This documentation supports the 20.08 version of BMC Discovery.

To view an earlier version of the product, select the version from the Product version menu.

Integrating with CyberArk Enterprise Password Vault

CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans. 

The integration eliminates the need for performing duplicate tasks of using an external import or export mechanism to obtain the credentials that are stored in CyberArk Vault. The CyberArk Vault also enables you to employ the password management policies required for your organization. CyberArk uses the term Vault to refer to the CyberArk server component, which holds information securely (All "Safes" reside in the Vault). This should not be confused with the BMC Discovery Vault.

Before you begin

Tip

Credential broker performance testing

Credential brokers are designed with human interaction in mind. When BMC Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.

Process overview

TaskTask descriptionReference
1.

Create the provider user in the CyberArk Enterprise Password Vault. The user that you create for the first time is used to give access to the CyberArk Vault (Safe). You define additional users for access from specific BMC Discovery appliances BMC Discovery Outposts as they are required.

Create the provider user in the CyberArk Enterprise Password Vault
2.

Either:
Integrate with CyberArk Enterprise Platform Vault using the REST API


Integrating with CyberArk Enterprise Platform Vault using the REST API

Or:
Integrating with CyberArk Enterprise Platform Vault using the AIM Provider.

Integrating using the CyberArk Enterprise Platform Vault using the AIM Provider requires further steps. The integration uses a locally installed agent (the AIM provider) to interact with CyberArk Enterprise Platform Vault, offering benefits over the REST integration. For more information, contact your CyberArk administrator.

Note: The choice of an integration method is mutually exclusive. If you integrate BMC Discovery with CyberArk Enterprise Platform Vault using the REST API, you cannot access it using the AIM Provider.

3.

After the connection is successful, you configure BMC Discovery credentials that fetch credentials from CyberArk. Instead of using a username and password, you use a query to perform the task.

Using CyberArk credentials for discovery


See this video (4:40) for a demonstration of the integration between BMC Discovery and the CyberArk Vault.

https://youtu.be/WTLoGGOrnUg

Was this page helpful? Yes No Submitting... Thank you

Comments