Valued Contributor.. prakash_Kilaparthi Valued Contributor..
Valued Contributor..
570 views

Integration cyberark and OO possible ?

Jump to solution

Hi,

All our server/application user names and passwords are stored in Cyberark.

Is there any way we can connect to cyberark from OO flow to get the credentials ?

If no what is the methods to handle this?

Thanks,
Prakash.

0 Likes
1 Solution

Accepted Solutions
Respected Contributor.. Devildiablo Respected Contributor..
Respected Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution

Use a windows command step, Have the host set to where your CyberArk AIM is installed

Set the current directory to the path where the exe is located

The command queries the relevant safe for the username you specify and will provide the password

Your Security team or CyberArk admins should be able to provide the syntax 

All you are basicly doing is running the .exe with arguements

 

0 Likes
13 Replies
Outstanding Contributor.. JarodMB Outstanding Contributor..
Outstanding Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution

Hey again 🙂

CyberArk provides two interfaces you can take advantage of. REST and Provider SDK.

REST doesn't require a client license but does hit your Vault at each request.
Provider SDK is licensed but provides a caching mechanism so that you're hitting the vault for updates and then hitting local cache (logic is internal to the provider)

You can also build out logic from the CyberArk side to push credentials to OO during password rotation. If you go this route I would suggest developing logic to stop scheduled jobs that rely on this account and verify the job queue has completed prior to rotation.

0 Likes
HockeyGoonNorm Valued Contributor.
Valued Contributor.

Re: Integration cyberark and OO possible ?

Jump to solution

It is certainly possible, depends on what interfaces are available to you in CyberArk. 

A few years ago I created an integration between OO and CyberArk using the CyberArk's pacli command line interface. At the time, the CyberArk's REST API was not available. It's probably a lot easier with their REST API now. 

Using pacli wasn't elegant but it worked. Basically, just configured pacli on a RAS server then created a set of workflows that ran a set of pacli cmds to do things like query the vault for credentials, create creds, update creds, etc. 

0 Likes
Valued Contributor.. prakash_Kilaparthi Valued Contributor..
Valued Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution
Hey you are my savior every day. Thank you for your assistance. Do you or OO has have documentation on how to use of this.
0 Likes
Outstanding Contributor.. JarodMB Outstanding Contributor..
Outstanding Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution

Unfortunately, I can't export what the client has configured.

A PowerShell/ Python wrapper using either interface is pretty easy to write... you could also go as far as develop a custom @action as well

If you go the provider router you'll have to ensure the CyberArk APK is installed on the host you want to use for the account lookups. 
If you go the CyberArk -> OO stored credentials update route you'll have to build that logic out yourself

Of course - I'm a consultant for hire if you're looking 🙂 

Valued Contributor.. prakash_Kilaparthi Valued Contributor..
Valued Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution
I would happy to hire.. Right now our budget is limited as we are just experimenting. Thanks for your help.
0 Likes
Respected Contributor.. Devildiablo Respected Contributor..
Respected Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution

This is 100% possible and something that we currently do using the CyberArk AIM.

You just have OO run the exe from the command line using arguemnts and the password is retrieved in the output

0 Likes
Valued Contributor.. prakash_Kilaparthi Valued Contributor..
Valued Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution

Hi  Devildiablo,

 

Thank you for your inputs.

Could you please give some syntax  how it can be used in flow for the following statement.

"ou just have OO run the exe from the command line using arguemnts and the password is retrieved in the output"

Thanks in advance,
Prakash.

0 Likes
Respected Contributor.. Devildiablo Respected Contributor..
Respected Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution

Use a windows command step, Have the host set to where your CyberArk AIM is installed

Set the current directory to the path where the exe is located

The command queries the relevant safe for the username you specify and will provide the password

Your Security team or CyberArk admins should be able to provide the syntax 

All you are basicly doing is running the .exe with arguements

 

0 Likes
Valued Contributor.. prakash_Kilaparthi Valued Contributor..
Valued Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution
Super. Clear now and Thanks for explanation
0 Likes
Valued Contributor.. prakash_Kilaparthi Valued Contributor..
Valued Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution
Devildiablo,
It worked. I am getting the password from safe. Thank you 🙂
But password is visible in the windows command flow step results. Is it normal? Users see this as well right?
0 Likes
Respected Contributor.. Devildiablo Respected Contributor..
Respected Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution

Set the result to sensitive and tick hide operations result

0 Likes
Valued Contributor.. prakash_Kilaparthi Valued Contributor..
Valued Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution
Devildiablo, you are awsome 🙂
0 Likes
Respected Contributor.. Devildiablo Respected Contributor..
Respected Contributor..

Re: Integration cyberark and OO possible ?

Jump to solution

Your welcome

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.