CyberArk Integration with ServiceNow for external credential storage

Go to solution
avinashrvn
Tera Contributor

‎05-23-2017 06:21 AM

Hi All, As part of discovery and Service Mapping effort we are trying to integrate CyberArk with ServiceNow for external credential storage. Gone through the documentation available at https://docs.servicenow.com/bundle/istanbul-it-operations-management/page/product/discovery/concept/..., But looking for a detailed process from CyberArk configuration perspective with a detailed process/best practices followed if any.

Also, Is there a necessity to create a credential resolver Jar(https://docs.servicenow.com/bundle/istanbul-it-operations-management/page/product/discovery/task/t_C...) for MID server to resolve the Credential ID obtained from the instance to match the objects from vault or will it come bundled with CyberArk AIM API.

Labels:
0 Helpfuls
  • 3,979 Views
1 ACCEPTED SOLUTION

Go to solution
Dave Ainsworth
ServiceNow Employee
ServiceNow Employee

‎05-24-2017 06:20 AM

Hi Avinash,



You don't need to create a Jar, just upload the JavaPasswordSDK.jar file to the MID jar files which you will find in the ApplicationPasswordSdk folder on the MID server (after you have installed the AIM agent). The MID server will pick this up and use this to make calls to CyberArk.



The documentation should be sufficient for configuration on the ServiceNow side and your CyberArk admin will usually configure CyberArk itself.



I would consider some level of caching in the AIM agent (memory or persistent) which will help reduce the number of calls to the CyberArk vault and therefore improve performance. The nature of discovery means that there will be quite a lot of requests for credentials. The CyberArk admin will probably have configured this already.



Also, when creating domain credentials within CyberArk, enter the domain into the 'Login to' field and the user into the 'user' field. The MID server will then use the credentials correctly when authenticating.



Regards,



Dave


View solution in original post

5 REPLIES 5

Go to solution
luke_vf_08
Kilo Expert

‎10-19-2017 08:08 PM

Hi All. What port needs to be opened up to allow the AIM Agent to connect to CyberArk?



I can see from the wiki that it is HTTPS (443) for Custom.



External credential storage architecture



But the CyberArk doc doesn't mention the port.



https://docs.servicenow.com/bundle/jakarta-it-operations-management/page/product/discovery/concept/c...


0 Helpfuls