CyberArk Authentication with UnitySync
Created: 2021-09-23 13:06:15Modified: 2025-01-17 13:08:33
Tags: Features UnitySync
As of UnitySync v3.1, LDAP connections may be configured to utilize CyberArk authentication.
Both Methods below require parameters to be entered into the connection’s raw config.txt.
- Go to the connection’s Custom tab
- Click Raw Config.
Method #1
The following CyberArk parameters in config.txt enable the CyberArk functionality for the source and/or destination connections.
The following are the required parameters for source and/or destination CyberArk authentication.
source-cyberark-url= source-cyberark-domain= dest-cyberark-url= dest-cyberark-domain=
Example of the CyberArk authentication syntax (source):
source-cyberark-url=https://www.AcmeCo.com/aimwebservice/api/accounts?appid=UnitySync&safe=A-WND-PROD-UNITYSYNC&Object=SVCUNITYSYNC01
source-cyberark-domain=AcmeCo.com
(Note: The domain is automatically appended onto the login id received from CyberArk)
Method #2
As of UnitySync v4.7, LDAP connections may alternatively be configured to utilize CyberArk Cert/Key pair for authentication.
Note: These new config.txt parameters require a full path to a PEM formatted file.
The following are the required parameters for source and/or destination cyberark authentication using PEM formatted files.
source-cyberark-cert= source-cyberark-key= dest-cyberark-cert= dest-cyberark-key=
Example of the CyberArk authentication using PEM formatted files (source):
source-cyberark-cert=c:\KeysCerts\PublicCert.pem
source-cyberark-key=c:\KeysCerts\PrivateKey.pem
Important Caveats for connections configuration for CyberArk:
Logon/pw: Any value in the UI Source tab Logon/Password (sourcelogon/sourcepw) and Destination tab Logon/Password (destlogon/destpw) are ignored.
Test and Verify buttons: While you can use the Source tab’s Selection DN to define the source OU for Discovery, the TEST and VERIFY buttons will not return a valid result. Likewise, the Destination tab’s Placement DN may be used, but Verify will not return a valid result.
Source Dest tab Port parameter: When Cyberark is enabled, the connection will ONLY use ports (389/636) for read or write.