Creating a CyberArk Credential

Follow the steps below to configure a CyberArk credential.

Prerequisites in CyberArk

Create a Role

1. In the CyberArk Identity Security Platform create a role under the Identity Administration module.
2. Navigate to Administrative right and add System Administrator.
3. Navigate to roles, open Privilege Cloud and add Admin role.
4. Add the role that you created in the previous step.

Create a Service Account

1. Navigate to CyberArk Privilege Cloud.
2. Create a Service Account for use with the Hydden Platform integration.
3. Add that Service Account to every safe that the user should have access to for the Hydden Platform integration. You will need to user the Login name and Suffix combination in the Hydden configuration steps below.

Also refer to the information under

• API token authentication for CyberArk Identity Security Platform Shared Services for details on the token
• Add Applications

Creating the Credential in Hydden

1. Navigate to Configuration | Settings.

2. Select Credentials and click + Add Credential.

3. From the Credential type drop-down, select CyberArk Credential

4. Enter a Name for the credential that fits your business need, in our example we used Hydden CyberArk Platform Credential.

5. For the Username, we use a service account that has been defined in the CyberArk platform. In your CyberArk instance, navigate to Identity Administration | Core Services | Users, select Service Accounts from the right menu (this is an oAuth Confidential client account). Find the service account created for the Hydden collector and use the Account Login name and Suffix combination.

   

6. Provide the Password associated with the CyberArk Cloud Directory Service Account.

7. For the CyberArk Tenant Name, provide your organization’s tenant name as setup in your CyberArk instance.

8. For the CyberArk Identity ID, us the Identity ID found in your CyberArk instance under your user profile when you select Tenant details | Identity, copy the ID and paste it into the CyberArk Identity ID field.

   

9. Click Add.

This credential enables the Hydden CyberArk data source, once configured, to see and collect the CyberArk Core Services data, like Users, Roles, Policies, etc. as available in an organization’s CyberArk cloud instance. It also enables the collector to access and collect the Accounts list and the CyberArk Safes of that organization.

That collected data can then be used in a Vaulted Credential for other verification or access purposes in Hydden.

Optional Fields on the Modal

• Platform URL: This is the generic CyberArk URL for you organization, usually something like https://yourorganization.privilegecloud.cyberark.cloud.
• Identity URL: The Identity URL can be created by using and adding the CyberArk Identity ID into the following URL format: https://{TenantIdentityID}.id.cyberark.cloud (for example, https://idu8089.id.cyberark.cloud).