Configuring the provider user
After you install the CyberArk Credential Provider and configure the connection to the CyberArk Vault, you must first create an administrator-level provider (BMC_Discovery) user, that has access to the vault (safe) in CyberArk. Then, you must add this user to the various safes to which you need access to in CyberArk. Without performing these steps, you cannot configure access for additional users or appliances to a specific safe in CyberArk.
The BMC Discovery application can access the credentials stored in the CyberArk Vault (safe) by way of queries, after you create the provider user and add it to the required safes in CyberArk. For more information about configuring additional appliances or users, see Configuring appliances to access the CyberArk Vault.
This section covers only the steps that are required to create access from the BMC Discovery application to CyberArk. For more information about using other features in CyberArk, see the CyberArk Vault documentation, or contact your CyberArk administrator.
CyberArk uses the term Vault to refer to the CyberArk server component which holds information securely (all Safes reside in the Vault). This should not be confused with the BMC Discovery Vault.
Before you begin
Ensure that you have installed the CyberArk Application Identity Manager (AIM) Provider.
To create the provider user for accessing CyberArk
- Log in to your CyberArk Password Vault Web Access (PVWA) and click Applications from the main menu.
Click Add Application and enter the information about BMC Discovery.
You must use the application name
BMC_Discovery. All other values can be specified as required by your organization.
Click Apply to save the changes.
- From the applications list, open the BMC_Discovery application page.
- Perform the following steps to add required restrictions:
These restrictions are optional, and depend on your business policies for using CyberArk. For more information, contact your CyberArk administrator.
- From the Authentication tab, click Add and select the restriction type.
From the CyberArk Integration page in the BMC Discovery UI, take the values from the Application Authentication Values section, as shown in the following illustration.
- OS User, for example
- Path, for example,
- You must select the Path is folder checkbox.
- Hash, for example,
- The hash may change when BMC Discovery is upgraded, if you choose to use the hash, you must update it after the upgrade is complete.
From the Allowed Machines tab, add the BMC Discovery appliance name, or in the case of a clustered BMC Discovery deployment, appliance names of all machines in the cluster
Click Add and enter the appliance name.