Enterprise User Commands

Manages individual enterprise users when used by enterprise admin.

Operations:

User add, edit, view, delete user
Actions like lock, unlock, extends, expire
Set user aliases and nodes.

Usage

enterprise-user --command [--options] OR eu command [--options]

Alias: eu

Commands

Command

Description

view

View enterprise user

add

Create enterprise user(s)

edit

Edit enterprise user(s)

delete

Delete enterprise user(s)

action

Enterprise user actions

alias

Manage user aliases

Enterprise User View

This command can be used to view an enterprise user's details

DotNet CLI

Command: enterprise-user view

Parameter : --team Email OR UID

Alias: eu vie

Example:

My Vault> eu view [email protected]

 User Email:  [email protected]
  User Name:  John Doe
    User ID:  894448414228492
     Status:  Active
      Teams:  Engineering Team
              DevOps Team
       Node:  Engineering

My Vault> enterprise-user view 894448414228492

 User Email:  [email protected]
  User Name:  John Doe
    User ID:  894448414228492
     Status:  Active
      Teams:  Engineering Team
              DevOps Team
       Node:  Engineering

DotNet SDK

Functions:

EnterpriseData.GetTeamsForUser

EnterpriseData.TryGetTeam

The following functions together will give all data related to user from enterprise perspective

PowerCommander

Command: Get-KeeperEnterpriseUser

Syntax:

Get-KeeperEnterpriseUser [[-Email] <string>] [[-Filter] <string>] [<CommonParameters>]

Aliases: keu

Parameters:

-Email - User email
-Filter - Search filter

Example:

PS> Get-KeeperEnterpriseUser
OR
# List all users
PS> keu
# Get specific user
PS>Get-KeeperEnterpriseUser -Email "[email protected]"

# Search users
PS> Get-KeeperEnterpriseUser -Filter "admin"

Python CLI

Command: enterprise-user --view

Parameter:

email - User email. Can be repeated. (required)

Flag:

-v, --verbose - Print verbose information
-h, --help show this help message and exit
--format - format of output: {table,json}
--output - path to resulting output file (ignored for "table" format)

Example:

My vault> enterprise-user --view <User email or UID> --output <file-path> --format json

Python SDK

Function:

username = '[email protected]'
enterprise_data = enterprise_types.IEnterpriseData
user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == user_name.lower()]

Enterprise User Add

Create enterprise user(s).

DotNet CLI

Command: enterprise-user invite

Alias: eu invite

Parameter:

Parameter

Description

email

email of the user to add

Example:

My Vault> enterprise-user invite <email>
User [email protected] invited.

My Vault> eu invite <email>
User [email protected] invited.

DotNet SDK

Function: InviteUser(string email, [InviteUserOptions options = null])

Task<KeeperSecurity.Enterprise.EnterpriseUser> EnterpriseData.InviteUser(string email, [InviteUserOptions options = null])

Arguments:

Argument

Type

Required

Description

email

string

Yes

Email address of the user to invite

options

InviteUserOptions

Invitation options (default: null)

Returns:

Task<EnterpriseUser> - A task returning the created EnterpriseUser object

InviteUserOptions Properties:

Property

Type

Description

FullName

string

User's full name

NodeId

long

Node ID where user will be assigned

TeamIds

IEnumerable

List of team IDs to add user to

Example:

var newUser = await context.EnterpriseData.InviteUser("[email protected]");
Console.WriteLine($"Invited user: {newUser.Email}");

PowerCommander

Command: Add-KeeperEnterpriseUser

Parameters:

Parameter

Description

Email

Email address to invite.

Flags:

Flag

Description

-Name

Full name of the user

-Node

Node name or ID where the user will be assigned

-NodeId

Node ID as a long integer (alternative to -Node)

-Emails

Extra email addresses to invite (for batch invitations)

Example:

PS> Add-KeeperEnterpriseUser -Node "Test node" -Email "[email protected]"
User invited: [email protected]

Python CLI

Command: enterprise-user --add

Parameter:

email - User email. Can be repeated. (required)

Flag:

-h, --help show this help message and exit
--parent - Parent node name or ID
--name - Set user full name
--job-title - Set user job title

Example:

My Vault> enterprise-user --add <User email> --name <FULL_NAME> --job-title <JOB_TITLE> --add-role <ADD_ROLE>
User Add: User ID = 1234567

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
users_to_add = [enterprise_management.UserEdit(
            enterprise_user_id=enterprise_loader.get_enterprise_id(), node_id=user_node_id, username=email,
            full_name=full_name, job_title=job_title)
            for email in unique_emails]
batch.modify_users(to_add=users_to_add)
batch.apply()

Enterprise User Edit

Edit enterprise user details like adding and removing roles and teams.

DotNet CLI

DotNet CLI supports team-add and team-remove functionalities

Team-add:

Command: enterprise-user team-add

Alias: eu team-add

Parameters:

Parameter

Description

email

Email address of the user to add to team

--team

Name or UID of the team.

Flags:

Flag

Description

--teamname

Alternative flag for team name

--help

Display help screen

--version

Display version information

Example:

My Vault> enterprise-user team-add [email protected] --team "Developers"
User [email protected] added to team: Developers
# OR using alias
My Vault> eu team-add [email protected] --team "Developers"
User [email protected] added to team: Developers

Team-remove:

Command: enterprise-user team-remove

Alias: eu team-remove

Parameters:

Parameter

Description

email

Email address of the user to remove from team.

--team

Name or UID of the team.

Flags:

Flag

Description

--teamname

Alternative flag for team name

--help

Display help screen

--version

Display version information

Example:

My Vault> enterprise-user team-remove [email protected] --team "Developers"
User [email protected] removed from team: Developers

# OR

My Vault> eu team-remove [email protected] --team "Developers"
User [email protected] removed from team: Developers

DotNet SDK

AddUsersToTeams:

Add one or more active users to one or more teams programmatically using the .NET SDK. This method works only for users with "Active" status. For non-active users (Invited, Locked), use QueueUserToTeam instead.

Function:

Task AddUsersToTeams(string[] emails, string[] teamUids, Action<string> warnings = null);

Arguments:

Argument

Type

Required

Description

emails

string[]

Yes

Array of user email addresses to add to teams

teamUids

string[]

Yes

Array of team UIDs to add users to

warnings

Action

Optional callback to receive warning messages (default: null)

Returns:

Task - A task that completes when all users are added to all teams

Example:

var emails = new[] { "[email protected]" };
var teamUids = new[] { "ABC123XYZ456" };

await context.EnterpriseData.AddUsersToTeams(emails, teamUids);
Console.WriteLine("User added to team successfully");

QueueUserToTeam:

Queue a non-active user (Invited or Locked status) to be added to a team. The user will be added to the team automatically when their account becomes active. Use this for users who haven't accepted their invitation yet or whose accounts are locked.

Function:

Task QueueUserToTeam(long enterpriseUserId, string teamUid);

Arguments:

Argument

Type

Required

Description

enterpriseUserId

long

Yes

Enterprise user ID of the non-active user

teamUid

string

Yes

UID of the team to queue the user for

Returns:

Task - A task that completes when the user is queued for the team

Example:

var user = context.EnterpriseData.Users
    .FirstOrDefault(u => u.Email == "[email protected]");

if (user != null && user.Status != "Active")
{
    await context.EnterpriseData.QueueUserToTeam(user.Id, "TEAM_UID_123");
    Console.WriteLine($"User queued for team (Status: {user.Status})");
}

RemoveUsersFromTeams:

Remove one or more users from one or more teams programmatically using the .NET SDK. This operation removes team membership but does not delete user accounts or affect other teams the users belong to.

Function:

Task RemoveUsersFromTeams(string[] emails, string[] teamUids, Action<string> warnings = null);

Arguments:

Argument

Type

Required

Description

emails

string[]

Yes

Array of user email addresses to remove from teams

teamUids

string[]

Yes

Array of team UIDs to remove users from

warnings

Action

Optional callback to receive warning messages (default: null)

Returns:

Task - A task that completes when all users are removed from all teams

Example:

var emails = new[] { "[email protected]" };
var teamUids = new[] { "ABC123XYZ456" };

await context.EnterpriseData.RemoveUsersFromTeams(emails, teamUids);
Console.WriteLine("User removed from team successfully");

PowerCommander

Command: Coming Soon

Python CLI

Command: enterprise-user --edit

Parameter:

email - User email or UID. Can be repeated. (required)

Flag:

-h, --help show this help message and exit
--parent - Parent node name or UID
--name - Set user full name
--job-title - Set user job title
--add-role - Role name or role ID.
--remove-role - Role name or role ID.
--add-team - Team name or team UID.
--remove-team - Team name or team UID.
-hsf, --hide-shared-folders - User does not see shared folders. --add-team
- only: {on,off}

Example:

My Vault> enterprise-user --edit <User email> --name <FULL_NAME> --job-title <JOB_TITLE> --add-role <ADD_ROLE> -hsf on

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

batch = batch_management.BatchManagement(loader=context.enterprise_loader, logger=self)

user = enterprise_data.users.get_entity('user_name')
users = [user]
users_to_update = [enterprise_management.UserEdit(
                enterprise_user_id=user.enterprise_user_id, node_id=parent_node_id, full_name=full_name, job_title=job_title)
                for user in users]
batch.modify_users(to_update=users_to_update)
batch.apply()

Enterprise User Delete

Delete users from enterprise.

DotNet CLI

Command: enterprise-user delete <email>

Alias :eu delete <email>

Parameter:

email Email ID (required)

Options:

--yes - Skip confirmation prompt (for delete)

Example:

My Vault> eneterprise-user delete [email protected]
# Skip confirmation
eu delete [email protected] --yes

DotNet SDK

Function: DeleteUser

Task DeleteUser(EnterpriseUser user);

PowerCommander

Command: Remove-KeeperEnterpriseUser OR delete-user

Parameters:

-User - User email (required)
-Force - Skip confirmation

Example:

PS> Remove-KeeperEnterpriseUser -User<user email> 
OR
delete-user "[email protected]" -Force

Python CLI

Command: enterprise-user --delete

Parameter:

email - User email or UID. Can be repeated. (required)

Flag:

-h, --help show this help message and exit
-f, --force - Do not prompt for confirmation

Example:

My Vault>enterprise-user --delete <User_Email OR UID> -f

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

user = enterprise_data.users.get_entity('user_name')
users = [user]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
users_to_delete = [enterprise_management.UserEdit(enterprise_user_id=user.enterprise_user_id) for user in users]
batch.modify_users(to_remove=users_to_delete)
batch.apply()

Enterprise User Action

Enterprise user actions like lock and unlocking can be performed using this command.

DotNet CLI

Command: enterprise-user <action> user_email

Examples:

Lock User:

My Vault> enterprise-user lock [email protected] OR eu lock [email protected]

Unlock User:

My Vault> enterprise-user unlock [email protected] OR eu enterprise-user unlock [email protected]

DotNet SDK

Function: SetUserLocked

Task<EnterpriseUser> SetUserLocked(EnterpriseUser user, bool locked);

if locked is set to true, then user will be locked, else user will unlock.

Example:

var user = await context.EnterpriseData.SetUserLocked(singleUser, arguments.Command == "lock");

PowerCommander

Command: Lock-KeeperEnterpriseUser or Unlock-KeeperEnterpriseUser

Aliases: lock-user, unlock-user

Parameter: -User -User email

PS> Unlock-KeeperEnterpriseUser -User [email protected]
unlock-user "[email protected]"

Lock-KeeperEnterpriseUser -User "[email protected]"
lock-user "[email protected]"

Command: Move-KeeperEnterpriseUser

Transfer user to different node

Aliases: transfer-user

Syntax:

Move-KeeperEnterpriseUser [-Email] <string> [-NodeId] <long> [<CommonParameters>]

Parameters:

-Email - User email (required)
-NodeId - Destination node ID (required)

Examples:

Move-KeeperEnterpriseUser -Email "[email protected]" -NodeId 12345
transfer-user "[email protected]" 12345

Python CLI

Command: enterprise-user --action

Parameter:

email - User email or ID. (required)

Flag:

-h, --help - Show this help message and exit
--expire - Expire master password
--extend - Extend vault transfer consent by 7 days. Supports the following pseudo users: @all
--lock - Lock user
--unlock - Unlock user
--disable-2fa - Disable 2fa for user

Example:

My Vault> enterprise-user --action <User_Email OR UID> --expire

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

user = enterprise_data.users.get_entity('user_name')
users = [user]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
if expire_password:
    batch.user_actions(to_expire_password=[user.enterprise_user_id for user in users])
elif extend_transfer:
    batch.user_actions(to_extend_transfer=[user.enterprise_user_id for user in users])
elif lock_user:
    batch.user_actions(to_lock=[user.enterprise_user_id for user in users])
elif unlock_user:
    batch.user_actions(to_unlock=[user.enterprise_user_id for user in users])
elif disable_2fa:
    batch.user_actions(to_disable_tfa=[user.enterprise_user_id for user in users])
else:
    return

batch.apply()

Enterprise User Alias

Manage user aliases by either adding or removing aliases.

DotNet CLI

Command: enterprise-user <action> username --alias="<alias>" OR eu <action> username --alias="<alias>"

Parameter:

email - User email or ID.

Examples:

Add-Alias:

My Vault> eu alias-add [email protected] --alias "[email protected]"

Alias-Remove:

My Vault> eu alias-remove [email protected] --alias "[email protected]"

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: enterprise-user alias

Parameter:

email - User email or ID (required)

Flag:

--add-alias - Adds user alias
--remove-alias - Removes user alias

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

user = enterprise_data.users.get_entity('user_name')
aliases = enterprise_data.user_aliases.get_links_by_subject(user.enterprise_user_id)
add_user = 'email_to_add_as_alias'
if user.username == add_user:
    logging.error(f'User "%s" alias already exists', add_user)
has_alias = any((True for alias in aliases if alias.username == add_user))
if has_alias:
    alias_rq = APIRequest_pb2.EnterpriseUserAliasRequest()
    alias_rq.enterpriseUserId = user.enterprise_user_id
    alias_rq.alias = add_user
    KeeperAuth.execute_auth_rest('enterprise/enterprise_user_set_primary_alias', alias_rq)
else:
    alias_request = APIRequest_pb2.EnterpriseUserAddAliasRequest()
    alias_request.enterpriseUserId = user.enterprise_user_id
    alias_request.alias = add_user
    alias_request.primary = True
    add_rs = KeeperAuth.execute_auth_rest(
        'enterprise/enterprise_user_add_alias', alias_request, response_type=APIRequest_pb2.EnterpriseUserAddAliasResponse)

Enterprise User Resend Invite

This command/function helps to resend invite to an inactive user.

DotNet CLI

Command: enterprise-user <action> username OR eu <action> username

Parameter:

email - User email or ID.

Examples:

My Vault> eu resend-invite "[email protected]"

Reference:

Commander Reference

DotNet SDK

Enterprise User Resend Invite:

Function: ResendEnterpriseInvite

Usage:

 public async Task ResendEnterpriseInvite(EnterpriseUser enterpriseUser)

Parameters:

Description

enterpriseUser

EnterpriseUser object representing the user

Example:

await EnterpriseManagementExamples.EnterpriseUserExamples.UserExamples.ResendEnterpriseInviteExample("[email protected]");

Reference:

Commander Reference

PowerCommander

Command:Resend-KeeperEnterpriseInvite

Flags:

Parameter

User

User who needs to be sent invite again.

Example:

PS> Resend-KeeperEnterpriseInvite -User "[email protected]"      
Invite for [email protected] resent.


PS> Resend-KeeperEnterpriseInvite -User [email protected]                        
Resend-KeeperEnterpriseInvite: User has already accepted invitation. Only inactive users can have invitations resent.

Reference:

Commander Reference

Python CLI

Comming Soon

Reference:

Commander Reference

Python SDK

Comming Soon

Reference:

Commander Reference

Enterprise User Set Master Password Expire

This command/function sets the master password expiration and forces the user to set a new password.

DotNet CLI

Command: enterprise-user <action> username OR eu <action> username

Parameter:

email - User email or ID.

Examples:

My Vault> eu set-master-password-expire "[email protected]"

Reference:

Commander Reference

DotNet SDK

Enterprise User Set Master Password Expire:

Function: SetMasterPasswordExpire

Usage:

 public async Task SetMasterPasswordExpire(string email)

Parameters:

Description

email

Give user email

Example:

await EnterpriseManagementExamples.EnterpriseUserExamples.UserExamples.SetMasterPasswordExpireExample("[email protected]");

Reference:

Commander Reference

PowerCommander

Command: Set-KeeperEnterpriseUserMasterPasswordExpire

Flags:

Parameter

Description

User

User whose password needs to be expired.

Example:

PS> Set-KeeperEnterpriseUserMasterPasswordExpire -User [email protected]                                  
Master password expiration set for [email protected]

Reference:

Commander Reference

Python CLI

Comming Soon

Reference:

Commander Reference

Python SDK

Comming Soon

Reference:

Commander Reference

Enterprise Team User Update

This command/function is used to update the usertype in a team

DotNet CLI

Command: enterprise-user <action> username --team=<team_name> --user-type=<user_type>

Parameter:

email - User email or ID.

team - Team name or ID

user-type - 0=user, 1=admin, 2=admin_only (means he wont see the shared folders but can add users to the team)

Examples:

My Vault> eu team-user-update "[email protected]" --team="T2" --user-type=0

Reference:

Commander Reference

DotNet SDK

Enterprise Team User Update:

Function: TeamEnterpriseUserUpdate

Usage:

 public async Task TeamEnterpriseUserUpdate(EnterpriseTeam enterpriseTeam, EnterpriseUser enterpriseUser, int userType)

Parameters:

Description

enterpriseTeam

EnterpriseTeam object representing the team

enterpriseUser

EnterpriseUser object representing the user

userType

0=user, 1=admin, 2=admin_only (means he wont see the shared folders but can add users to the team)

Example:

await EnterpriseManagementExamples.EnterpriseUserExamples.UserExamples.TeamEnterpriseUserUpdateExample("jTiPyIP4NmPiyAVv2oKFpw", "[email protected]", 0);

Reference:

Commander Reference

PowerCommander

Command: Update-KeeperEnterpriseTeamUser

Flags:

Parameter

Description

User

Updates enterprise user information.

Team

Team name or UID

UserType

User type: 0, 1, or 2 0 - User (Normal User) 1 - Administrator 2 - Administrator Only

Example:

PS > Update-KeeperEnterpriseTeamUser -Team PCTTeam -User [email protected] -UserType 1                     
Team user [email protected] updated

Reference:

Commander Reference

Python CLI

Comming Soon

Reference:

Commander Reference

Python SDK

Comming Soon

Reference:

Commander Reference

Enterprise User Update

This command/function is used to update the user like display name, job title

DotNet CLI

Command: enterprise-user <action> username --node=<node_name> --name=<display_name> --job-title=<title> --invitee-locale=<location_name>

Parameter:

email - User email or ID.

node - New node name or ID.

name - New user display name.

job-title - New job title.

invitee-locale - New location.

Examples:

My Vault> eu user-update "[email protected]" --node="Test" --name="T122" --job-title="T-Engineer" --invitee-locale="en-US"

Reference:

Commander Reference

DotNet SDK

Enterprise User Update:

Function: EnterpriseUserUpdate

Usage:

public async Task<EnterpriseUser> EnterpriseUserUpdate(EnterpriseUser enterpriseUser, long? nodeId = null, string fullName = null, string jobTitle = null, string inviteeLocale = null)

Parameters:

Description

enterpriseUser

EnterpriseUser object representing the user

nodeId

Enter Node Id or name

fullName

Enter display name

jobTitle

Enter job title name

inviteeLocale

one of the 21 locales that we support. Default is en_US.

Example:

await EnterpriseManagementExamples.EnterpriseUserExamples.UserExamples.EnterpriseUserUpdateExample("[email protected]", 70411693850884, "TestUser1", "Test Engineer", "en-US");

Reference:

Commander Reference

PowerCommander

Command: Update-KeeperEnterpriseUser

Flags:

Parameter

Required

Description

User

True

Updates enterprise user information.

Node

False

Node name or ID

FullName

False

User's full name

JobTitle

False

User's job title

InviteeLocale

False

User's locale for invitations

Example:

PS> Update-KeeperEnterpriseUser -User [email protected] -Node PCTNode -FullName "some new name" -JobTitle "ÄBC" -InviteeLocale US
User [email protected] updated

Id             DisplayName   Email                   UserStatus NodeName TransferStatus 2FA
--             -----------   -----                   ---------- -------- -------------- ---
70411693853031 some new name [email protected] Active     PCTNode       Yes       No

Reference:

Commander Reference

Python CLI

Comming Soon

Reference:

Commander Reference

Python SDK

Comming Soon

Reference:

Commander Reference

PreviousEnterprise Management Commands NextEnterprise Node Commands

Last updated 13 days ago

Was this helpful?

hashtagOperations:

hashtagUsage

hashtagCommands

hashtagEnterprise User View

hashtagEnterprise User Add

hashtagEnterprise User Edit

hashtagEnterprise User Delete

hashtagEnterprise User Action

hashtagEnterprise User Alias

hashtagEnterprise User Resend Invite

hashtagEnterprise User Set Master Password Expire

hashtagEnterprise Team User Update

hashtagEnterprise User Update

Operations:

Usage

Commands

Enterprise User View

Enterprise User Add

Enterprise User Edit

Enterprise User Delete

Enterprise User Action

Enterprise User Alias

Enterprise User Resend Invite

Enterprise User Set Master Password Expire

Enterprise Team User Update

Enterprise User Update