How to Create and Configure CyberArk Account for the Integration

To successfully integrate UCMDB/UD with CyberArk, follow the instructions below strictly to create and configure a safe, an account, and an application ID in CyberArk for the integration.

Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Create and configure a Safe

To do so,

Go to the POLICIES tab and create a safe.
1. On the POLICIES tab, from the navigation pane select Access Control (Safes), and then click Add Safe .
2. On the Add Safe page, provide values as described below:
  - Safe name: Provide a Safe name. For example, NancySafe.
  - Description: Provide a description for the Safe name.
  - Saved Passwords: Keep the default Save password versions from the last [7] days option selected.
  - Assigned to CPM: Keep the default PasswordManager option selected.
3. Click Save
Add the new Safe to the Safe Members list.
1. On the Safe Details: <Safe Name> page, click Add Member.
2. In the Add Safe Member dialog, click Search, and then from the returned list select the desired Credential Provider Username (usually Prov_<server>).
  Note The credential provider user only needs the following permissions:
  - Retrieve accounts
  - List accounts
  - View Safe Members
3. Click Add.
4. Click Close.
  
  The Credential provider username you just added should now display in the Members list.

Create and configure an account

Go to the ACCOUNTS tab, click Add Account .
On the Add Account page, provide values as described below:
- Store in Safe: Select the Safe name you just created in step 2.
- Device Type: Select Operating System from the drop-down list.
  
  Note: The required properties and optional properties may vary with the device type you select. In this document, Operating System and Windows Domain Account are selected for Device Type and Platform Name respectively as an example. For details about other properties, refer to the CyberArk Credential Provider and ASCP Implementation Guide .
- Platform Name: Select a platform name value from the drop-down list. In this example, Windows Domain Account is selected.
- Address: (Optional) Enter the IP address of the target server that you want to discover.
- User Name: Specify the user name for the account you configure in CyberArk. This is the account used by the UCMDB Server to connect to the target server that you want to discover.
- Password: Enter the password for the account you configure in CyberArk.
- Confirm Password: Enter your password again.
- Name: Select an Auto-generated or Custom name for your Safe account.
  
  If you select Custom, provide a custom account name. For example, nancy-cyberark-testing-refid.
For example,
Click Save.

Create and configure an application ID

Go to the APPLICATIONS tab and create an application ID.
1. On the APPLICATIONS tab, click .
2. In the Add Application dialog, provide values as described below:
  - Name: Specify HPE_UniversalDiscovery as the application ID for UCMDB.
  - Description: Provide a description for the application ID.
  - Location: Select \Applications.
  - Other fields: Provide values as necessary.
3. Click Add.
Add the new application ID to the Safe members list.
1. Go to the POLICIES tab, from the navigation pane select Access Control (Safes), and then select NancySafe from the Safe Name list.
2. Click Members in the lower right corner of the page.
3. On the Safe Details: NancySafe page, click Add Member.
4. In the Add Safe Member dialog, select HPE_UniversalDiscovery.
5. Click Add.
Add the full name of the Credential Provider Servers to the Allowed Machines list.
1. Go to the APPLICATIONS tab, select HPE_UniversalDiscovery.
2. On the Application Details: HPE_UniversalDiscovery page, go to the Allowed Machines tab.
3. Click Add Machine .
4. In the Add allowed machine dialog, enter IP, host name, or DNS.
5. Click Add.
Add path authentication for HPE_UniversalDiscovery.
1. Go to the Authentication tab, click Add authentication details , and then select Path.
2. In the Add Path Authentication dialog,
  - In the Path field, enter the path, for example, C:\hp\UCMDB\DataFlowProbe.
  - Make sure you select the check box for both of the following options:
    - Path is folder
    - Allow internal scripts to request credential on behalf of this application ID.
  For example,
3. Click Add.
Add operating system user authentication for the new application ID.
1. On the Authentication tab, click Add authentication details , and then select OS user.
2. In the Add Operating System User Authentication dialog, provide OS user information, for example, NT AUTHORITY\SYSTEM.
  Note
  - If the Probe is running as a service, specify NT AUTHORITY\SYSTEM as OS user.
  - If the Probe is running as console, specify <hostname\username> as OS User. For example, HPSWVM0999\Administrator.
3. Click Add.