×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 20.02 (12.0) version of BMC Discovery.

To view an earlier version of the product, select the version from the Product version menu.
BMC Discovery 20.02 ... Integrating Integrating with credential brokers Integrating with CyberArk Enterprise Password Vault

Create the provider user in the CyberArk Enterprise Password Vault

If this is your first integration between BMC Discovery and the CyberArk Enterprise Password Vault, you mustr create an administrator-level provider user, BMC_Discovery that has access to the vault (safe) in CyberArk, and add the  BMC_Discovery user to the various safes to which you need access to in CyberArk. Without performing these steps, you cannot configure access for additional users or appliances to a specific safe in CyberArk.The BMC Discovery application can access the credentials stored in the CyberArk Vault (safe) using queries, after you create the provider user and add it to the required safes in CyberArk. For more information about configuring additional appliances, BMC Discovery Outpost, or users, see Configuring access to the CyberArk Vault.This section covers only the steps that are required to create access from the BMC Discovery application to CyberArk. For more information about using other features in CyberArk, see the CyberArk Vault documentation, or contact your CyberArk administrator.

CyberArk uses the term Vault to refer to the CyberArk server component which holds information securely (all Safes reside in the Vault). This should not be confused with the BMC Discovery Vault.

Before you begin

Ensure that you have installed the CyberArk Application Identity Manager (AIM) Provider on the appliance or a BMC Discovery Outpost.

To create the provider user for accessing CyberArk

  1. Log in to your CyberArk Password Vault Web Access (PVWA) and click Applications from the main menu.

  2. Click Add Application and enter the information about BMC Discovery.

    You must use the application name BMC_Discovery. All other values can be specified as required by your organization.

  3. Click Apply to save the changes.

  4. From the applications list, open the BMC_Discovery application page.

  5. Perform the following steps to add any restrictions required by your organization. 
    These steps are optional and depend on your organizations business policies. For more information, contact your CyberArk administrator.

    These restrictions are optional, and depend on your for organization's business policies for using CyberArk.

    1. From the Authentication tab, click Add and select the restriction type. 
      These restrictions are shown in the CyberArk Integration page in the BMC Discovery UI.

      1. OS User, for example tideway
      2. Path, for example, /usr/tideway/bin
      3. You must select the Path is folder checkbox.
      4. Hash, for example,  CBAE60DB54024629AB0559C3659849CD141E7945.
        The hash might change when BMC Discovery is upgraded, if you choose to use the hash, you must update it after the upgrade is complete.

  6. From the Allowed Machines tab, add the BMC Discovery appliance name, or in the case of a clustered BMC Discovery deployment, appliance names of all machines in the cluster.

Where to go from here

Depending on whether you are integrating with the CyberArk Enterprise Password Vault using the REST API or the AIM Provider, go to one of the following topics:

Was this page helpful? Yes No Submitting... Thank you
Last modified by Duncan Tweed on Apr 18, 2020

Comments

Log in or register to comment.

Integrating with CyberArk Enterprise Password Vault
Integrating with CyberArk Enterprise Platform Vault using the REST API
© Copyright 2004 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.