Can I use CyberArk with UnitySync?
Created: 2021-09-23 13:06:15Modified: 2024-04-01 10:02:47
Tags: Features UnitySync
As of UnitySync v3.1, LDAP connections may now be configured to utilize CyberArk authentication.
These following CyberArk parameters in config.txt effectively enable the CyberArk functionality for the source and/or destination connections.
Go to the connection’s Custom tab, click Raw Config. Enter the following as appropriate if source and/or dest are to utilize CyberArk (enter anywhere, options are alphabetized on save automatically).
source-cyberark-url=
source-cyberark-domain=
dest-cyberark-url=
dest-cyberark-domain =
An example of the Cyberark authenciation syntax follows:
dest-cyberark-url=https://www.AcmeCo.com/aimwebservice/api/accounts?appid=UnitySync&safe=A-WND-PROD-UNITYSYNC&Object=SVCUNITYSYNC01
dest-cyberark-domain=AcmeCo.com
(The domain is automatically appended onto the login id received from cyberark)
Caveats for connection configuration when CyberArk is enabled:
Logon/pw: Any value in the UI Source tab Logon/Password (sourcelogon/sourcepw) and Destination tab Logon/Password (destlogon/destpw) are ignored.
Test and Verify buttons: While you can use the Source tab’s Selection DN to define the source OU for Discovery, the TEST and VERIFY buttons will not return a valid result. Likewise, the Destination tab’s Placement DN can be used, but Verify will not return a valid result.
Source Dest tab Port parameter: When Cyberark is enabled, the connection will ONLY use ports (389/636) for read or write.