CyberArk

Purpose

This document provides set up information on the CyberArk integration.

Introduction

CyberArk provides a privileged account security solution and password vault. It is required to have the CyberArk AIM suite to use the integration.

Note

CyberArk is supported in HIAB and OUTSCAN for both internal and external IP addresses.

Note

CyberArk authentication cannot be configured on the policy level, only on the target level.

Define the Application Manually via CyberArk 

To define the Application manually via CyberArk’s PVWA (Password Vault Web Access) Interface:

1. Log on with a user allowed to managed applications (it requires Manage Users authorization)
2. Go to Applications tab, click Add Application; the Add Application page is displayed.
3. Fill with the pre-defined APPID the customer should use, specified in the Name field.

Set Up CyberArk in OUTSCAN or HIAB

To set up CyberArk in OUTSCAN or HIAB:

1. Go to Main Menu > Settings > Integrations.
2. Select the CyberArk tab.
   
   

   

   
   
   

   Provide the below information to use CyberArk:
   
   

   Option	Description
   Enabled	Click on this field to enable CyberArk.
   Host	Provide the hostname to the CyberArk server.
   Port	Provide the port that CyberArk accepts connections on.
   AppID	Enter the application ID, an authentication token from CyberArk.
   Default safe	Provide the CyberArk safe name to be used as default.
   Default folder	Provide the folder to search for secrets.
   Save	Click on this button to save your current settings.

3. Click Save.

After enabling CyberArk:

1. Go to Main Menu > Netsec > Manage Targets.
2. Edit a target to setup the Authentication.
   CyberArk SSH and CyberArk SMB are now visible as new options.
3. Click on any of the options to use the respective authentication.
   
   

   

   
   
   

4. Provide your Credentials:
   
   

   Option	Description
   Username	Provide your username to use when authenticating to the target.
   Object name	Check your CyberArk Vault administrator and provide the object name.  It is the name of the "secret" (which contains the specific credential).
   Override safe	Provide a different safe name in case you wish to override the existing safe name.
   Override folder	Provide a different folder name in case you wish to override the existing folder names.

   

   Note

   The Override settings provide the ability to change (override) them on a specific target.

5. Click Test to start a verification.
6. Click Save to enable the current settings.

Related Articles

_Copyright

_{© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.}

_Trademark

_{Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.}