This section describes the details to setup CyberArk in PK Protect.
To enable SSL settings with certificate authentication in CyberArk:
Obtain the CA signed certificate from CyberArk admin or authority for entry in keystore.
Obtain the .pfx with password file from CyberArk admin or authority to create your keystore and truststore. You can also use extracted .jks file with the key password and keystore password.
Obtain the RestAPI URL and Application ID that is holding your safe name and Object name. (Application must be associated with safe name)
If you are using whitelist approach, ask the CyberArk admin to whitelist your IP in the application.
To configure CyberArk’s AAM (Application Access Manager) Credential Provider with PK Protect:
Define the Application ID (APP ID) and Authentication Details in CyberArk.
The Application must have access to existing or new accounts to be provisioned in CyberArk vault. Once the accounts are managed by CyberArk, provide the access for these accounts to the Application and CyberArk Application Password Providers.
Perform the following steps in PK Protect:
Go to Settings > CyberArk Preferences under Admin and click Edit. After enabling the setting, enter the Safe Access URL and Application Id. Check the Certificate Authentication checkbox, if you want to enable CyberArk Certificate Authentication. Specify the Key Password, KeyStore Password, and path to the .jks file. It will automatically configure PK Protect for CyberArk.
Go to NoSQL > Connection Manager > Add New Connection and create a CyberArk enabled NoSQL connection for the following databases: MongoDB, Cassandra, and CouchBase.
Check the CyberArk Authentication checkbox and enter the Safe Name and Object Name. After successfully creating the connection, DSM Administrator connects with CyberArk and fetch the credentials for the user in that connection.