Each Device42 Auto-discovery job is configured to use one (or more) sets of system credentials. If you already use CyberArk to manage password and other secrets, or simply don’t want to use Device42 for this purpose, the Device42/CyberArk integration allows Device42 to securely store & retrieve these credentials externally as your primary secret management solution.
CyberArk offers useful features such as like automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines.
Note: Passwords retrieved from CyberArk are not viewable in Device42!
Configuring the CyberArk Integration
- Login to CyberArk as an Administrator
- Select the ‘Applications’ tab, then click ‘Add Application’
- Create an account for Device42:
- Click Add
- Check box next to ‘Allow extended authentication restrictions’:
- Choose ‘Integrations’ from the ‘Tools’ menu and select CyberArk:
- Select the checkbox next to ‘Enable CyberArk’ and enter your CyberArk RESTful API information
- Verify connectivity by clicking ‘Test’ and entering a managed account name.
- Select ‘Save’:
Using the Device42/CyberArk Integration for Discovery
To create a new password object using CyberArk, simply select ‘CyberArk’ from the Password Storage drop-down menu:
Note: By default, passwords are looked up by name in CyberArk by matching the Password label in Device42. If no label is provided then the username will be matched directly. You may also customize the Folder or safe the password is retrieved from by utilizing ‘Password Custom fields’ named “Folder” and “Safe”.