--- title: Integrating with the CyberArk Credential Provider description: You can integrate PingFederate out-of-the-box with the CyberArk Credential Provider, an external secret management system (secret manager). component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:integra_cyberark_credenti_provider canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/integra_cyberark_credenti_provider.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: August 22, 2024 section_ids: before-you-begin: Before you begin about-this-task: About this task steps: Steps next-steps: Next steps --- # Integrating with the CyberArk Credential Provider You can integrate PingFederate out-of-the-box with the CyberArk Credential Provider, an external secret management system (secret manager). ## Before you begin Install the Credential Provider and note the path to the CyberArk Java Application Password SDK file. Learn more about the [CyberArk Credential Provider](https://docs.cyberark.com/credential-providers/12.1/en/content/cp%20and%20ascp/lp_cp.htm) and how to install it in the CyberArk documentation. ## About this task The [Credential Provider supports the following authentication methods](pf_cyberark_authentication_methods.html): allowed machines, OS user, path, and hash. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | | Whenever you upgrade the CyberArk Credential Provider installation, replace the CyberArk Java Application Password SDK file with the latest version. | ![Diagram of CyberArk server integrated with PingFederate server](_images/uwh1649105691959.png) To integrate PingFederate with the CyberArk Credential Provider: ## Steps 1. Copy the CyberArk Java Application Password SDK file to the `/pingfederate/server/default/deploy/` directory: * In Windows environments, copy the `JavaPasswordSDK.jar` file. * In Linux environments, copy the `javapasswordsdk.jar` file. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You must install the SDK file on all nodes in your cluster. The active node needs the SDK file when performing the Validate action to check that it can retrieve the referenced secret from CyberArk. Passive nodes need to retrieve the secret at runtime. | 2. Restart the PingFederate server. ## Next steps After integrating PingFederate with the CyberArk Credential Provider, you can: * [Configure instances of the secret manager](config_instanc_secret_manager_plgin_for_cyberark_credent_provid.html) in PingFederate. * Configure authentication methods between the CyberArk Credential Provider and its CyberArk Vault. For more information, see [CyberArk's authentication methods](pf_cyberark_authentication_methods.html).