PingFederate Server

Integrating with the CyberArk Credential Provider

You can integrate PingFederate out-of-the-box with the CyberArk Credential Provider, an external secret management system (secret manager).

Before you begin

Install the Credential Provider and note the path to the CyberArk Java Application Password SDK file. The CyberArk website provides more information about the CyberArk Credential Provider and how to install it.

About this task

The Credential Provider supports the following authentication methods: allowed machines, OS user, path, and hash.

Whenever you upgrade the CyberArk Credential Provider installation, replace the CyberArk Java Application Password SDK file with the latest version.

Diagram of CyberArk server integrated with PingFederate server

To integrate PingFederate with the CyberArk Credential Provider:

Steps

  1. Copy the CyberArk Java Application Password SDK file to the <pf_install>/pingfederate/server/default/deploy/ directory:

    • In Windows environments, copy the JavaPasswordSDK.jar file.

    • In Linux environments, copy the javapasswordsdk.jar file.

      You must install the SDK file on all nodes in your cluster. The active node needs the SDK file when performing the Validate action to check that it can retrieve the referenced secret from CyberArk. Passive nodes need to retrieve the secret at runtime.

  2. Restart the PingFederate server.

Next steps

After integrating PingFederate with the CyberArk Credential Provider, you can: