CyberArk Integration
Each Device42 autodiscovery job is configured to use one or more sets of system credentials. If you already use CyberArk to manage passwords and other secrets, or simply don't want to use Device42 for this purpose, the Device42 CyberArk integration allows Device42 to securely store and retrieve these credentials externally as your primary secret management solution.
CyberArk offers useful features such as automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines.
Passwords retrieved from CyberArk are not viewable in Device42.
Configure CyberArk
The CyberArk AIMWebService API is needed for the integration. To use the API, purchase and install the Central Credential Provider (CCP) plugin on CyberArk.
Configuring CyberArk:
- Log in to CyberArk as an administrator.
- Select the Applications tab, then click Add Application.
- Create an account for Device42.
- Click Add.
- Check the box to Allow extended authentication restrictions.
Configure the Device42 CyberArk Integration
Navigate to Tools > Integrations > CyberArk from the Device42 main menu.
Select the Enable CyberArk checkbox and enter your CyberArk RESTful API information.
Click Test and enter the managed account name to verify connectivity.
On confirmation of success, click Save.
If you run into configuration errors related to SSL errors, you may need to select the Skip HTTPS Certificate Verification option on the CyberArk configuration page before trying again.
Note on Password Matching
The following note in the UI describes how passwords are retrieved and matched between CyberArk and Device42 systems:
By default passwords are looked up by name in CyberArk by matching the Password label in Device42. If no label is provided then the username will be matched directly. You may also customize the Folder or Safe from which the password is retrieved by utilizing the Password Custom fields named Folder and Safe.