The following article describes how to configure StorageGuard to retrieve the password of a scan user account from CyberArk.
- CyberArk Application Password Provider (AIM) agent installed locally on StorageGuard master server. There's no need to install the CyberArk agent on collector servers.
- Identify the CyberArk AppID, Safe name and AccountID that StorageGuard will need to use to retrieve passwords from CyberArk. Folder and Port info also required if non-default values are used.
Configuring StorageGuard to retrieve passwords through CyberArk
- Navigate to the Configuration tab and select Add Credentials Under Scan > Authentication > Credentials.
- In the Add Credentials window, fill in the credential properties according to the following description:
Free text - a logical description for this credential
The Cyber-Ark Application identifier used for authentication when querying credentials
The name of the Cyber-Ark safe that contains the account
The Cyber-Ark account identifier (also known as Object ID)
The folder which contains the account inside the safe, If not provided – StorageGuard uses the root folder (default).
The port that will be used to connect to the Cyber-Ark. If not provided – StorageGuard uses the default port.
NOTE: This is the port on which the AppProvider (CyberArk Agent) is listening, not the port that uses for connecting the vault.
NOTE: Fields marked with * can have default values in StorageGuard. When you seek to use the default value, you can leave this field empty. To configure CyberArk defaults, navigate to Admin > Properties, expand the Cyber-Ark Configuration group. Double-click on a property to edit its value.
- Create a new Connectivity Policy using the newly created CyberArk Credentials record.
- Associate the new CyberArk Policy with the Storage/Backup system you intend to scan.