CyberArk Privileged Access Manager (PAM)

What is CyberArk PAM? #

CyberArk’s Privileged Access Manager is a full life-cycle solution for managing the most privileged accounts and SSH Keys in the enterprise. It enables organizations to secure, provision, manage, control and monitor all activities associated with all types of privileged identities.

Why Should You Use the CyberArk PAM Connector? #

The CyberArk PAM connector provides visibility into the user in your environment. You can use this visibility to:

ensure user are managed per your security policies
derive relationships between assets, users, applications, and data

How Does This Connector Work? #

Lucidum executes read-only requests to the CyberArk PAM REST API and ingests only meta-data about CyberArk PAM devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum #

Field	Description	Example
Profile Name	Name of this profile for the connector	production servers
URL	The URL for the CyberArk PAM API.	https://<PVWA_Server_address>/PasswordVault/API/
Username	A user account for the Meridian to use to connect to the Vault. The account requires the permissions: Interface Authorization: PVWA must not be included in unAuthorizedInterfaces Vault Authorization: Audit Users Safe Authorization: View Safe Members Safe Authorization: List Accounts	meridian_api
Password	Password for the user account for the Vault	Purple@Elephant#Dances$92

Source Documentation #

Creating Credentials #

For details on creating an account in CyberArk PAM:

https://docs.cyberark.com/pam-self-hosted/latest/en/content/pasimp/users-groups-add-users-v10.htm?Highlight=user%20permissions

For Authentication source, select CyberArk.

Required Permissions #

The CyberArk PAM user must have the following permissions:

Interface Authorization: PVWA must not be included in unAuthorizedInterfaces.
Vault Authorization: Audit Users
Safe Authorization: View Safe Members
Safe Authorization: List Accounts

For details on defining permissions for a user, see:

Interface Authorization: PVWA. https://docs.cyberark.com/pam-self-hosted/latest/en/content/pasimp/users-groups-managing-overview.htm?Highlight=user%20permissions#UniqueinterfaceIDs
Vault Authorization: Audit Users. https://docs.cyberark.com/pam-self-hosted/latest/en/content/pasimp/users-groups-add-users-pa.htm?Highlight=%22Audit%20Users%22#AddausertotheVault
Safe Authorization: View Safe Members. https://docs.cyberark.com/pam-self-hosted/latest/en/content/pasimp/safes-manage-safe-members.htm?Highlight=manage%20safe%20members#EditSafememberpermissionsinmodernandclassicinterfaces

API Documentation #

API v2

https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/implementing%20privileged%20account%20security%20web%20services%20.htm#Overview

Solutions

COMPANY

Resource Library

What is Lucidum?

Getting Started with Lucidum

Proxy Server

Managing Users

Connectors

Viewing Data

Using Queries

Dashboards

Value-Oriented Dashboards (VODs)

Streamlining Queries with SmartLabels and Tags

Value-Oriented SmartLabels (VOSLs)

MetaBlocks

Actions

Risk

Use Cases

Running Headless with Webhooks

Lucidum API v1

Lucidum API v2

Managing Your Lucidum System

Lucidum MoM (Manager of Managers)

Sending Alerts to Slack

Using the Luci Chatbot

Videos

CyberArk Privileged Access Manager (PAM)

What is CyberArk PAM? #

Why Should You Use the CyberArk PAM Connector? #

How Does This Connector Work? #

Configuring the Connector in Lucidum #

Source Documentation #

Creating Credentials #

Required Permissions #

API Documentation #

What are your Feelings

Solutions

COMPANY

Resource Library

What is CyberArk PAM? #

Why Should You Use the CyberArk PAM Connector? #

How Does This Connector Work? #

Configuring the Connector in Lucidum #

Source Documentation #

Creating Credentials #

Required Permissions #

API Documentation #

What are your Feelings

Share This Article :

Still stuck? How can we help?