×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
BMC Discovery 11.3 ... Integrating Integrating with CyberArk Enterprise Password Vault

Configuring the provider user

After you install the CyberArk Credential Provider and configure the connection to the CyberArk Vault, you must first create an administrator-level provider (BMC_Discovery) user, that has access to the vault (safe) in CyberArk. Then, you must add this user to the various safes to which you need access to in CyberArk. Without performing these steps, you cannot configure access for additional users or appliances to a specific safe in CyberArk.

The BMC Discovery application can access the credentials stored in the CyberArk Vault (safe) by way of queries, after you create the provider user and add it to the required safes in CyberArk. For more information about configuring additional appliances or users, see Configuring appliances to access the CyberArk Vault.

This section covers only the steps that are required to create access from the BMC Discovery application to CyberArk. For more information about using other features in CyberArk, see the CyberArk Vault documentation, or contact your CyberArk administrator.

CyberArk uses the term Vault to refer to the CyberArk server component which holds information securely (all Safes reside in the Vault). This should not be confused with the BMC Discovery Vault.

Before you begin

Ensure that you have installed the CyberArk Application Identity Manager (AIM) Provider.

To create the provider user for accessing CyberArk

  1. Log in to your CyberArk Password Vault Web Access (PVWA) and click Applications from the main menu.

  2. Click Add Application and enter the information about BMC Discovery.

    You must use the application name BMC_Discovery. All other values can be specified as required by your organization.

  3. Click Apply to save the changes.

  4. From the applications list, open the BMC_Discovery application page.
  5. Perform the following steps to add required restrictions:
    These restrictions are optional, and depend on your business policies for using CyberArk. For more information, contact your CyberArk administrator.
    1. From the Authentication tab, click Add and select the restriction type. 

    2. From the CyberArk Integration page in the BMC Discovery UI, take the values from the Application Authentication Values section, as shown in the following illustration.

    3. OS User, for example tideway
    4. Path, for example, /usr/tideway/bin
    5. You must select the Path is folder checkbox.
    6. Hash, for example,  CBAE60DB54024629AB0559C3659849CD141E7945.
    7. The hash may change when BMC Discovery is upgraded, if you choose to use the hash, you must update it after the upgrade is complete.

  6. From the Allowed Machines tab, add the BMC Discovery appliance name, or in the case of a clustered BMC Discovery deployment, appliance names of all machines in the cluster

  7. Click Add and enter the appliance name.

Where to go from here

Configuring appliances to access the CyberArk Vault


Was this page helpful? Yes No Submitting... Thank you
Last modified by Vinay Bellare on Sep 10, 2019

Comments

Log in or register to comment.

Installing the CyberArk Credential Provider
Configuring appliances to access the CyberArk Vault
© Copyright 2004 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.