Professional Documents
Culture Documents
04 PAS Install Integrations
04 PAS Install Integrations
Integrations
CyberArk Training
1
OBJECTIVES
2
LDAP INTEGRATION
3
PURPOSE
• The Privileged Account Security solution can be configured to manage users transparently through
a centralized User database, such as LDAP.
• The Privileged Account Security solution is a full LDAP (Lightweight Directory Access Protocol)
client, which communicates with LDAP-compliant directory servers to obtain User identification
and security information.
• This enables the automatic provisioning and creation of unique and individual users based upon
the external group membership and attributes.
4
PREREQUISITES
• Create an LDAP Bind account with READ ONLY access to the directory.
• Have the User Name, Password, and DN available.
5
LDAP OVER SSL
6
LDAP SETUP WIZARD
7
LDAP CONNECTION DETAILS
8
CONFIGURE DIRECTORY MAPPING AND COMPLETE INTEGRATION
9
TRANSPARENT PROVISIONING
10
LDAP SYNCHRONIZATION
11
LDAP INTEGRATION
(DIRECTORY MAPPING)
12
DIRECTORY MAPPING OVERVIEW
13
PREDEFINED DIRECTORY MAPPING
14
USER MAPPING: VAULT ADMINS (1)
15
USER MAPPING: VAULT ADMINS (2)
16
USER MAPPING: VAULT ADMINS (3)
17
USER MAPPING: VAULT ADMINS (4)
18
ADDING A FILTER TO A GROUP MAPPING
19
CONFIGURING GROUP MAPPING FILTERS
(&(objectclass=group)(|(CN=LinuxAdmins*)
(CN=WindowsAdmin*)(CN=ITManage*)(CN=Cyber*)))
20
CONFIGURING GROUP MAPPING FILTERS
(&(objectclass=group)(|(CN=LinuxAdmins*)
(CN=WindowsAdmin*)(CN=ITManage*)(CN=Cyber*)))
21
SMTP INTEGRATION
22
SMTP INTEGRATION
23
SETUP WIZARD
24
SMTP SETTINGS
25
CONFIRMATION EMAIL
26
RUN WIZARD AGAIN
27
SNMP INTEGRATION
(OR, HOW TO CONFIGURE REMOTE MONITORING)
28
PURPOSE
• Remote Monitoring relies upon SNMP to send Vault traps to a remote terminal. This enables users to
receive both Operating System and Vault Server information.
29
CONFIGURE REMOTE MONITORING
We discourage installing any third-party monitoring agents. CyberArk can send status information to
your monitoring solution using SNMP.
Prerequisites:
• Have IP Addresses of all servers that can accept SNMP traps available.
• Have Community String available.
• Provide the Management Information Base (MIB) files to the SNMP administrator for
loading into the management console.
• Have a resource from the team responsible for SNMP monitoring
30
CONFIGURE REMOTE CONTROL AGENT
• SNMP is enabled by
configuring the Remote
Control Agent during the
initial vault server
installation.
• If the RCAgent is not
configured during initial
vault installation, it can be
configured post
installation.
31
SNMP SETUP
32
RESTART RCA AND TEST SNMP
33
SIEM INTEGRATION
34
SIEM INTEGRATION
35
SIEM SETUP
36
SIEM INTEGRATION
• Add SYSLOG
configuration to dbparm.ini
• Current functionality
allows multiple IP
addresses and Message
Code filters, but only if the
servers communicate on
the same port and protocol
37
RESTART AND TEST
38
TIME SYNCHRONIZATION
39
PURPOSE
40
NTP INTEGRATION
NTP integration can be important in environments where CyberArk is one of many system producing
security logs, so that times between all security devices will correlate.
41
NTP INTEGRATION
42
NTP INTEGRATION
43
NTP INTEGRATION
• Reference published
solution number 00001769
44
SUMMARY
45
SUMMARY
• SMTP Integration
• SNMP Integration
• SIEM Integration
• NTP Integration
46
THANK YOU
47