CyberArk Authentication with UnitySync

Created: 2021-09-23 13:06:15
Modified: 2025-01-17 13:08:33
Tags: Features UnitySync

As of UnitySync v3.1, LDAP connections may be configured to utilize CyberArk authentication.

Both Methods below require parameters to be entered into the connection’s raw config.txt.

  • Go to the connection’s Custom tab
  • Click Raw Config.

Method #1

The following CyberArk parameters in config.txt enable the CyberArk functionality for the source and/or destination connections.

  • The following are the required parameters for source and/or destination CyberArk authentication.

    source-cyberark-url=
    source-cyberark-domain=
    
    dest-cyberark-url=
    dest-cyberark-domain=
    

Example of the CyberArk authentication syntax (source):

source-cyberark-url=https://www.AcmeCo.com/aimwebservice/api/accounts?appid=UnitySync&safe=A-WND-PROD-UNITYSYNC&Object=SVCUNITYSYNC01

source-cyberark-domain=AcmeCo.com

(Note: The domain is automatically appended onto the login id received from CyberArk)

Method #2

As of UnitySync v4.7, LDAP connections may alternatively be configured to utilize CyberArk Cert/Key pair for authentication.

Note: These new config.txt parameters require a full path to a PEM formatted file.

  • The following are the required parameters for source and/or destination cyberark authentication using PEM formatted files.

    source-cyberark-cert=
    source-cyberark-key=
    
    dest-cyberark-cert=
    dest-cyberark-key=
    

Example of the CyberArk authentication using PEM formatted files (source):

source-cyberark-cert=c:\KeysCerts\PublicCert.pem
source-cyberark-key=c:\KeysCerts\PrivateKey.pem

Important Caveats for connections configuration for CyberArk:

Logon/pw: Any value in the UI Source tab Logon/Password (sourcelogon/sourcepw) and Destination tab Logon/Password (destlogon/destpw) are ignored.

Test and Verify buttons: While you can use the Source tab’s Selection DN to define the source OU for Discovery, the TEST and VERIFY buttons will not return a valid result. Likewise, the Destination tab’s Placement DN may be used, but Verify will not return a valid result.

Source Dest tab Port parameter: When Cyberark is enabled, the connection will ONLY use ports (389/636) for read or write.

Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync