Enterprise User Commands

Manages individual enterprise users when used by enterprise admin.

Operations:

User add, edit, view, delete user
Actions like lock, unlock, extends, expire
Set user aliases and nodes.

Usage

enterprise-user command [--options] OR eu command [--options]

Alias: eu

Commands

Command

Description

view

View enterprise user

add

Create enterprise user(s)

edit

Edit enterprise user(s)

delete

Delete enterprise user(s)

action

Enterprise user actions

alias

Manage user aliases

Enterprise User View

This command can be used to view an enterprise user's details

DotNet CLI

Command: enterprise-user view

Parameter : --team Email OR UID

Alias: eu vie

Example:

My Vault> eu view [email protected]

 User Email:  [email protected]
  User Name:  John Doe
    User ID:  894448414228492
     Status:  Active
      Teams:  Engineering Team
              DevOps Team
       Node:  Engineering

My Vault> enterprise-user view 894448414228492

 User Email:  [email protected]
  User Name:  John Doe
    User ID:  894448414228492
     Status:  Active
      Teams:  Engineering Team
              DevOps Team
       Node:  Engineering

DotNet SDK

Functions:

EnterpriseData.GetTeamsForUser

EnterpriseData.TryGetTeam

The following functions together will give all data related to user from enterprise perspective

PowerCommander

Command: Get-KeeperEnterpriseUser

Syntax:

Get-KeeperEnterpriseUser [[-Email] <string>] [[-Filter] <string>] [<CommonParameters>]

Aliases: keu

Parameters:

-Email - User email
-Filter - Search filter

Example:

PS> Get-KeeperEnterpriseUser
OR
# List all users
PS> keu
# Get specific user
PS>Get-KeeperEnterpriseUser -Email "[email protected]"

# Search users
PS> Get-KeeperEnterpriseUser -Filter "admin"

Python CLI

Command: enterprise-user view

Parameter:

email - User email. Can be repeated. (required)

Flag:

-v, --verbose - Print verbose information
-h, --help show this help message and exit
--format - format of output: {table,json}
--output - path to resulting output file (ignored for "table" format)

Example:

My vault> enterprise-user view <User email or UID> --output <file-path> --format json

Python SDK

Function:

username = '[email protected]'
enterprise_data = enterprise_types.IEnterpriseData
user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == user_name.lower()]

Enterprise User Add

Create enterprise user(s).

DotNet CLI

Command: enterprise-user invite

Alias: eu invite

Parameter:

Parameter

Description

email

email of the user to add

Example:

My Vault> enterprise-user invite <email>
User [email protected] invited.

My Vault> eu invite <email>
User [email protected] invited.

DotNet SDK

Function: InviteUser(string email, [InviteUserOptions options = null])

Task<KeeperSecurity.Enterprise.EnterpriseUser> EnterpriseData.InviteUser(string email, [InviteUserOptions options = null])

Arguments:

Argument

Type

Required

Description

email

string

Yes

Email address of the user to invite

options

InviteUserOptions

Invitation options (default: null)

Returns:

Task<EnterpriseUser> - A task returning the created EnterpriseUser object

InviteUserOptions Properties:

Property

Type

Description

FullName

string

User's full name

NodeId

long

Node ID where user will be assigned

TeamIds

IEnumerable

List of team IDs to add user to

Example:

var newUser = await context.EnterpriseData.InviteUser("[email protected]");
Console.WriteLine($"Invited user: {newUser.Email}");

PowerCommander

Command: Add-KeeperEnterpriseUser

Parameters:

Parameter

Description

Email

Email address to invite.

Flags:

Flag

Description

-Name

Full name of the user

-Node

Node name or ID where the user will be assigned

-NodeId

Node ID as a long integer (alternative to -Node)

-Emails

Extra email addresses to invite (for batch invitations)

Example:

PS> Add-KeeperEnterpriseUser -Node "Test node" -Email "[email protected]"
User invited: [email protected]

Python CLI

Command: enterprise-user add

Parameter:

email - User email. Can be repeated. (required)

Flag:

-h, --help show this help message and exit
--parent - Parent node name or ID
--full-name - Set user full name
--job-title - Set user job title

Example:

My Vault> enterprise-user add <User email> --full-name <FULL_NAME> --job-title <JOB_TITLE> --add-role <ADD_ROLE>
User Add: User ID = 1234567

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
users_to_add = [enterprise_management.UserEdit(
            enterprise_user_id=enterprise_loader.get_enterprise_id(), node_id=user_node_id, username=email,
            full_name=full_name, job_title=job_title)
            for email in unique_emails]
batch.modify_users(to_add=users_to_add)
batch.apply()

Enterprise User Edit

Edit enterprise user details like adding and removing roles and teams.

DotNet CLI

DotNet CLI supports team-add and team-remove functionalities

Team-add:

Command: enterprise-user team-add

Alias: eu team-add

Parameters:

Parameter

Description

email

Email address of the user to add to team

--team

Name or UID of the team.

Flags:

Flag

Description

--teamname

Alternative flag for team name

--help

Display help screen

--version

Display version information

Example:

My Vault> enterprise-user team-add [email protected] --team "Developers"
User [email protected] added to team: Developers
# OR using alias
My Vault> eu team-add [email protected] --team "Developers"
User [email protected] added to team: Developers

Team-remove:

Command: enterprise-user team-remove

Alias: eu team-remove

Parameters:

Parameter

Description

email

Email address of the user to remove from team.

--team

Name or UID of the team.

Flags:

Flag

Description

--teamname

Alternative flag for team name

--help

Display help screen

--version

Display version information

Example:

My Vault> enterprise-user team-remove [email protected] --team "Developers"
User [email protected] removed from team: Developers

# OR

My Vault> eu team-remove [email protected] --team "Developers"
User [email protected] removed from team: Developers

DotNet SDK

AddUsersToTeams:

Add one or more active users to one or more teams programmatically using the .NET SDK. This method works only for users with "Active" status. For non-active users (Invited, Locked), use QueueUserToTeam instead.

Function:

Task AddUsersToTeams(string[] emails, string[] teamUids, Action<string> warnings = null);

Arguments:

Argument

Type

Required

Description

emails

string[]

Yes

Array of user email addresses to add to teams

teamUids

string[]

Yes

Array of team UIDs to add users to

warnings

Action

Optional callback to receive warning messages (default: null)

Returns:

Task - A task that completes when all users are added to all teams

Example:

var emails = new[] { "[email protected]" };
var teamUids = new[] { "ABC123XYZ456" };

await context.EnterpriseData.AddUsersToTeams(emails, teamUids);
Console.WriteLine("User added to team successfully");

QueueUserToTeam:

Queue a non-active user (Invited or Locked status) to be added to a team. The user will be added to the team automatically when their account becomes active. Use this for users who haven't accepted their invitation yet or whose accounts are locked.

Function:

Task QueueUserToTeam(long enterpriseUserId, string teamUid);

Arguments:

Argument

Type

Required

Description

enterpriseUserId

long

Yes

Enterprise user ID of the non-active user

teamUid

string

Yes

UID of the team to queue the user for

Returns:

Task - A task that completes when the user is queued for the team

Example:

var user = context.EnterpriseData.Users
    .FirstOrDefault(u => u.Email == "[email protected]");

if (user != null && user.Status != "Active")
{
    await context.EnterpriseData.QueueUserToTeam(user.Id, "TEAM_UID_123");
    Console.WriteLine($"User queued for team (Status: {user.Status})");
}

RemoveUsersFromTeams:

Remove one or more users from one or more teams programmatically using the .NET SDK. This operation removes team membership but does not delete user accounts or affect other teams the users belong to.

Function:

Task RemoveUsersFromTeams(string[] emails, string[] teamUids, Action<string> warnings = null);

Arguments:

Argument

Type

Required

Description

emails

string[]

Yes

Array of user email addresses to remove from teams

teamUids

string[]

Yes

Array of team UIDs to remove users from

warnings

Action

Optional callback to receive warning messages (default: null)

Returns:

Task - A task that completes when all users are removed from all teams

Example:

var emails = new[] { "[email protected]" };
var teamUids = new[] { "ABC123XYZ456" };

await context.EnterpriseData.RemoveUsersFromTeams(emails, teamUids);
Console.WriteLine("User removed from team successfully");

PowerCommander

Command: Coming Soon

Python CLI

Command: enterprise-user edit

Parameter:

email - User email or UID. Can be repeated. (required)

Flag:

-h, --help show this help message and exit
--parent - Parent node name or UID
--full-name - Set user full name
--job-title - Set user job title
--add-role - Role name or role ID.
--remove-role - Role name or role ID.
--add-team - Team name or team UID.
--remove-team - Team name or team UID.
-hsf, --hide-shared-folders - User does not see shared folders. --add-team
- only: {on,off}

Example:

My Vault> enterprise-user edit <User email> --full-name <FULL_NAME> --job-title <JOB_TITLE> --add-role <ADD_ROLE> -hsf on

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

batch = batch_management.BatchManagement(loader=context.enterprise_loader, logger=self)

user = enterprise_data.users.get_entity('user_name')
users = [user]
users_to_update = [enterprise_management.UserEdit(
                enterprise_user_id=user.enterprise_user_id, node_id=parent_node_id, full_name=full_name, job_title=job_title)
                for user in users]
batch.modify_users(to_update=users_to_update)
batch.apply()

Enterprise User Delete

Delete users from enterprise.

DotNet CLI

Command: enterprise-user delete <email>

Alias :eu delete <email>

Parameter:

email Email ID (required)

Options:

--yes - Skip confirmation prompt (for delete)

Example:

My Vault> eneterprise-user delete [email protected]
# Skip confirmation
eu delete [email protected] --yes

DotNet SDK

Function: DeleteUser

Task DeleteUser(EnterpriseUser user);

PowerCommander

Command: Remove-KeeperEnterpriseUser OR delete-user

Parameters:

-User - User email (required)
-Force - Skip confirmation

Example:

PS> Remove-KeeperEnterpriseUser -User<user email> 
OR
delete-user "[email protected]" -Force

Python CLI

Command: enterprise-user delete

Parameter:

email - User email or UID. Can be repeated. (required)

Flag:

-h, --help show this help message and exit
-f, --force - Do not prompt for confirmation

Example:

My Vault>enterprise-user delete <User_Email OR UID> -f

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

user = enterprise_data.users.get_entity('user_name')
users = [user]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
users_to_delete = [enterprise_management.UserEdit(enterprise_user_id=user.enterprise_user_id) for user in users]
batch.modify_users(to_remove=users_to_delete)
batch.apply()

Enterprise User Action

Enterprise user actions like lock and unlocking can be performed using this command.

DotNet CLI

Command: enterprise-user <action> user_email

Examples:

Lock User:

My Vault> enterprise-user lock [email protected] OR eu lock [email protected]

Unlock User:

My Vault> enterprise-user unlock [email protected] OR eu enterprise-user unlock [email protected]

DotNet SDK

Function: SetUserLocked

Task<EnterpriseUser> SetUserLocked(EnterpriseUser user, bool locked);

if locked is set to true, then user will be locked, else user will unlock.

Example:

var user = await context.EnterpriseData.SetUserLocked(singleUser, arguments.Command == "lock");

PowerCommander

Command: Lock-KeeperEnterpriseUser or Unlock-KeeperEnterpriseUser

Aliases: lock-user, unlock-user

Parameter: -User -User email

PS> Unlock-KeeperEnterpriseUser -User [email protected]
unlock-user "[email protected]"

Lock-KeeperEnterpriseUser -User "[email protected]"
lock-user "[email protected]"

Command: Move-KeeperEnterpriseUser

Transfer user to different node

Aliases: transfer-user

Syntax:

Move-KeeperEnterpriseUser [-Email] <string> [-NodeId] <long> [<CommonParameters>]

Parameters:

-Email - User email (required)
-NodeId - Destination node ID (required)

Examples:

Move-KeeperEnterpriseUser -Email "[email protected]" -NodeId 12345
transfer-user "[email protected]" 12345

Python CLI

Command: enterprise-user action

Parameter:

email - User email or ID. (required)

Flag:

-h, --help - Show this help message and exit
--expire - Expire master password
--extend - Extend vault transfer consent by 7 days. Supports the following pseudo users: @all
--lock - Lock user
--unlock - Unlock user
--disable-2fa - Disable 2fa for user

Example:

My Vault> enterprise-user action <User_Email OR UID> --expire

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

user = enterprise_data.users.get_entity('user_name')
users = [user]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
if expire_password:
    batch.user_actions(to_expire_password=[user.enterprise_user_id for user in users])
elif extend_transfer:
    batch.user_actions(to_extend_transfer=[user.enterprise_user_id for user in users])
elif lock_user:
    batch.user_actions(to_lock=[user.enterprise_user_id for user in users])
elif unlock_user:
    batch.user_actions(to_unlock=[user.enterprise_user_id for user in users])
elif disable_2fa:
    batch.user_actions(to_disable_tfa=[user.enterprise_user_id for user in users])
else:
    return

batch.apply()

Enterprise User Alias

Manage user aliases by either adding or removing aliases.

DotNet CLI

Command: enterprise-user <action> username --alias="<alias>" OR eu <action> username --alias="<alias>"

Parameter:

email - User email or ID.

Examples:

Add-Alias:

My Vault> eu alias-add [email protected] --alias "[email protected]"

Alias-Remove:

My Vault> eu alias-remove [email protected] --alias "[email protected]"

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: enterprise-user alias

Parameter:

email - User email or ID (required)

Flag:

--add-alias - Adds user alias
--remove-alias - Removes user alias

Python SDK

Function:

from keepersdk.enterprise import batch_management, enterprise_management

user = enterprise_data.users.get_entity('user_name')
aliases = enterprise_data.user_aliases.get_links_by_subject(user.enterprise_user_id)
add_user = 'email_to_add_as_alias'
if user.username == add_user:
    logging.error(f'User "%s" alias already exists', add_user)
has_alias = any((True for alias in aliases if alias.username == add_user))
if has_alias:
    alias_rq = APIRequest_pb2.EnterpriseUserAliasRequest()
    alias_rq.enterpriseUserId = user.enterprise_user_id
    alias_rq.alias = add_user
    KeeperAuth.execute_auth_rest('enterprise/enterprise_user_set_primary_alias', alias_rq)
else:
    alias_request = APIRequest_pb2.EnterpriseUserAddAliasRequest()
    alias_request.enterpriseUserId = user.enterprise_user_id
    alias_request.alias = add_user
    alias_request.primary = True
    add_rs = KeeperAuth.execute_auth_rest(
        'enterprise/enterprise_user_add_alias', alias_request, response_type=APIRequest_pb2.EnterpriseUserAddAliasResponse)

PreviousEnterprise Management Commands NextEnterprise Node Commands

Last updated 9 days ago

Was this helpful?