Authentication Using CyberArk

<< Click to Display Table of Contents >>

RayVentory Scan Engine > 12.6 u4 > User Guide > Devices + Services > Credential Store 

Authentication Using CyberArk

This feature is using a service for the handling and the creation of credentials that is part of the enterprise solution of CyberArk. The service is used to create username/password pairs that can be used with the RayVentory Scan Engine inventory methods. When using this service, credentials in the RayVentory Scan Engine Credential Manager are saved with additional information for the usage with the service. The data in the Credential Manager is used to authenticate against the CyberArk service and to specify from where the credentials will be requested. When executing the inventory method, the credentials that are needed for authorization will be requested just in time.

 

The authentication using CyberArk is available for the credential types listed below. If multiple authentication methods are available for a credential type, it can only be selected for the password authentication method.

 

Windows credentials

SSH credentials (The usage of the CyberArk authentication is not possible if Key or OpenSSL key file have been chosen as authentication method)

Oracle credentials

VMware credentials (The usage of the CyberArk authentication is not possible if the Use Windows session credentials option has been activated)

 

In order to configure CyberArk Authentication select the CyberArk Authentication option from the dropdown menu that is available for the all the authentication methods for which CyberArk authentication is available.

 

CyberarkSSHCredentials

 

The CyberArk Safe step will now be available in the wizard.

 

CyberarkSafePageFilled

 

In the CyberArk Safe step the following settings need to be configured.

 

CyberArk URL: Enter the URL to the CyberArk vault that will be used. The CyberArk vault is an environment in which it is possible to create the different safes which can be used to authorize access for users.

Safe Name: Enter the name of the specific safe that will be used. The safes in a CyberArk vault can be used to store and organize authorized users according to the specific requirements needed.

Safe User Name: The name of the user that will be used. This name must match the name with which the user is stored in the specific safe.

Password: Enter the password of the user that will be used.

Ticket System: Enter the name of the ticket system that will be used.

 

finger1

Be aware:

Errors when calling the credentials will be logged though there will not be any visible feedback in the RayVentory Scan Engine GUI.

 

 

More information about CyberArk can be found here.