CyberArk Credential Provider¶
Adding a new passwords repository
- Select > .
- Click .
- Select CyberArk Credential Provider from the Type drop-down list.
- Specify object’s name.
- Provide the URL to the passwords server’s API (HTTP or HTTPS).
- Provide application identification (Application ID).
- Provide Safe (optional). If Safe is not defined, the search will be performed across all CyberArk safes.
Note
The search for a given server/account is performed based on the following attributes from the CyberArk Credential Provider, which must be set up according to the rules below:
Address
- has to match exactly with Fudo server’s IP address (required),UserName
- has to match exactly with Fudo account’s Login (required) - please refer to Creating a regular account topic,Safe
- has to match exactly with external password repository Safe field (optional).
- When used client certificate authentication Identity certificate and Identity key fields has to be defined.
Note
Identity certificate and Identity key fields must be filled using PKCS #8 format. To learn how to generate Identity certificate and Identity key please follow the next section.
- If HTTPS URL to the passwords server’s API was used, provide HTTPS server certificate in SSL certificate field.
Warning
If the HTTPS protocol is used without providing an SSL Certificate, the SSL connection will not undergo verification and will be accepted.
Click
.Assign external password repository to an account.
Generating `CyberArk Credential Provider’s` client certificate authorization
- Generate random Serial Number (e.g. 11223344556677) that will be used by CyberArk to verify the client.
- Generate client.key and client.crt files using openssl. Example:
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=PL/ST=Mazowieckie/L=Warsaw/OU=MyApp/CN=client" -set_serial "11223344556677" -keyout client.key -out client.crt
- Paste the content of the file client.crt in Identity certificate field.
- Paste the content of the file client.key in Identity key field.
- Add client serial number to CyberArk server authentication configuration.
Editing a passwords repository
To edit a passwords repository definition, proceed as follows.
- Select > .
- Find the repository definition and change its configuration as desired.
- Click .
Deleting a passwords repository
To delete a passwords repository definition, proceed as follows.
- Select > .
- Find desired repository definition and select the Delete option.
- Click .
Note
You cannot delete password repository definition if it is assigned to any account.
Related topics: