Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Introduction


Note

CyberArk is supported in HIAB and OUTSCAN for both internal and external IP addresses.

CyberArk provides a privileged account security solution and password vault. It is required to have the CyberArk AIM suite to use the integration.

Note

CyberArk authentication cannot be configured on the policy level, only on the target level.

Define the Application Manually via CyberArk 

To define the Application manually via CyberArk’s PVWA (Password Vault Web Access) Interface:

  1. Log on with a user allowed to managed applications (it requires Manage Users authorization)
  2. Go to Applications tab, click Add Application; the Add Application page is displayed.
  3. Fill with the pre-defined APPID the customer should use, specified in the Name field.

Set Up CyberArk in OUTSCAN or HIAB

To set up CyberArk in OUTSCAN or HIAB:

  1. Go to Main Menu > Settings > Integrations.
  2. Select the CyberArk tab.

    Integration07

    Provide the below information to use CyberArk:

    OptionDescription
    EnabledClick on this field to enable CyberArk.
    HostProvide the hostname to the CyberArk server.
    PortProvide the port that CyberArk accepts connections on.
    AppIDEnter the application ID, an authentication token from CyberArk.
    Default safeProvide the CyberArk safe name to be used as default.
    Default folderProvide the folder to search for secrets.
    SaveClick on this button to save your current settings.
  3. Click Save.


After enabling CyberArk:

  1. Go to Main Menu > Netsec > Manage Targets.
  2. Edit a target to setup the Authentication.
    CyberArk SSH and CyberArk SMB are now visible as new options.
  3. Click on any of the options to use the respective authentication.

    Integration08

  4. Provide your Credentials:

    OptionDescription
    Username

    Provide your username to use when authenticating to the target.

    Object name

    Check your CyberArk Vault administrator and provide the object name.  It is the name of the "secret" (which contains the specific credential).

    Override safe

    Provide a different safe name in case you wish to override the existing safe name.

    Override folder

    Provide a different folder name in case you wish to override the existing folder names. 

    Note

    The Override settings provide the ability to change (override) them on a specific target.

  5. Click Test to start a verification.
  6. Click Save to enable the current settings.

Reference

Integrations