Integrating with CyberArk Enterprise Password Vault
CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans.
The integration eliminates the need for performing duplicate tasks of using an external import or export mechanism to obtain the credentials that are stored in CyberArk Vault. The CyberArk Vault also enables you to employ the password management policies required for your organization. CyberArk uses the term Vault to refer to the CyberArk server component, which holds information securely (All "Safes" reside in the Vault). This should not be confused with the BMC Discovery Vault.
Before you begin
Credential broker performance testing
Credential brokers are designed with human interaction in mind. When BMC Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.
Create the provider user in the CyberArk Enterprise Password Vault. The user that you create for the first time is used to give access to the CyberArk Vault (Safe). You define additional users for access from specific BMC Discovery appliances BMC Discovery Outposts as they are required.
|Create the provider user in the CyberArk Enterprise Password Vault|
|Integrating with CyberArk Enterprise Platform Vault using the REST API|
Integrating using the CyberArk Enterprise Platform Vault using the AIM Provider requires further steps. The integration uses a locally installed agent (the AIM provider) to interact with CyberArk Enterprise Platform Vault, offering benefits over the REST integration. For more information, contact your CyberArk administrator.
Note: The choice of an integration method is mutually exclusive. If you integrate BMC Discovery with CyberArk Enterprise Platform Vault using the REST API, you cannot access it using the AIM Provider.
After the connection is successful, you configure BMC Discovery credentials that fetch credentials from CyberArk. Instead of using a username and password, you use a query to perform the task.
|Using CyberArk credentials for discovery|
See this video (4:40) for a demonstration of the integration between BMC Discovery and the CyberArk Vault.