Skip to main content

CyberArk CCP Reference Guide

Defining Policy Manager in the Vault

To authenticate applications and check their access control authorizations in CyberArk CCP the applications must be defined in the CyberArk Password Vault. This section describes how to define Policy Manager as an application in the Password Vault using the CyberArk Password Vault Web Access (PVWA) interface:

  1. Log in to the CyberArk Vault as a user with access rights to to manage applications. (The user must have Manage Users authorization.)

  2. Click Add Application, in the Applications tab. The Add Application window is displayed:

    add-application.png

    Enter the following information:

    • In the Name field, specify the unique name (ID) for the Policy Manager application. This name must match the name that is defined in the Policy Manager application property:

      agrotera.cyberark.application_id

      For more information, see CyberArk Application Properties.

    • In the Description field, add a short description of the application.

    • In the Business owner section, specify the contact information for the application’s business owner.

    • In the Location field, specify the location of the application in the Vault hierarchy. (If a location is not specified, the application will be added in the same location as the user who is creating the application.)

    The remaining options do not need to be completed. For reference, they are described in the following table:

    Option

    Description

    Time Restrictions

    Time restrictions for secret retrieval.

    Expiration Date

    An expiration date for the application.

    Disabled

    If selected, the application is disabled.

  3. Click Add. Policy Manager is added an an application to the Vault and displayed in the Application Details page:

    application-details.png

  4. Select the Authentication tab from the Application Details page.

  5. Check the Allowing extended authentication restrictions box.

    This setting enables an unlimited number of machines and Windows domain OS users to be specified for a single application.

  6. In the Authentication tab, click Add. A list box is displayed containing a list of authentication characteristics that can be added for an application.

    These characteristics can be used by the CyberArk CCP to check the application before retrieving the application password.

  7. Select Certificate Serial Number from the list box. The Add Certificate Serial Number Authentication dialog box is displayed.

  8. Enter the Certificate Serial Number in the SN field.

    The serial number that is entered must match the client certificate serial number that is defined in the application property:

    agrotera.cyberark.certificate.path

    For more information, see CyberArk Application Properties.

  9. Click Add to save the details.

In this section: