s) of event originator
--to-username <user> - Username of event target
--record-uid <uid> - Record UID
--shared-folder-uid <uid> - Shared folder UID

Event Types: Common audit event types include:

login
logout
record_add
record_update
record_delete

Date Format:

Absolute: YYYY-MM-DD or YYYY-MM-DD HH:MM:SS
Relative: today, yesterday, last_7_days, last_30_days, last_90_days

Example:

# Recent events
audit-report --limit 50
audit-report --limit 100 --order desc

# Filter by user
audit-report --username [email protected] --limit 200
audit-report --to-username [email protected]
# Filter by event type
audit-report --event-type login,logout
audit-report --event-type record_add,record_update,record_delete --limit 500

DotNet SDK

Function: GetAvailableEvents()

public static async Task<AuditEventType[]> GetAvailableEvents(this IAuthentication auth)

Example:

var auditEvents = await context.Enterprise.Auth.GetAvailableEvents();

PowerCommander

Not Implemented

Python CLI

Command: audit-report

Options:

--syntax-help - Display help
--report-type - Report type: raw, dim, hour, day, week, month, span
--report-format - Output format (raw reports only): message (default) or fields
--column - Column name. Can be repeated. (ignored for raw reports)
--aggregate - Aggregated value. Can be repeated. (ignored for raw reports): occurrences, first_created, last_created
--timezone - Return results for specific timezone
--limit - Maximum number of returned rows (set to -1 to get all rows for raw report-type)
--order - Sort order: desc or asc
--created - Filter: Created date. Predefined filters: today, yesterday, last_7_days, last_30_days, month_to_date, last_month, year_to_date, last_year
--event-type - Filter: Audit Event Type. Can be repeated.
--username - Filter: Username of event originator. Can be repeated.
--to-username - Filter: Username of event target. Can be repeated.
--ip-address - Filter: IP Address(es). Can be repeated.
--record-uid - Filter: Record UID. Can be repeated.
--shared-folder-uid - Filter: Shared Folder UID. Can be repeated.
--geo-location - Filter: Geo location
--device-type - Filter: Device type
--format - Output format: json, table, csv
--output - Output filename

Python SDK

Function: execute_audit_report()

raw_report = audit_report.RawAuditReport(KeeperAuth)
raw_report.execute_audit_report()

Report Types

raw: Returns individual events. All event properties are returned.
dim: Returns event property description or distinct values.
hour/day/week/month: Aggregates audit event by created date.
span: Aggregates audit event without date aggregation.

Create-user

The create-user command creates a new enterprise user, assigns them to a node, and can store their credentials in a specified folder. It also supports one-time secure sharing of the credentials.

DotNet CLI

Command:

Flag:

DotNet SDK

Command:

Flag:

PowerCommander

Command:

Flag:

Python CLI

Command: create-user email <Email>

Alias: ecu

Parameters:

email - User email (required)

Options:

--name, --full-name - User name
--node - Node name or node ID
--folder - Folder name or UID to store password record
-v, --verbose - Print verbose information

Example:

My Vault> create-user [email protected] --name "John Doe" --node "Engineering"

Python SDK

Function: create_user()

from keepersdk.enterprise.enterprise_user_management import (
    EnterpriseUserManager,
    CreateUserRequest,
    CreateUserResponse
)

CreateUserResponse response;
user_manager = EnterpriseUserManager(
        loader=context.enterprise_loader,
        auth_context=context.auth
    )
request = CreateUserRequest(
        email=email,
        display_name=display_name,
        node_name=node_name,
        node_id=node_id,
        password_length=password_length,
        suppress_email_invite=suppress_email_invite
    )
 response = user_manager.create_user(request)

PreviousBreachWatch Commands NextEnterprise User Commands

Last updated 13 days ago

Was this helpful?