Automic Workload Automation

Hi Community,

We frequently encounter missing feature in cyberark integration day by day. I would like to ask you to vote for the 3 most important deficiencies by sharing the idea links. These missing features are of serious importance for security.

Case1: AppID issue

APPID value part cannot be multiplexed in UC_VAULT_CYBERARK

UC_VAULT_CYBERARK - more than one Application ID

Case2: Conn object issue

missing feature: external vault (cyberark) cannot work with conn objects

Cyberark improvements

Case3: JOBF object issue --> ( info: solved 21.0.13 ) 

Missing Feature: External password vaults are does not supported for JOBF

Case4: LDAP sync login object issue

Login Objects with Type LDAP for SYNC_LOGIN should support external Password Vault

Case5: ServiceManager Dialog logon as section issue

couldn't open idea to it. because the idea portal is closed. we pulled the pass here with a custom solution. but still there is no integration here either.

Thanks. 

------------------------------
Olgun Onur Ozmen
https://www.linkedin.com/in/olgunonurozmen/
------------------------------

Hi,

Thank you, good initiative to sum up missing features for Password Vaults.

Pls. have a look to the following one I've opened a while ago:

Login Objects with Type LDAP for SYNC_LOGIN should support external Password Vault

And vote for it!

The feature "APPID value part cannot be multiplexed in UC_VAULT_CYBERARK" is an interesting one.

We here have only 1 App ID for UC4, which is authorized for multiple safes in CyberArk. (In more detail one App ID per UC4 System: Dev, Test and Prod, so 3 App IDs in total.)

We never hat the need to specify another App ID, in our concept the Application ID for UC4 Prod. is for example "APP-20000-UC4P-PROD". If a customer project wants to use external password vault, the need to authorize the UC4 AppID and we need to add their Safe name to UC_VAULT_CYBERARK.

Anyhow in case the CyberArk concept is different in you case, this limitation might be a showstopper.

Instead of adding another APP ID to UC_VAULT_CYBERARK and mixing up APPs and SAFEs, maybe having multiple UC_VAULT_CYBERARK VARAs is a good idea. For example UC_VAULT_CYBERARK_APP_ID_1, UC_VAULT_CYBERARK_APP_ID_2, etc.

Where the first one contains safes where APP_ID_1 is authorized, the second one contains safes where APP_ID_2 is authorized and so on.

Cheers, Josef

Hi ,

Each safe used in cyberark has to have an appID value. there is not only automic safe in the company :) thousands of systems have thousands of safes. naturally there are thousands of appIDs. An orchestration product should be able to use the users of different systems without seeing their passwords.  it is illogical to collect the passwords used in automic into a single safe specific to automic.

Automic must be able to access the safes of each external system (just like you can access it with these parameters in a single query with cyberark sdk) . If automic engine hosts has authorize to these safes, you can access these different safes via the engine. but there is no point if you cannot send the appid value. otherwise, collecting these users into the single automic safe would be taking responsibility for these users. which creates a security breach. 

I hope that's clearer.

Thanks.

reminder for vote !!! Because of the missing cyberark integration, we are having a lot of problems with security teams.

Hi All,

I made a summary edit of the shortcomings seen above first post. One of them seems to have been solved so far. If you have a different situation than these , that you have encountered, please specify.