Default language.

Important This documentation space contains information about the SaaS version of BMC Helix Discovery. If you are using the on-premises version of BMC Helix Discovery, see BMC Helix Discovery 25.2 (On-Premises).

Integrating with CyberArk Enterprise Password Vault

CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Helix Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans. 

The integration eliminates the need for performing duplicate tasks of using an external import or export mechanism to obtain the credentials that are stored in CyberArk Vault. The CyberArk Vault also enables you to employ the password management policies required for your organization. CyberArk uses the term Vault to refer to the CyberArk server component, which holds information securely (All "Safes" reside in the Vault). This should not be confused with the BMC Helix Discovery Vault.

Related topics

Integrating-with-credential-brokers

Credentials

Adding-credentials

Before you begin

Tip

Credential broker performance testing

Credential brokers are designed with human interaction in mind. When BMC Helix Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.

Process overview

Task

Task description

Reference

1.

Create the provider user in the CyberArk Enterprise Password Vault. The user that you create for the first time is used to give access to the CyberArk Vault (Safe). You define additional users for access from specific BMC Discovery Outposts as they are required.

2.

Either:
Integrate with CyberArk Enterprise Platform Vault using the REST API


Or:
Integrating with CyberArk Enterprise Platform Vault using the AIM Provider.

Integrating using the CyberArk Enterprise Platform Vault using the AIM Provider requires further steps. The integration uses a locally installed agent (the AIM provider) to interact with CyberArk Enterprise Platform Vault, offering benefits over the REST integration. For more information, contact your CyberArk administrator.

Note: The choice of an integration method is mutually exclusive. If you integrate BMC Helix Discovery with CyberArk Enterprise Platform Vault using the REST API, you cannot access it using the AIM Provider.

3.

After the connection is successful, you configure BMC Helix Discovery credentials that fetch credentials from CyberArk. Instead of using a username and password, you use a query to perform the task.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*