• 1 Minute to read
  • PDF


  • PDF


CyberArk solution helps in managing, controlling, and monitoring privileged user activities. The SAFE-CyberArk integration eliminates the manual entry of the assets’ password on the SAFE platform for assessment. With this integration, SAFE pulls the assets’ credentials from the CyberArk PAM server via API, authenticates the assets using these credentials, and does the assessment.

Configure CyberArk

To configure CyberArk:

  1. Navigate to Administration > SAFE Hooks > Management Tools.
  2. Click the Configuration button available on the CyberArk card.
  3. Enter the AIM URL, Application ID, CyberArk Safe.
  4. Upload Client Certificate, Private Key, and Root CA Certificate. The Client Certificate, Private Key should be issued by a CA server in the customer’s environment and it’s Root CA certificate should be added here.
  5. Mark the “Verify SSL certificate” checkbox if the CyberArk server uses a CA-signed certificate, which is trusted by the SAFE server to establish a secure connection.
  6. Enter the IP Address and Username.
  7. Click the Test Connection button.
  8. Once the connection is verified, click Save Configuration.


  • The account must have permissions to the Vault to get a list of accounts (for which SAFE needs to perform agentless assessments) and retrieve the login credentials saved in the CyberArk Vault.
  • The detailed instructions on setting up permissions in CyberArk are provided in the CyberArk’s AAM guide for SAFE available at”. These should be completed before setting up the integration in SAFE Hooks.
  • SAFE - CyberArk integration supports CyberArk PAS v10.10.

Was this article helpful?

What's Next