Integrate Automation 360Control Room with CyberArk using API gateway

Automation 360 supports integration of Control Room with CyberArk using an API gateway.

Prerequisites

  • This feature is only supported for Cloud-based deployments.
  • When Automation 360 is integrated with CyberArk using API gateway, configure API gateway endpoints accordingly in the Control Room.
  • If your API gateway is using OAuth connection for authorization, complete step 1 to step 5 from Create OAuth connection section.
  • The request to CyberArk from Automation 360 contains query parameters such as, AppID, Safe name, and Object name configured in the vault. Ensure that you allow these query parameters on the API gateway side.

Procedure

  1. Log in to the Automation 360 Control Room as an authorized user.
  2. From the Control Room, navigate to Administration > Settings > External key vault.
  3. Click the Edit icon to open the Configuration settings pane.
  4. Click CyberArk.
  5. Enter Vault URL . The API gateway endpoint vault URL. Example: https://<apigee_hostname>/
  6. Enter the Application ID. The CCP API AppID (for example: AAEControlRoom).
  7. In the Virtual directory field, specify the key vault's virtual directory path. The path is set to /AIMWebService/api/Accounts/ by default. You can change this path if your key vault's virtual directory is different.
  8. Optional: Click Browse to upload the certificate file to the Automation 360 Control Room server.
  9. Enter the password used to access the Control Room certificate file.
  10. Optional: Enter the Server Certificate - PEM format.
  11. If your API gateway requires authorization:
    1. Select Enable Authorization (API Gateway) to enable authorization while connecting to CyberArk.
    2. Select the configured API gateway endpoint from the OAuth connection drop-down list.
    3. The default HTTP header name is Authorization. If your API gateway is configured with a different header name, specify that.
  12. Click Save changes.