CyberArk is an identity and access manager offering a wide set of identity security capabilities. You can use it to submit Workload Automation jobs without specifying any passwords, which are retrieved from the CyberArk vault.

How it can be integrated with Workload Automation? Simply by using 2 files:

  • the CyberArkVault library file

  • the CyberArk.ini properties file that needs to be customized

The CyberArkVault library file allows you to retrieve the password for a specific user from CyberArk. The password is not stored locally on the Workload Automation workstation, but retrieved from CyberArk while the Workload Automation job is running.

There are 2 types of integration methods:

  • With the Central Credential Provider (CCP) that starts an HTTPS call to CyberArk Central Credential Provider that manage the accesses.
  • With the local Credential Provider (CP) that starts a secure call to CyberArk Credential Provider using a proprietary CyberArk library file.

Installation Steps

  1. Download the package from Automation Hub and extract it to all your agents.
  2. Stop the agent with ShutDownLwa
  3. Save the CyberArkVault library file and the CyberArk.ini properties file to a path of your choice.
  4. Add in the JobManager.ini file, [Launchers] section, the PasswordResolver key.
  5. Set the PasswordResolver key with to the full path to the CyberArkVault_version_number library file.

  1. Edit the CyberArk.ini properties file

7. Restart the agent witn StartUpLwa command.

8. Add the necessary accounts in CyberArk, using the dedicated interface

Job Definitions

There are 2 types of jobs that are eligible to run with CyberArk integration:

  • Windows Native Job

Define the job specifying a user managed by CyberArk and defined in the Windows OS too but with empty password (the password will be returned by CyberArk)

then specify a user by using a query syntax as the follow:

section_name::parameter_name=parameter_value;

  • Job Application Plug-In

You can specify the CyberArk user and then using the syntax for password type: ${agent:password.<username>}

or you can specify a user by using a query syntax as the follow: section_name::parameter_name=parameter_value;…

Query Syntax building

User Syntax:

section_name::parameter_name=parameter_value;…

By using the above query user syntax it’s possible to build some examples as follows:

 

Comment wrap
Further Reading
article-img
Automation | June 20, 2022
The Dynamic Workload Console is the one-stop automation platform for users across the business
The Dynamic Workload Console (DWC) has become a core platform for workload automation, providing visibility into everything all in one place.“The designing of a job stream is a key operation for schedulers and application developers to or interconnect business applications and achieve governance and control,” Zaccone said. “Our idea with the new Workload Designer is to empower what we had and push it to an advanced level to provide everything is needed to our customers.” 
article-img
Automation | May 19, 2022
Continuous Security and Quality Updates on Dynamic Workload Console 10.1
After the biggest launch of Workload Automation 10.0.1 release in 1Q of 2022 (see the Workload automation original Video), what can we expect in 2022? Big news! Our first release refreshing for Dynamic Workload Console 10.0.1 is ready. Let’s answer the 5 WH questions.
article-img
Automation | May 17, 2022
HCL Workload Automation Observability for Splunk
The Observability is the evolution of monitoring into a process that offers insight into digital business applications, speeds innovation and enhances customer experience, basically it is an emerging set of practices, platforms, and tools that goes beyond monitoring to provide insight into the internal state of systems by analyzing external outputs.
Close
Filters result by
Sort:
|