Setting up the portal to integrate with CyberArk
Setting up the Portal to work with CyberArk requires a properties file with specific values and executing a script to enable the feature. Most values required in the properties file are derived from entries in the CyberArk application. There are two steps to setup the portal; Setting up properties and running the utility.
Set Up the Properties File on the IT Analytics Portal
- Create a properties file in the tmp directory. For example:
/tmp/dbvaultconnection.properties or C:\tmp\dbvaultconnection.properties
- Configure the properties file with the following information:
Table: Properties file configuration
Field Name | Value |
|---|---|
vault_vendor_name | CyberArk Note: Use only CyberArk as a value in this field. |
host | IP Address or hostname of the machine where Agentless AAM(Central Credential Provider) web service is running. |
port | port # of Agentless AAM(Central Credential Provider) web service. |
https | Set this value to true if Agentless AAM(Central Credential Provider) is running as https service otherwise false |
schedule_frequency | The value of this field is in hours. Defines the frequency that IT Analytics will poll CyberArk for password updates. This field is optional. The default is every hour. |
app_id | Name/ID of the application as defined in CyberArk. For example: IT Analytics. |
user_safe_id | Name of the CyberArk Safe, where 'Portal' user account password is stored. |
user_password_folder_name | Name of the CyberArk folder, where the 'Portal' user account password is stored. This field is optional. |
user_password_object | Name of the 'Portal' user account password object in CyberArk |
For each user account repeat the following. This sample describes the aptare_ro user. | |
ro_safe_id | Name of the CyberArk Safe, where 'aptare_ro' user account password is stored. |
ro_password_folder_name | Name of the CyberArk folder where the 'aptare_ro' user account password is stored. This field is optional. |
ro_password_object | Name of the 'aptare_ro' user account password object in CyberArk |
Sample of dbvaultconnection.properties containing 'portal' user account configured:
vault_vendor_name=CyberArk host=10.x.x.x port=443 https=true schedule_frequency=2 app_id=testappid user_safe_id=safe1 user_password_object=portal_account
Sample of dbvaultconnection.properties containing 'portal' user account configured:
vault_vendor_name=CyberArk host=10.x.x.x port=443 https=true schedule_frequency=2 app_id=testappid user_safe_id=safe1 user_password_object=portal_account ro_safe_id=safe2 ro_password_object=ro_account
Run the Utility to enable the CyberArk Integration.
- Navigate to the OS-specific utility on the Portal.
<APTARE_HOME>/utils/configure-db-vault-connection-info.sh
<APTARE_HOME/utils/configure-db-vault-connection-info.bat
- Execute the utility as a root/tomcat user.
On Linux:
<APTARE_HOME>/utils/configure-db-vault-connection-info.sh /tmp/dbvaultconnection.properties
On Windows
<APTARE_HOME>/utils/configure-db-vault-connection-info.bat
/tmp/dbvaultconnection.properties
The utility validates the connection parameter by invoking the REST API for each user configured in the properties file. If the validation is successful, the properties file is copied to the <HOME>/datarcvrconf/passwordvault/ folder. If the validation fails, a message is displayed and the CyberArk integration is not enabled.
- If required, navigate to the log file to troubleshoot further:
<APTARE_HOME>\logs\passwordVaultValidator.log