Each Device42 Auto-discovery job is configured to use one (or more) sets of system credentials. If you already use CyberArk to manage password and other secrets, or simply don’t want to use Device42 for this purpose, the Device42 CyberArk integration allows Device42 to securely store and retrieve these credentials externally as your primary secret management solution.
CyberArk offers useful features such as automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines.
Note: Passwords retrieved from CyberArk are not viewable in Device42!
Configuring the CyberArk Integration
- Login to CyberArk as an Administrator.
- Select the Applications tab, then click Add Application.
- Create an account for Device42.
- Click Add.
- Check the box to Allow extended authentication restrictions.
- Select Tools > Integrations > CyberArk from the Device42 menu.
- Select the checkbox to Enable CyberArk and enter your CyberArk RESTful API information.
- Verify connectivity by clicking Test and entering a managed account name.
- Select Save.
If you run into configuration errors and they are related to SSL errors, you may need to select the Skip HTTPS Certificate Verification option on the CyberArk configuration page before trying again.
Using the Device42 CyberArk Integration for Discovery
To create a new password object using CyberArk, simply select CyberArk from the Password Storage drop-down menu:
Note: By default, passwords are looked up by name in CyberArk by matching the Password label in Device42. If no label is provided then the username will be matched directly. You may also customize the folder or safe the password is retrieved from by utilizing Password Custom fields named Folder and Safe.