CyberArk Integration

Each Device42 Auto-discovery job is configured to use one (or more) sets of system credentials. If you already use CyberArk to manage password and other secrets, or simply don’t want to use Device42 for this purpose, the Device42/CyberArk integration allows Device42 to securely store & retrieve these credentials externally as your primary secret management solution.

CyberArk offers useful features such as like automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines.

Note: Passwords retrieved from CyberArk are not viewable in Device42!

Configuring the CyberArk Integration

Configuring CyberArk:

  1. Login to CyberArk as an Administrator
  2. Select the ‘Applications’ tab, then click ‘Add Application’
  3. Create an account for Device42:
  4. create account for d42 cyberark

  5. Click Add
  6. Check box next to ‘Allow extended authentication restrictions’:
  7. allow extended auth restrictions

Configuring Device42:

  1. Choose ‘Integrations’ from the ‘Tools’ menu and select CyberArk:
  2. select cyberark under tools menu integrations

  3. Select the checkbox next to ‘Enable CyberArk’ and enter your CyberArk RESTful API information
  4. Set up CyberArk Password Integration

  5. Verify connectivity by clicking ‘Test’ and entering a managed account name.
  6. verify cyberark connectivity
    test success

  7. Select ‘Save’:
    cyberark config updated

Using the Device42/CyberArk Integration for Discovery

To create a new password object using CyberArk, simply select ‘CyberArk’ from the Password Storage drop-down menu:

select cyberark from pw storage drop down

Note: By default, passwords are looked up by name in CyberArk by matching the Password label in Device42. If no label is provided then the username will be matched directly. You may also customize the Folder or safe the password is retrieved from by utilizing ‘Password Custom fields’ named “Folder” and “Safe”.