Integrating with the CyberArk Credential Provider
You can integrate PingFederate out-of-the-box with the CyberArk Credential Provider, an external secret management system (secret manager).
Before you begin
Install the Credential Provider and note the path to the CyberArk Java Application Password SDK file. The CyberArk website provides more information about the CyberArk Credential Provider and how to install it.
About this task
The Credential Provider supports the following authentication methods: allowed machines, OS user, path, and hash.
|
Whenever you upgrade the CyberArk Credential Provider installation, replace the CyberArk Java Application Password SDK file with the latest version. |
To integrate PingFederate with the CyberArk Credential Provider:
Steps
-
Copy the CyberArk Java Application Password SDK file to the
<pf_install>/pingfederate/server/default/deploy/directory:-
In Windows environments, copy the
JavaPasswordSDK.jarfile. -
In Linux environments, copy the
javapasswordsdk.jarfile.You must install the SDK file on all nodes in your cluster. The active node needs the SDK file when performing the Validate action to check that it can retrieve the referenced secret from CyberArk. Passive nodes need to retrieve the secret at runtime.
-
-
Restart the PingFederate server.
Next steps
After integrating PingFederate with the CyberArk Credential Provider, you can:
-
Configure instances of the secret manager in PingFederate.
-
Configure authentication methods between the CyberArk Credential Provider and its CyberArk Vault. For more information, see CyberArk’s authentication methods.