ServiceNow Cyberark Integration

vittal1 · ‎12-19-2017

Dear experts,

We are working on a new implementation of ServiceNow and exploring options of Security/Credentials. Anyone implemented external credential stores like CyberArk?

If yes, please let me know, I can post my specific questions.

Thanks in advance,

Regards,

Vittal Agirishetti

The Capital Group of Companies, Irvine CA.

Robert Beeman · ‎12-20-2017

This is very interesting. We have a very mature ServiceNow implementation, and we are currently in the process of deploying CyberArk for our privileged AD accounts. I don't think we've yet considered leveraging CyberArk for ServiceNow privileged accounts as well. I would be very interested in how this plays out for your company.

vittal1 · ‎01-08-2018

Thanks Robert. We made some progress in our design. Will update, once completed.

Sashi K1 · ‎01-08-2018

Hi Vittal

If you are looking for authorizing at runtime instead of local userid/pwd, Cyberark is one such database to get us temp access to connect any applications. On the platform ServiceNow uses MID as local agent to connect any internal applications or databases. MID requires authentication credentials to connect which are normally stored on properties or credentials table. We can make sure of tools like Cyberark to get runtime temp password to connect any network apps.

You can make that happen using a Java project. You can develop a stand alone Java project (got flexible APIs to connect CyberArk or any database) to connect Cyberark and return a temp password to connect. Once your Java project is ready, deploy those jars files to MID and use JavaScript Probe to make calls to your public facing Java methods. That way your MID uses local Java Jar classes to connect CyberArk at runtime for authentication.

Does that make sense? Share your design approach if you are using non Java bases Integrations or REST calls.