Transcription
1BackBox CyberArk Integration1GuideBackBox CyberArk Integration GuideRetrieving account credentials using CyberArkPartner Information: CyberArkhttps://www.cyberark.com/Application Identity Manager V9.95Integration Details:Automating Account Credentials Retrievalusing CyberArk SDKUpdated: Jun 24, 2018backbox.comCopyright 2017 / All rights reserved / [Protected}
2BackBox CyberArk Integration GuideContentsSolution Summary 3Installation and Configuration 3-4Verifying the Installation . .5Using CyberArk as BackBox’s Credential Provider . 6-8Troubleshooting 9Copyright 2017 / All rights reserved / [Protected}2
3BackBox CyberArk Integration GuideSolution SummaryThe CyberArk's Privileged Account Security (PAS) solution, a full life-cycle solution for managing the mostprivileged accounts in the enterprise, enables organizations to secure, provision, manage, control andmonitor all activities associated with all types of Privileged Identities such as administrator on a Windowsserver, Root on a UNIX server, Cisco Enable on a Cisco device, Checkpoint Expert on a Checkpoint deviceas well as embedded passwords found in applications and scripts. The Application Identity Managereliminates the need to store App2App passwords in applications, scripts or configuration files, and allowsthese highly-sensitive passwords to be centrally stored, logged and managed with CyberArk’s patentedVaulting Technology .AIM fully addresses the need to assure the highest availability for applications running the enterprisebusiness, independent of network availability and with the highest performance.This integration is designed to retrieve credentials for devices, in real-time, stored within a password Vault inCyberArk, to enable BackBox connecting to the device to perform automated Backups, Tasks and otheradministrative processes.Installation and ConfigurationConfiguring BackBox as an application on CyberArkPlease refer to “Application Identity Management Implementation Guide” document, from the CyberArkfor installation and configuration of AIM, which includes the Application Password SDK.1.Creating the BackBox Application in CyberArkFor BackBox to be able to retrieve credentials from CyberArk a unique application should becreated and commonly named as “BackBox”.Copyright 2017 / All rights reserved / [Protected}3
4BackBox CyberArk Integration Guide2.Devices and Assets should include the device Username and IP Address or FQDN name at theminimum.3.The last and most important step is adding the BackBox Application account as a member, toeach Safe from which credentials should be retrieved from, granting it the ‘Retrieve accounts’privilege.Copyright 2017 / All rights reserved / [Protected}4
5BackBox CyberArk Integration GuideVerifying the Installation To verify the installation simply execute the following command on BackBox CLI:‘VerifyCyberArkInstall’If the installation was successful the output should look like this:Copyright 2017 / All rights reserved / [Protected}5
6BackBox CyberArk Integration GuideUsing CyberArk as BackBox’s Credential ProviderTo start using CyberArk’s Credential Provider two steps on BackBox are required:1.Activating CyberArk Authentication:o Login to BackBox web interface and navigate to Authentication Authentication Serverso Click the ‘CYBERARK’ tabo Toggle on the ‘Use CyberArk Authentication’ buttono Click the ‘TEST CYBERARK CONNECTIVITY’ buttono SaveNote: The save button will only enable following a successful connectivity test.Copyright 2017 / All rights reserved / [Protected}6
7BackBox CyberArk Integration Guide2.Create a CyberArk authentication template and assign it to devices:ooooooNavigate to Authentication Authentication TemplatesClick AddToggle on the ‘CyberArk’ buttonEnter a name for the template (e.g “CyberArk Cisco”)Choose the devices on which to use the new template onSaveNote: The AppID default value is BackBox and can only be modified on rare occasions on CyberArk’sapproval.Copyright 2017 / All rights reserved / [Protected}7
8BackBox CyberArk Integration GuideThe next time BackBox connects to the chosen devices the credentials, if exist on CyberArk, will be used:Copyright 2017 / All rights reserved / [Protected}8
9BackBox CyberArk Integration GuideTroubleshootingThe most common errors are:ooooConfiguration Errors (such as incorrect CyberArk details or indentation)Incorrect naming in CyberArk – ensure all assets and objects contain unique, monovalent values,specifically Username and IP Address pairsMake sure the BackBox Application in CyberArk has permissions to retrieve accountsCheck that the relevant CyberArk Safes has the BackBox Application as a memberIf everything is configured correctly and you are still experiencing issues, please contact us by email atsupport@backbox.com with a description of the issue and your contact details.Copyright 2017 / All rights reserved / [Protected}9
The CyberArk's Privileged Account Security (PAS) solution, a full life-cycle solution for managing the most privileged accounts in the enterprise, enables organizations to secure, provision, manage, control and
