Enterprise User Commands
Manages individual enterprise users when used by enterprise admin.
Operations:
User add, edit, view, delete user
Actions like lock, unlock, extends, expire
Set user aliases and nodes.
Usage
enterprise-user command [--options] OR eu command [--options]Alias: eu
Commands
Enterprise User View
This command can be used to view an enterprise user's details
DotNet CLI
Command: enterprise-user view
Parameter : --team Email OR UID
Alias: eu vie
Example:
My Vault> eu view [email protected]
User Email: [email protected]
User Name: John Doe
User ID: 894448414228492
Status: Active
Teams: Engineering Team
DevOps Team
Node: Engineering
My Vault> enterprise-user view 894448414228492
User Email: [email protected]
User Name: John Doe
User ID: 894448414228492
Status: Active
Teams: Engineering Team
DevOps Team
Node: Engineering DotNet SDK
Functions:
EnterpriseData.GetTeamsForUser
EnterpriseData.TryGetTeam
EnterpriseData.TryGetTeam
The following functions together will give all data related to user from enterprise perspective
PowerCommander
Command: Get-KeeperEnterpriseUser
Syntax:
Get-KeeperEnterpriseUser [[-Email] <string>] [[-Filter] <string>] [<CommonParameters>]Aliases: keu
Parameters:
-Email- User email-Filter- Search filter
Example:
PS> Get-KeeperEnterpriseUser
OR
# List all users
PS> keu
# Get specific user
PS>Get-KeeperEnterpriseUser -Email "[email protected]"
# Search users
PS> Get-KeeperEnterpriseUser -Filter "admin"Python CLI
Command: enterprise-user view
Parameter:
email - User email. Can be repeated. (required)
Flag:
-v,--verbose- Print verbose information-h, --helpshow this help message and exit--format- format of output:{table,json}--output- path to resulting output file (ignored for "table" format)
Example:
My vault> enterprise-user view <User email or UID> --output <file-path> --format jsonPython SDK
Function:
username = '[email protected]'
enterprise_data = enterprise_types.IEnterpriseData
user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == user_name.lower()]Enterprise User Add
Create enterprise user(s).
DotNet CLI
Command: enterprise-user invite
Alias: eu invite
Parameter:
email
email of the user to add
Example:
My Vault> enterprise-user invite <email>
User [email protected] invited.
My Vault> eu invite <email>
User [email protected] invited.DotNet SDK
Function: InviteUser(string email, [InviteUserOptions options = null])
Task<KeeperSecurity.Enterprise.EnterpriseUser> EnterpriseData.InviteUser(string email, [InviteUserOptions options = null])Arguments:
email
string
Yes
Email address of the user to invite
options
InviteUserOptions
No
Invitation options (default: null)
Returns:
Task<EnterpriseUser> - A task returning the created EnterpriseUser object
InviteUserOptions Properties:
FullName
string
User's full name
NodeId
long
Node ID where user will be assigned
TeamIds
IEnumerable
List of team IDs to add user to
Example:
var newUser = await context.EnterpriseData.InviteUser("[email protected]");
Console.WriteLine($"Invited user: {newUser.Email}");PowerCommander
Command: Add-KeeperEnterpriseUser
Parameters:
Email
Email address to invite.
Flags:
-Name
Full name of the user
-Node
Node name or ID where the user will be assigned
-NodeId
Node ID as a long integer (alternative to -Node)
-Emails
Extra email addresses to invite (for batch invitations)
Example:
PS> Add-KeeperEnterpriseUser -Node "Test node" -Email "[email protected]"
User invited: [email protected]Python CLI
Command: enterprise-user add
Parameter:
email - User email. Can be repeated. (required)
Flag:
-h, --helpshow this help message and exit--parent- Parent node name or ID--full-name- Set user full name--job-title- Set user job title--add-role- Role name or role ID.--add-team- Team name or team UID.-hsf,--hide-shared-folders- User does not see shared folders.--add-teamonly:onoroff
Example:
My Vault> enterprise-user add <User email> --full-name <FULL_NAME> --job-title <JOB_TITLE> --add-role <ADD_ROLE>
User Add: User ID = 1234567Python SDK
Function:
from keepersdk.enterprise import batch_management, enterprise_management
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
users_to_add = [enterprise_management.UserEdit(
enterprise_user_id=enterprise_loader.get_enterprise_id(), node_id=user_node_id, username=email,
full_name=full_name, job_title=job_title)
for email in unique_emails]
batch.modify_users(to_add=users_to_add)
batch.apply()Enterprise User Edit
Edit enterprise user details like adding and removing roles and teams.
DotNet CLI
DotNet CLI supports team-add and team-remove functionalities
Team-add:
Command: enterprise-user team-add
Alias: eu team-add
Parameters:
email
Email address of the user to add to team
--team
Name or UID of the team.
Flags:
--teamname
Alternative flag for team name
--help
Display help screen
--version
Display version information
Example:
My Vault> enterprise-user team-add [email protected] --team "Developers"
User [email protected] added to team: Developers
# OR using alias
My Vault> eu team-add [email protected] --team "Developers"
User [email protected] added to team: DevelopersTeam-remove:
Command: enterprise-user team-remove
Alias: eu team-remove
Parameters:
email
Email address of the user to remove from team.
--team
Name or UID of the team.
Flags:
--teamname
Alternative flag for team name
--help
Display help screen
--version
Display version information
Example:
My Vault> enterprise-user team-remove [email protected] --team "Developers"
User [email protected] removed from team: Developers
# OR
My Vault> eu team-remove [email protected] --team "Developers"
User [email protected] removed from team: DevelopersDotNet SDK
AddUsersToTeams:
Add one or more active users to one or more teams programmatically using the .NET SDK. This method works only for users with "Active" status. For non-active users (Invited, Locked), use QueueUserToTeam instead.
Function:
Task AddUsersToTeams(string[] emails, string[] teamUids, Action<string> warnings = null);Arguments:
emails
string[]
Yes
Array of user email addresses to add to teams
teamUids
string[]
Yes
Array of team UIDs to add users to
warnings
Action
No
Optional callback to receive warning messages (default: null)
Returns:
Task - A task that completes when all users are added to all teams
Example:
var emails = new[] { "[email protected]" };
var teamUids = new[] { "ABC123XYZ456" };
await context.EnterpriseData.AddUsersToTeams(emails, teamUids);
Console.WriteLine("User added to team successfully");QueueUserToTeam:
Queue a non-active user (Invited or Locked status) to be added to a team. The user will be added to the team automatically when their account becomes active. Use this for users who haven't accepted their invitation yet or whose accounts are locked.
Function:
Task QueueUserToTeam(long enterpriseUserId, string teamUid);Arguments:
enterpriseUserId
long
Yes
Enterprise user ID of the non-active user
teamUid
string
Yes
UID of the team to queue the user for
Returns:
Task - A task that completes when the user is queued for the team
Example:
var user = context.EnterpriseData.Users
.FirstOrDefault(u => u.Email == "[email protected]");
if (user != null && user.Status != "Active")
{
await context.EnterpriseData.QueueUserToTeam(user.Id, "TEAM_UID_123");
Console.WriteLine($"User queued for team (Status: {user.Status})");
}RemoveUsersFromTeams:
Remove one or more users from one or more teams programmatically using the .NET SDK. This operation removes team membership but does not delete user accounts or affect other teams the users belong to.
Function:
Task RemoveUsersFromTeams(string[] emails, string[] teamUids, Action<string> warnings = null);Arguments:
emails
string[]
Yes
Array of user email addresses to remove from teams
teamUids
string[]
Yes
Array of team UIDs to remove users from
warnings
Action
No
Optional callback to receive warning messages (default: null)
Returns:
Task - A task that completes when all users are removed from all teams
Example:
var emails = new[] { "[email protected]" };
var teamUids = new[] { "ABC123XYZ456" };
await context.EnterpriseData.RemoveUsersFromTeams(emails, teamUids);
Console.WriteLine("User removed from team successfully");Python CLI
Command: enterprise-user edit
Parameter:
email - User email or UID. Can be repeated. (required)
Flag:
-h, --helpshow this help message and exit--parent- Parent node name or UID--full-name- Set user full name--job-title- Set user job title--add-role- Role name or role ID.--remove-role- Role name or role ID.--add-team- Team name or team UID.--remove-team- Team name or team UID.-hsf,--hide-shared-folders- User does not see shared folders.--add-teamonly:
{on,off}
Example:
My Vault> enterprise-user edit <User email> --full-name <FULL_NAME> --job-title <JOB_TITLE> --add-role <ADD_ROLE> -hsf onPython SDK
Function:
from keepersdk.enterprise import batch_management, enterprise_management
batch = batch_management.BatchManagement(loader=context.enterprise_loader, logger=self)
user = enterprise_data.users.get_entity('user_name')
users = [user]
users_to_update = [enterprise_management.UserEdit(
enterprise_user_id=user.enterprise_user_id, node_id=parent_node_id, full_name=full_name, job_title=job_title)
for user in users]
batch.modify_users(to_update=users_to_update)
batch.apply()Enterprise User Delete
Delete users from enterprise.
DotNet CLI
Command: enterprise-user delete <email>
Alias :eu delete <email>
Parameter:
email Email ID (required)
Options:
--yes- Skip confirmation prompt (for delete)
Example:
My Vault> eneterprise-user delete [email protected]
# Skip confirmation
eu delete [email protected] --yes PowerCommander
Command: Remove-KeeperEnterpriseUser OR delete-user
Parameters:
-User- User email (required)-Force- Skip confirmation
Example:
PS> Remove-KeeperEnterpriseUser -User<user email>
OR
delete-user "[email protected]" -ForcePython CLI
Command: enterprise-user delete
Parameter:
email - User email or UID. Can be repeated. (required)
Flag:
-h, --helpshow this help message and exit-f,--force- Do not prompt for confirmation
Example:
My Vault>enterprise-user delete <User_Email OR UID> -fPython SDK
Function:
from keepersdk.enterprise import batch_management, enterprise_management
user = enterprise_data.users.get_entity('user_name')
users = [user]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
users_to_delete = [enterprise_management.UserEdit(enterprise_user_id=user.enterprise_user_id) for user in users]
batch.modify_users(to_remove=users_to_delete)
batch.apply()Enterprise User Action
Enterprise user actions like lock and unlocking can be performed using this command.
DotNet CLI
Command: enterprise-user <action> user_email
Examples:
Lock User:
My Vault> enterprise-user lock [email protected] OR eu lock [email protected]Unlock User:
My Vault> enterprise-user unlock [email protected] OR eu enterprise-user unlock [email protected]DotNet SDK
Function: SetUserLocked
Task<EnterpriseUser> SetUserLocked(EnterpriseUser user, bool locked);if locked is set to true, then user will be locked, else user will unlock.
Example:
var user = await context.EnterpriseData.SetUserLocked(singleUser, arguments.Command == "lock");PowerCommander
Command: Lock-KeeperEnterpriseUser or Unlock-KeeperEnterpriseUser
Aliases: lock-user, unlock-user
Parameter: -User -User email
PS> Unlock-KeeperEnterpriseUser -User [email protected]
unlock-user "[email protected]"
Lock-KeeperEnterpriseUser -User "[email protected]"
lock-user "[email protected]"Command: Move-KeeperEnterpriseUser
Transfer user to different node
Aliases: transfer-user
Syntax:
Move-KeeperEnterpriseUser [-Email] <string> [-NodeId] <long> [<CommonParameters>]Parameters:
-Email- User email (required)-NodeId- Destination node ID (required)
Examples:
Move-KeeperEnterpriseUser -Email "[email protected]" -NodeId 12345
transfer-user "[email protected]" 12345Python CLI
Command: enterprise-user action
Parameter:
email - User email or ID. (required)
Flag:
-h, --help- Show this help message and exit--expire- Expire master password--extend- Extend vault transfer consent by 7 days. Supports the following pseudo users: @all--lock- Lock user--unlock- Unlock user--disable-2fa- Disable 2fa for user
Example:
My Vault> enterprise-user action <User_Email OR UID> --expirePython SDK
Function:
from keepersdk.enterprise import batch_management, enterprise_management
user = enterprise_data.users.get_entity('user_name')
users = [user]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_management_logger)
if expire_password:
batch.user_actions(to_expire_password=[user.enterprise_user_id for user in users])
elif extend_transfer:
batch.user_actions(to_extend_transfer=[user.enterprise_user_id for user in users])
elif lock_user:
batch.user_actions(to_lock=[user.enterprise_user_id for user in users])
elif unlock_user:
batch.user_actions(to_unlock=[user.enterprise_user_id for user in users])
elif disable_2fa:
batch.user_actions(to_disable_tfa=[user.enterprise_user_id for user in users])
else:
return
batch.apply()Enterprise User Alias
Manage user aliases by either adding or removing aliases.
DotNet CLI
Command: enterprise-user <action> username --alias="<alias>" OR eu <action> username --alias="<alias>"
Parameter:
email - User email or ID.
Examples:
Add-Alias:
My Vault> eu alias-add [email protected] --alias "[email protected]"Alias-Remove:
My Vault> eu alias-remove [email protected] --alias "[email protected]"Python CLI
Command: enterprise-user alias
Parameter:
email - User email or ID (required)
Flag:
--add-alias- Adds user alias--remove-alias- Removes user alias
Python SDK
Function:
from keepersdk.enterprise import batch_management, enterprise_management
user = enterprise_data.users.get_entity('user_name')
aliases = enterprise_data.user_aliases.get_links_by_subject(user.enterprise_user_id)
add_user = 'email_to_add_as_alias'
if user.username == add_user:
logging.error(f'User "%s" alias already exists', add_user)
has_alias = any((True for alias in aliases if alias.username == add_user))
if has_alias:
alias_rq = APIRequest_pb2.EnterpriseUserAliasRequest()
alias_rq.enterpriseUserId = user.enterprise_user_id
alias_rq.alias = add_user
KeeperAuth.execute_auth_rest('enterprise/enterprise_user_set_primary_alias', alias_rq)
else:
alias_request = APIRequest_pb2.EnterpriseUserAddAliasRequest()
alias_request.enterpriseUserId = user.enterprise_user_id
alias_request.alias = add_user
alias_request.primary = True
add_rs = KeeperAuth.execute_auth_rest(
'enterprise/enterprise_user_add_alias', alias_request, response_type=APIRequest_pb2.EnterpriseUserAddAliasResponse)Last updated
Was this helpful?