Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..
1099 views

Integration cyberark and OO possible ?

Jump to solution

Hi,

All our server/application user names and passwords are stored in Cyberark.

Is there any way we can connect to cyberark from OO flow to get the credentials ?

If no what is the methods to handle this?

Thanks,
Prakash.

0 Likes
1 Solution

Accepted Solutions
Highlighted
Honored Contributor.. Honored Contributor..
Honored Contributor..

Use a windows command step, Have the host set to where your CyberArk AIM is installed

Set the current directory to the path where the exe is located

The command queries the relevant safe for the username you specify and will provide the password

Your Security team or CyberArk admins should be able to provide the syntax 

All you are basicly doing is running the .exe with arguements

 

View solution in original post

0 Likes
13 Replies
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Hey again 🙂

CyberArk provides two interfaces you can take advantage of. REST and Provider SDK.

REST doesn't require a client license but does hit your Vault at each request.
Provider SDK is licensed but provides a caching mechanism so that you're hitting the vault for updates and then hitting local cache (logic is internal to the provider)

You can also build out logic from the CyberArk side to push credentials to OO during password rotation. If you go this route I would suggest developing logic to stop scheduled jobs that rely on this account and verify the job queue has completed prior to rotation.

0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

It is certainly possible, depends on what interfaces are available to you in CyberArk. 

A few years ago I created an integration between OO and CyberArk using the CyberArk's pacli command line interface. At the time, the CyberArk's REST API was not available. It's probably a lot easier with their REST API now. 

Using pacli wasn't elegant but it worked. Basically, just configured pacli on a RAS server then created a set of workflows that ran a set of pacli cmds to do things like query the vault for credentials, create creds, update creds, etc. 

0 Likes
Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..
Hey you are my savior every day. Thank you for your assistance. Do you or OO has have documentation on how to use of this.
0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Unfortunately, I can't export what the client has configured.

A PowerShell/ Python wrapper using either interface is pretty easy to write... you could also go as far as develop a custom @action as well

If you go the provider router you'll have to ensure the CyberArk APK is installed on the host you want to use for the account lookups. 
If you go the CyberArk -> OO stored credentials update route you'll have to build that logic out yourself

Of course - I'm a consultant for hire if you're looking 🙂 

Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..
I would happy to hire.. Right now our budget is limited as we are just experimenting. Thanks for your help.
0 Likes
Highlighted
Honored Contributor.. Honored Contributor..
Honored Contributor..

This is 100% possible and something that we currently do using the CyberArk AIM.

You just have OO run the exe from the command line using arguemnts and the password is retrieved in the output

0 Likes
Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..

Hi  Devildiablo,

 

Thank you for your inputs.

Could you please give some syntax  how it can be used in flow for the following statement.

"ou just have OO run the exe from the command line using arguemnts and the password is retrieved in the output"

Thanks in advance,
Prakash.

0 Likes
Highlighted
Honored Contributor.. Honored Contributor..
Honored Contributor..

Use a windows command step, Have the host set to where your CyberArk AIM is installed

Set the current directory to the path where the exe is located

The command queries the relevant safe for the username you specify and will provide the password

Your Security team or CyberArk admins should be able to provide the syntax 

All you are basicly doing is running the .exe with arguements

 

View solution in original post

0 Likes
Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..
Super. Clear now and Thanks for explanation
0 Likes
Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..
Devildiablo,
It worked. I am getting the password from safe. Thank you 🙂
But password is visible in the windows command flow step results. Is it normal? Users see this as well right?
0 Likes
Highlighted
Honored Contributor.. Honored Contributor..
Honored Contributor..

Set the result to sensitive and tick hide operations result

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.