External key vault integration CyberArk
The following is required information for CyberArk Integration configuration:
- Central Credential Provider API URL
- The CyberArk CCP URL endpoint on the CyberArk server.
- CyberArk Application ID
- The CyberArk issued Application ID.
- Certificate used to authenticate to CyberArk
- Control Room Client Certificate trusted by CyberArk AAM server. The certificate will be distributed in a passphrase protected file, you will need to enter the passphrase.
- Optional Certificate
- You can optionally load the CyberArk AIM Server certificate to the Control Room trust store here to make sure that the Control Room will trust the CyberArk server.
- Credential Identifiers to be used during installation
- Safe and Object Name
- Database credentials
- Service Account Credential
This task is performed by the Control Room administrator. You must have the necessary rights and permissions to complete this task. Ensure you are logged in to the Control Room as the administrator.
When External Key Vault is selected for Create Credential, the locker owner, or anyone with the necessary permissions to create a credential locker, will have the ability to specify an Object Name for the credential.
When External Key Vault is selected for Create Locker, the only task the administrator will perform is "map" the locker name to the "prefix" for other key vault types.