Configuring access to the CyberArk Vault


This procedure describes the steps for BMC Discovery appliances and BMC Discovery Outposts to gain access to the CyberArk Vault (safe).

Note

CyberArk uses the term Vault to refer to the CyberArk server component which holds information securely (all Safes reside in the Vault). This should not be confused with the credential vaults on BMC Discovery appliances and BMC Discovery Outposts.

Before you begin

Ensure that you have: 


To grant access to BMC Discovery and BMC Discovery Outposts

  1. Log in to the CyberArk application and click Policies > Access Control (Safes).
  2. From the list of safes displayed in the details section, select the safe for which you want the BMC Discovery user to have access and click Members from the bottom-right corner of the page.
    The Members dialog box is displayed. 
  3. In the members list, click Add Member.

  4. In the Add Member dialog, enter the application provider user, for example Prov_teapot in the search field and click Search. This is the Provider user name from the CyberArk Credential Provider installation

    Tip

    The BMC Discovery name might appear differently in the search result. This is because CyberArk truncates additional underscores, spaces, and special characters. For example, the name Discovery Server 1 might appear as DiscoveryServer1.

  5. From the result list displayed, select the appropriate provider user and grant it permission to Use, Retrieve and List accounts. 
    Repeat the process for each CyberArk Credential Provider <Prov_discoveryname>, granting Use, Retrieve and List accounts. The access to the CyberArk Vault (safe) is now granted.

Where to go from here

Enabling-and-testing-the-CyberArk-integration

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*