I sure wish i could remember how I saw that done, but I don't, Matthew.

I thought they had a single credential that pointed to CyberArk which then did the lookup by IP, but you would almost certainly know better than I. It's been a few years, and I was just a guest in somebody else's instance there.