Enable CyberArk in Active Console
Overview Copied
This page outlines the requirements for the Active Console to support Gateway CyberArk when accessing the database for historical data. To know more about historical data in Active Console, see the Import historical events from database and Create history charts documentation.
You can configure a Gateway to retrieve passwords from an external provider. Active Console supports the following external providers:
- CyberArk Local CP
- CyberArk Central CP
Note
CyberArk support is only available for Active Console on Windows. You can only use one external provider at a time.
Prerequisites Copied
The following requirements must be met:
- You must connect Active Console to the Gateway where the CyberArk setup is configured.
- You must configure the connection to the provider server in the Gateway > Operating environment. To configure an external provider, see Secure passwords.
CyberArk providers Copied
Gateway setup is CyberArk Local Credential Provider Copied
If the Gateway setup uses CyberArk Local Credential Provider, take note of the following:
- Gateway collects the password using the locally installed CyberArk agent.
- If no CyberArk agent is installed, the error message is displayed in the logs that no CyberArk agent is installed. This sets the password to blank.
- If CyberArk is incorrect or invalid, Gateway displays an error message that the installation is invalid. This sets the password to blank.
- If no password is returned, the reason for not retrieving the password is displayed in the logs. The errors may be due to the wrong query, no authorisation, or the CyberArk endpoint being inaccessible.
Update the ActiveConsole.gci file Copied
In order for the Active Console to support CyberArk Local Credential Provider when accessing database for historical data, you must update the ActiveConsole.gci file:
- Close all running Active Console applications.
- Locate the
ActiveConsole.gciin your installation directory. - Edit the file in a text editor to add the following flags at the bottom of the file:
-cyberarkAppIDand-cyberarksdk. - Save the file and open the Active Console.
To learn more about the local credential provider, see Secure passwords.
| Flag | Description |
|---|---|
-cyberarkAppID
|
If the AppID is not set or has been removed, CyberArk will not work. The application will not display any error messages and the password returned for connection will always be blank. Default value: |
-cyberarksdk
|
The value points to the Default value on Windows: |
Gateway setup is CyberArk Central Credential Provider Copied
If the Gateway setup uses CyberArk Central Credential Provider, take note of the following:
- The password is retrieved by the Gateway. Therefore, a CyberArk agent is not needed.
- If the query returns no password or an error occurs, this will set the password to blank.
To learn more about the central credential provider, see Secure passwords.