Can you activate SCCM integration when you use Cyberark for external credential storage?

Steve54 · ‎10-03-2019

If so how is it done?

Patrick DeCarl1 · ‎10-03-2019

I don't thin so. Cyberark is mainly for discovery. SCCM you can either do local account on DB and add account info to datasrouce of the SCCM records or you can use a window auth, but that account needs to be running your mid server service (doesnt need to the in SN cred table). If you go the route of window auth, then cyberark wont be needed since the cred is running the windows mid server service and is not loaded in SN cred table.

Steve54 · ‎10-10-2019

Thanks for the input Patrick.

As we are only using one Mid Server for discovery and CyberArk external credential storage we will not be using any SCCM creds through the Mid Server service as this will break the CyberArk configuration. Therefore we will not be able to complete the SCCM integration unless we activate another Mid Server. Is this what you are saying?

Patrick DeCarl1 · ‎10-10-2019

You can use the same mid server if needed, but I recommend clients to only use discovery mid servers for disco scan. Create new mid servers for integrations other items needed.

Steve54 · ‎10-21-2019

Here is the official answer for the community from a ticket that I opened with SN. You won't find this documented anywhere on an SN site. It is not mentioned within the CyberArk integration configuration. So I can only assume that it was not something they looked at.

"I have discussed this with subject matter experts and concluded that it is not possible to use "CyberArk password vault" with SCCM data sources."