Whether SapphireIMS support CyberArk integration? If yes, how it works?

Platform Security
,
1

Yes, SapphireIMS do support integration with CyberArk Application Identity Manager(AIM) as a plug-in which may bear additional commercials. SapphireIMS has option to use either CyberArk Local Credential Provider(LCP) or CyberArk Rest API to get the passwords from vault during runtime. SapphireIMS use these passwords only during runtime and doesn’t store it in SapphireIMS database for security reasons

Below diagram helps you to understand the integration:

image
image800×450 22.7 KB

You will have to contact our support team for getting installer as it is not available to all the customers of SapphireIMS. For installation, please refer attached release notes document.
PasswordVaultReleaseNote.docx (2.3 MB)

Plugin can be installed in any machine. In case of MSP/SaaS/Central Server architecture, plugin can be either centrally deployed at server side or at individual probe side. In case of MSP/SaaS/Central Server if plugin installed at server and all probes are mapped to this plugin, there shall be increase in traffic and bandwidth consumption. Data collection might be delayed due to external call to get the password from vault.

Note:

  1. SapphireIMS Agents installed in end points will get the password from corresponding server using Agent web service. Agent web service will connect to configured Password Connector Plugin to get the passwords internally. Credentials may be needed if agents are configured to use application discovery.

  2. In MSP/SaaS/Central Server setup, for jobs like AD user import and SMTP configuration,SapphireIMS web-service need access to vault to fetch relevant information.

  3. To use SMTP configuration at both MSP/SaaS/Central server and probe, the server and Probe’s CyberArk Password Vault Manger should be configured with common Safe, Folder and Object in case customer using different CyberArk Password Vault Manager at both server and probe

  4. SNMP credential is not supported in CyberArk Password Vault hence SapphireIMS will not be using vault for this.

  5. Key based SSH credential is not supported in CyberArk Password Vault hence SapphireIMS will not be using vault for this.