Docs
Integrations
How to Configure the CyberArk Integration
How to Configure a CyberArk Central Credential Provider (CCP)

How to Configure a CyberArk Central Credential Provider (CCP)

Prerequisites in CyberArk

It is recommended to create and use a CyberArk signed certificate for the CyberArk Central Credential Provider configuration in Hydden. This certificate should be imported via the import steps as documented below, under Importing and SSL Cerfificate.

For details about the CyberArk steps, refer to Install the Central Credential Provider (CCP)

Hydden Credential Provider

For every CyberArk Credential configured in the Hydden Platform, a Credential Provider entity is automatically added to the Credential Provider page. From there it can be used to configure a CyberArk Central Credential Provider (CCP).

  1. Navigate to Configuration | Discover, select the Credential Providers tab.

  2. Select the available CyberArk Credential from the list, click the Edit button.

    img
    Edit Credential Provider modal

  3. The Name field is already filled in based on the CyberArk Credential.

  4. For Credential Provider URL, provide the locally installed CCP URL.

  5. For Application ID, provide the name of the configured Application in the CyberArk platform.

  6. For Site, enter your site name, IP address, or URL.

  7. Click Update to trigger host verification. The host needs to be authorized.

Note: Please ensure to add any Hydden client IP addresses and certificate serial numbers to the appropriate application in the CyberArk platform.

Recommended SSL Certificate Configuration

Hydden provides two options for adding an SSL Certificate. Organizations can

  • import an already created SSL Certificate, a pass phrase is required for this option, or
  • generate a new SSL Certificate (recommended only for testing purposes).

If leveraging a Hydden-generated certificate, please ensure that the CyberArk CCP server trusts the Hydden CyberArk certificate. Install the certificate on the Windows Server using MMC to access the Certificates snap-in and add the certificate to the Trusted Root Certificate Authorities store.

Importing an SSL Certificate

  1. Click the Edit button for your CyberArk Credential Provider.
  2. For Passphrase, paste your certificates passphrase if configured.
  3. Click Import Client Certificate.
  4. Click Update.

Generating a Certificate (for testing only)

  1. Click the Edit button for your CyberArk Credential Provider.
  2. Check Generate Client Certificate on Import.
  3. Click Update.
  4. Click Edit to check the certificate and the client’s root CA.

You have options to copy the certificate and the root certificate for vaulting.

How to Configure a CyberArk Data SourceAdding a Vaulted (Privileged) Credential