Skip to main content

CyberArk Integration

Each Device42 autodiscovery job is configured to use one or more sets of system credentials. If you already use CyberArk to manage passwords and other secrets, or simply don't want to use Device42 for this purpose, the Device42 CyberArk integration allows Device42 to securely store and retrieve these credentials externally as your primary secret management solution.

CyberArk offers useful features such as automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines.

note

Passwords retrieved from CyberArk are not viewable in Device42.

Configure CyberArk

The CyberArk AIMWebService API is needed for the integration. To use the API, purchase and install the Central Credential Provider (CCP) plugin on CyberArk.

Configuring CyberArk:

  • Log in to CyberArk as an administrator.
  • Select the Applications tab, then click Add Application.
  • Create an account for Device42.
  • Click Add.
  • Check the box to Allow extended authentication restrictions.
Create an account for Device42 CyberArk

allow extended auth restrictions

Configure the Device42 CyberArk Integration

Navigate to Tools > Integrations > CyberArk from the Device42 main menu.

CyberArk menu optionCyberArk menu option

  • Select the Enable CyberArk checkbox and enter your CyberArk URL and App Id information.

  • You can use the default endpoint or specify a custom endpoint as needed in the CyberArk Endpoint field.

    Enable CyberArkEnable CyberArk

  • Click Test and enter the managed account name to verify connectivity.

    Test CyberArkTest CyberArk

On confirmation of success, click Save.

Test success notice

CyberArk config updated notice

If you run into configuration errors related to SSL errors, you may need to select the Skip HTTPS Certificate Verification option on the CyberArk configuration page before trying again.

Skip HTTPS verification optionSkip HTTPS verification option

Note on Password Matching

The following note in the UI describes how passwords are retrieved and matched between CyberArk and Device42 systems:

By default, passwords are looked up by name in CyberArk by matching the Password label in Device42. If no label is provided then the username will be matched directly. You may also customize the Folder or Safe from which the password is retrieved by utilizing the Password Custom fields named Folder and Safe.