Skip to main content

CyberArk Idaptive

Visualize CyberArk Idaptive Devices, Users, Applications, Roles, Accounts and monitor changes through queries and alerts.

Development

This integration focuses on ingesting devices, users, accounts and applications from the CyberArk Idaptive REST API. There are two components of interest:

  1. The CyberArk Idaptive tenant (available at https://<tenant-id>.id.cyberark.cloud). You will need a username and password to log in to the tenant.
  2. The CyberArk Idaptive REST API reference

Installation

You will have to create a service user and a client application to generate access token and use this access token to make REST API calls to fetch data from CyberArk Idaptive. To do this:

  1. Using a web browser, go to your CyberArk idaptive tenant (e.g.https://my-tenant.id.cyberark.cloud/) and log in with your credentials.

  2. Go to the Admin portal

    Admin Portal

  3. Go to Core Services -> Users. Fill in all required fields. Check password never expires, Is service user and Is OAuth Credential Client in status as show in the below image and click on create user

    Create User

  4. In Admin Portal, click on Apps & Widgets -> Web Apps. Select Add Web Apps on top right corner

    Web Apps page

  5. Click on custom and choose OAuth2 Client from the list as shown in the image

    select client web app

  6. Select the Organization from the dropdown and click on Add (this prompt may not show up)

    select organization

  7. On the settings page, Give an ID for the application, It can be any name. Save it somewhere, It is required while configuring the integration in JupiterOne

    application page

  8. Click on General Usage in the sidebar and select Confidential and check Must be OAuth Client

    oauth client

  9. Go to Tokens in the side bar and select client credentials and choose validity of access token. Choose a period greater than 10 minutes as it was advised in the CyberArk Idaptive documentation and enable refresh tokens.

    client credentials

  10. Select scope in the sidebar and click on Add, give it the name all and in the regex add CDirectoryService/GetUsers|redrock/query|Roles/GetRoleMembers|SysInfo/About|UPRest/GetResultantAppsForUser|Acl/GetRowAces

scopes

  1. Select the permissions in the side bar, search for the service account you have created previously and click on add

add service account

  1. Grant the Run permission to the service account. Click Save

  2. Go to Roles -> System Administrator

admin role

  1. Go to members and add Service account as the member

assign role

Configuration in JupiterOne

To install the CyberArk Idaptive integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select CyberArk Idaptive. Click New Instance to begin configuring your integration.

Creating an instance requires the following:

  • The Account Name used to identify the CyberArk Idaptive account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your CyberArk Idaptive Tenant ID, Service User Name, Service User Password, and Application ID.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.