Integrating with CyberArk Enterprise Platform Vault using the REST API

CyberArk Enterprise Platform Vault is application software that helps you to store and manage credentials securely, according to policies that your organization might require.

You can configure the integration with CyberArk Enterprise Platform Vault using the vault management page in BMC Discovery.

Before you begin

Tip

Credential broker performance testing

Credential brokers are designed with human interaction in mind. When BMC Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.

There are no restrictions on CyberArk Enterprise Platform Vault versions to which you can connect by using the REST API. The current version at the time of release is version 12.4.

To integrate with CyberArk Enterprise Platform Vault

For the BMC Discovery appliance to be able to access CyberArk Enterprise Platform Vault, you must perform the integration from the appliance. For a registered BMC Discovery Outpost to be able to access CyberArk Enterprise Platform Vault, you must also perform the integration from the BMC Discovery Outpost.

To integrate the BMC Discovery appliance with CyberArk Enterprise Platform Vault:
1. From the main menu of the appliance UI, click the Administration icon.
  The Administration page opens.
2. In the Discovery section, click Vault Management.
3. Select the CyberArk Enterprise Platform Vault tab.
To integrate the BMC Discovery Outpost with CyberArk Enterprise Platform Vault:
1. From the main menu in the BMC Discovery Outpost, click Manage > Vault Providers.
  The Manage Vault page opens.
2. Select the CyberArk Enterprise Platform Vault tab.

Enter the settings appropriate to your CyberArk Enterprise Platform Vault on the page:

Field Name	Description
Status	A read-only display showing the status of the integration with CyberArk Enterprise Platform Vault. This can be one of: ACTIVE, DISABLED, or messages such as TEST OK, TEST ERROR, or ERROR and an explanatory message.
Enabled	Select the check box to enable the integration with CyberArk Enterprise Platform Vault.
Application ID	The application ID of the BMC Discovery Outpost. By default this is BMC_Discovery. You can change this if required.
Access Method	Select REST API.
URL	Enter the URL of CyberArk Enterprise Platform Vault. Only HTTPS URLs are permitted. You should ask your CyberArk Enterprise Platform Vault administrator for the URL, Client Certificate Bundle, and Set Certificate Bundle Passphrase to access CyberArk Enterprise Platform Vault.
Client Certificate Bundle	Click Choose File, and select the PEM formatted client certificate bundle.
Set Certificate Bundle Passphrase	(Optional) Enter the passphrase for the client certificate bundle. To make the field editable, select the check box and set the passphrase . The passphrase is not displayed.
Timeout (in seconds)	The timeout (in seconds) for requests to the provider. The default is 300 seconds and the minimum 5 seconds.
SSL Certificate Check	Select to enable an SSL certificate check against the server. The result is reported in the Status message.

Click Test to test the connection
The configuration is not saved until you click the Apply button.
Click Apply to save and apply the configuration.

To enable and test the CyberArk integration

To enable the integration, in the CyberArk Integration field, click Enabled.
Click Test to verify whether the integration has successfully completed.

The integration between BMC Discovery and CyberArk Enterprise Platform Vault is complete.

Where to go from here

Using-CyberArk-credentials-for-discovery