CyberArk Idaptive
Visualize CyberArk Idaptive Devices, Users, Applications, Roles, Accounts and monitor changes through queries and alerts.
- Installation
- Data Model
Development
This integration focuses on ingesting devices, users, accounts and applications from the CyberArk Idaptive REST API. There are two components of interest:
- The CyberArk Idaptive tenant (available at
https://<tenant-id>.id.cyberark.cloud). You will need a username and password to log in to the tenant. - The CyberArk Idaptive REST API reference
Installation
You will have to create a service user and a client application to generate access token and use this access token to make REST API calls to fetch data from CyberArk Idaptive. To do this:
-
Using a web browser, go to your CyberArk idaptive tenant (e.g.
https://my-tenant.id.cyberark.cloud/) and log in with your credentials. -
Go to the Admin portal
-
Go to Core Services -> Users. Fill in all required fields. Check password never expires, Is service user and Is OAuth Credential Client in status as show in the below image and click on create user
-
In Admin Portal, click on Apps & Widgets -> Web Apps. Select Add Web Apps on top right corner
-
Click on custom and choose OAuth2 Client from the list as shown in the image
-
Select the Organization from the dropdown and click on Add (this prompt may not show up)
-
On the settings page, Give an ID for the application, It can be any name. Save it somewhere, It is required while configuring the integration in JupiterOne
-
Click on General Usage in the sidebar and select Confidential and check Must be OAuth Client
-
Go to Tokens in the side bar and select client credentials and choose validity of access token. Choose a period greater than 10 minutes as it was advised in the CyberArk Idaptive documentation and enable refresh tokens.
-
Select scope in the sidebar and click on Add, give it the name
alland in the regex addCDirectoryService/GetUsers|redrock/query|Roles/GetRoleMembers|SysInfo/About|UPRest/GetResultantAppsForUser|Acl/GetRowAces
- Select the permissions in the side bar, search for the service account you have created previously and click on add
-
Grant the
Runpermission to the service account. Click Save -
Go to Roles -> System Administrator
- Go to members and add Service account as the member
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | cyberark_idaptive_account | Account |
| Application | cyberark_idaptive_application | Application |
| Device | cyberark_idaptive_device | Device |
| Role | cyberark_idaptive_role | AccessRole |
| Service | cyberark_idaptive | Service |
| User | cyberark_idaptive_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
cyberark_idaptive_account | HAS | cyberark_idaptive_user |
cyberark_idaptive_account | HAS | cyberark_idaptive_application |
cyberark_idaptive_account | PROVIDES | cyberark_idaptive |
cyberark_idaptive_role | ASSIGNED | cyberark_idaptive_application |
cyberark_idaptive_user | HAS | cyberark_idaptive_device |
cyberark_idaptive_user | ASSIGNED | cyberark_idaptive_role |
cyberark_idaptive_user | ASSIGNED | cyberark_idaptive_application |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
cyberark_idaptive_user | IS | Person | FORWARD |