Configure the MID Server for CyberArk
- UpdatedJul 31, 2025
- 2 minutes to read
- Zurich
- External Credential Storage
Configure the config.xml file to grant the MID Server access to the CyberArk vault.
Before you begin
Before starting this procedure, import the JavaPasswordSDK.jar file into the instance.
Procedure
Manually configure the MID Server Add a MID Server parameter file with these parameters.
This configuration cannot be done from the instance.
| Parameter | Value | Description |
|---|---|---|
| ext.cred.safe_folder | NameOfFolder | Folder to use for all credential lookups. For example, root. |
| ext.cred.use_cyberark | true | Boolean parameter indicating that this MID Server is integrated with CyberArk. |
| Parameter | Value | Description |
|---|---|---|
| ext.cred.safe_timeout | 5 (sec) | Timeout of each credential lookup in the vault, specified in seconds. |
| ext.cred.safe_name | NameOfSafe | Default safe name used for all credential lookups. If
parameters are in multiple safes, the credential ID may
be specified in the format
<safeName>:<CredentialID>.
When configured like this, the
NameOfSafe field is ignored.
If all external credentials have their credential IDs
specified in this format, then leave out the
NameOfSafe field. Note: By default the separator character in this
format is a colon. To assign any character you
want as a separator, add this line to the
CredMap.properties file:
safe.cred.split.string=<string>. |
| ext.cred.app_id | ServiceNow_MID_Server | Specifies the App-ID used to grant permission to the MID Server to access the CyberArk vault. The default value, ServiceNow_MID_Server, must be defined in the CyberArk vault. You can use this parameter to override the default and specify your own App-ID. If you edit the App-ID in this parameter, make sure to configure CyberArk to match. |
| ext.cred.type_specifier | true | Forces an IP address lookup to return credentials
that match both the CyberArk platform ID and the IP
address. For example, if an IP address is shared by both
Windows and Tomcat, a credential with a platform ID
starting with Win returns the
Windows credential only. When this parameter is set to
true, CyberArk looks for platform IDs that begin
with:
|
| ext.cred.check_ssh_type | false | When set to true, requires that the type of SSH credential returned from CyberArk matches the type of credential requested. For example, if a normal SSH username/password credential is requested and only SSH keys are available, the credential lookup fails. |