This integration provides the ability to use credentials saved in CyberArk AIM for the discovery jobs. The protocol stores a reference key of the CyberArk credential. When a discovery job is triggered with this protocol, it looks for the credential from a CyberArk password provider using the reference key.
CyberArk's Application Identity Management solution uses the Privileged Account Security solution to eliminate the need to store application passwords embedded in applications, scripts or configuration files, and allows these highly-sensitive passwords to be centrally stored, logged and managed within the Vault. This unique approach enables organizations to comply with internal and regulatory compliance requirements of periodic password replacement, and monitor all activities associated with all types of Privileged Identities whether on-premise or in the cloud, across operating systems, databases, applications, hypervisors, network devices, and more.
The integration between UCMDB and CyberArk's Application Identity Management allows Universal Discovery administrators to configure credentials for supported Universal Discovery protocols, which enables administrators to manage the credentials in a secure and easy way.
Instead of storing the passwords themselves in UCMDB/UD, this integration involves storing only references (in the CyberArk Enterprise Password Vault part of the Privileged Account Security Solution) to the passwords, and retrieving (using CyberArk's AIM SDK) the passwords when they are needed from the digital vault using the stored references.