Product Diagram & Description of CyberArk Integration

CyberArk Integration

In order to authenticate to services and directories within an internal network, EPAS utilizes credentials with privileged access to connect, retrieve and audit password data.

EPAS consists of a single MASTER component and multiple auxiliary components – only the EPAS MASTER component (central server) is able to store and retrieve access credentials for connecting.

Given the data sensitivity, as well as increasing needs for secure password management for privileged accounts, the CyberArk AAM integration, using the Central Credential Provider/Credential Provider components allows credential usage by EPAS workflows and processes without compromising security:

  • Whenever an EPAS Audit is started for a certain target (E.g. Microsoft Active Directory), the EPAS MASTER performs a credential retrieval request over a secure channel to the CyberArk Central Credential Provider.
  • The CyberArk Central Credential Provider/Credential Provider checks the authorizations of the requesting application (EPAS) and, if authorized, provides the requested credentials using a documented data format.
  • EPAS makes use of the provided credentials in order to authenticate to the target system (e.g. Microsoft Active Directory), perform the standard data retrieval operations.
  • The provided credential set is not stored or cached, but used on-the-fly. Should additional operations be required on the same system, the above process will be repeated.

The required credential properties for every EPAS target system data retrieval are the account name (username) and the account password (Content).

All other system properties are already known to EPAS when the credential retrieval operation starts. EPAS supports the following systems for which it can retrieve credentials from any given CyberArk Vault:

  • Microsoft Active Directory Accounts
  • Microsoft Windows Local Accounts
  • IBM System z - zSeries - S/390 RACF (z/OS, z/VM)
  • IBM System i - iSeries - AS/400
  • IBM System p - pSeries - RS/6000 AIX
  • IBM Lotus Domino Application Server
  • BSD Operating System
  • Linux Operating System
  • Sun Solaris – SunOS
  • Apache Basic - htpasswd
  • SAP NetWeaver - ABAP AS
  • LDAP Authentication Server
  • Novell eDirectory
  • MongoDB System Accounts
  • MSSQL System Accounts
  • MySQL System Accounts
  • Oracle System Accounts
  • PostgreSQL System Accounts
  • Sybase ASE System Accounts
  • DB2 Database Custom Application
  • Informix Database Custom Application
  • MaxDB Database Custom Application
  • MSSQL Custom Database Application
  • MySQL Database Custom Application
  • Oracle Database Custom Application
  • PostgreSQL Custom Database Application
  • Sybase ASA Database Custom Application
  • Sybase ASE Database Custom Application