CyberArk Identity
- 2 Minutes to read
- Print
- PDF
CyberArk Identity
- 2 Minutes to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
About this document
This document provides the step-by-step procedure to configure CyberArk Identity in SAFE.
Introduction
SAFE integrates with CyberArk Identity, and fetches the security misconfiguration of the CyberArk Identity account in SAFE.
Prerequisites
Access required in SAFE:
SAFE Admin Access
Access required in CyberArk Identity:
CyberArk Identity Admin User
Required User Inputs:
API Instance URL
Client ID
Client Secret
Required Scope:
Role Management
User Management
Generate Connection Details
How to generate API Token
Login to your CyberArk Identity account as Admin.
Create a Service user for API requests as follows:
Go to Core Services
Click on the Users
Click on the Add User
.png "1(26).png")
Enter the following details:
Login Name
Choose required Suffix from dropdown
Email address
Display Name
Password
.png "2(23).png")
In the Status checklist, select the following checkbox:
Is OAuth a confidential client
Is Service User
Password never expires
Click the Create User button.
.png "3(22).png")
Create a new role as follows:
Go to Core Services
Click on the Roles.
Click on the Add Role button.
.png "4(20).png")
Enter the Name, Description, Organization, and Role Type as "Static".
Click on the Save button.
.png "5(22).png")
Click on the Members
Click on the Add button.
.png "6(22).png")
Search and select the above-created user and click on the Add.
.png "7(20).png")
Go to Administrative Rights and Click on the Add button.
.png "8(22).png")
Select User Management and Role Management and then click the Add button.
Click on the Save button
.png "9(22).png")
The above-created user (login name + suffix) will be used as the Client ID and the password as Client Secret.
It's important to regularly update the Client ID and Client Secret in SAFE according to its expiration date.
How to get API Instance URL
Access the CyberArk Identity Instance, and capture the URL
Copy and save the API Instance URL to use it while configuring CyberArk Identity in SAFE.
.png "10(20).png")
.png "1(26).png")
.png "2(23).png")
.png "3(22).png")
.png "4(20).png")
.png "5(22).png")
.png "6(22).png")
.png "7(20).png")
.png "8(22).png")
.png "9(22).png")
.png "10(20).png")
Configure CyberArk Identity in SAFE
Log in to your SAFE account as Admin.
Click on the Integrations option from the left navigation.
Scroll to find the CyberArk Identity integration card or Search for CyberArk Identity in the search bar.
.png "11(14).png")
.png "11(14).png")
Hover on the CyberArk Identity card and click on the Configure button
Enter the following:
API Instance URL
Client ID
Client Secret
Enter the Auto Sync Frequency.
Click on the Test Connection button.
Once the connection is successful, click on the Save button.
.png "12(14).png")
.png "12(14).png")
Once the configuration is saved successfully, click on the Sync Now button to trigger an on-demand sync.
Upon a successful sync, the system pulls the CyberArk Identity assets and their findings in SAFE. You can track the status of the sync in the History table.
.png "13(10).png")
.png "13(10).png")
View Results
Scroll down to the Finding View and Asset View available on the integration page.
Finding View: This tab displays all the findings details pulled from CyberArk Identity.
.png "14(8).png")
.png "14(8).png")
Asset View: This tab displays all the assets pulled from CyberArk Identity.
.png "15(6).png")
.png "15(6).png")
History
Learn More about Integration History here.
SAFE's Outgoing IP Addresses
Click here to find the outgoing IP addresses of SAFE. All traffic to any integrations in SAFE will see one IP address as the source IP of the incoming connection.
Was this article helpful?