Integrating with CyberArk Enterprise Platform Vault using the REST API
CyberArk Enterprise Platform Vault is application software that helps you to store and manage credentials securely, according to policies that your organization might require.
You can configure the integration with CyberArk Enterprise Platform Vault using the vault providers page in the BMC Discovery Outpost.
For information on integrating BMC Helix Discovery with CyberArk Enterprise Platform Vault, see the following video (03:57):
Before you begin
Tip
Credential broker performance testing
Credential brokers are designed with human interaction in mind. When BMC Helix Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.
There are no restrictions on CyberArk Enterprise Platform Vault versions to which you can connect by using the REST API. The current version at the time of release is version 12.4.
To integrate with CyberArk Enterprise Platform Vault
- From the main menu in the BMC Discovery Outpost, click Manage > Vault Providers.
The Manage Vault page opens. Select the CyberArk Credential Provider tab.
Enter the settings appropriate to your CyberArk Enterprise Platform Vault on the page:
Field Name
Description
Status
A read-only display showing the status of the integration with CyberArk Enterprise Platform Vault. This can be one of: ACTIVE, DISABLED, or messages such as TEST OK, TEST ERROR, or ERROR and an explanatory message.
Enabled
Select the check box to enable the integration with CyberArk Enterprise Platform Vault.
Application ID The application ID of the BMC Discovery Outpost. By default this is
BMC_Discovery. You can change this if required.Access Method Select CCP REST API. URL
Enter the URL of CyberArk Enterprise Platform Vault. Only HTTPS URLs are permitted. the URL is of the form:
https://FQDN/AIMWebService/api/Accounts?AppID=BMC_Discovery&Query=XXX
Where the query is to be specified for a credential entry in the Discovery safe.You should ask your CyberArk Enterprise Platform Vault administrator for the URL, Client Certificate Bundle, and Set Certificate Bundle Passphrase to access CyberArk Enterprise Platform Vault.
Client Certificate Bundle
Click Choose File, and select the PEM formatted client certificate bundle.
Set Certificate Bundle Passphrase
(Optional) Enter the passphrase Client Certificate Bundle.
To make the field editable, select the check box and set the passphrase . The passphrase is not displayed.Timeout (in seconds)
The timeout (in seconds) for requests to the provider. The default is 300 seconds and the minimum 5 seconds.
SSL Certificate Check
Select to enable an SSL certificate check against the server. The result is reported in the Status message.
- Click Test to test the connection. The configuration is not saved until you click the Apply button.
- Click Apply to save and apply the configuration.
To enable and test the CyberArk integration
To enable the integration, in the CyberArk Integration field, click Enabled.
Click Test to verify whether the integration has successfully completed.
The integration between BMC Helix Discovery and CyberArk Enterprise Platform Vault is complete.
Comments
Log in or register to comment.