×
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
 
 
  •  

 

This documentation supports the 20.08 (12.1) version of BMC Discovery.

To view an earlier version of the product, select the version from the Product version menu.

BMC Discovery 20.08 ... Integrating Integrating with credential brokers

Integrating with CyberArk Enterprise Password Vault

CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans. 

The integration eliminates the need for performing duplicate tasks of using an external import or export mechanism to obtain the credentials that are stored in CyberArk Vault. The CyberArk Vault also enables you to employ the password management policies required for your organization. CyberArk uses the term Vault to refer to the CyberArk server component, which holds information securely (All "Safes" reside in the Vault). This should not be confused with the BMC Discovery Vault.

Related topics

Integrating with credential brokers

Credentials

Adding credentials

Managing the credential vault

Before you begin

Tip

Credential broker performance testing

Credential brokers are designed with human interaction in mind. When BMC Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.

Process overview

TaskTask descriptionReference
1.

Create the provider user in the CyberArk Enterprise Password Vault. The user that you create for the first time is used to give access to the CyberArk Vault (Safe). You define additional users for access from specific BMC Discovery appliances BMC Discovery Outposts as they are required.

Create the provider user in the CyberArk Enterprise Password Vault
2.

Either:
Integrate with CyberArk Enterprise Platform Vault using the REST API


Integrating with CyberArk Enterprise Platform Vault using the REST API

Or:
Integrating with CyberArk Enterprise Platform Vault using the AIM Provider.

Integrating using the CyberArk Enterprise Platform Vault using the AIM Provider requires further steps. The integration uses a locally installed agent (the AIM provider) to interact with CyberArk Enterprise Platform Vault, offering benefits over the REST integration. For more information, contact your CyberArk administrator.

Integrating with CyberArk Enterprise Platform Vault using the AIM Provider

Note: The choice of an integration method is mutually exclusive. If you integrate BMC Discovery with CyberArk Enterprise Platform Vault using the REST API, you cannot access it using the AIM Provider.

3.

After the connection is successful, you configure BMC Discovery credentials that fetch credentials from CyberArk. Instead of using a username and password, you use a query to perform the task.

Using CyberArk credentials for discovery


See this video (4:40) for a demonstration of the integration between BMC Discovery and the CyberArk Vault.

https://youtu.be/WTLoGGOrnUg

Was this page helpful? Yes No Submitting... Thank you
Last modified by Vinay Bellare on Apr 24, 2020
bmc_contributor bp_integrating best_practice help_manage_vault_op production_ready help_op_vault_cyber

Comments

Log in or register to comment.

Integrating with Centrify Identity Platform
Create the provider user in the CyberArk Enterprise Password Vault
© Copyright 2004 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.