Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Configure the CyberArk credential identifier

Log in to subscribe to topics and get notified when content changes.

Configure the CyberArk credential identifier

Create the unique key that CyberArk can use to identify specific credentials in the external repository.

Before you begin

Role required: admin

Before starting this procedure, ensure that the External Credential Storage plugin is activated, and the com.snc.use_external_credentials system property is set to true.


  1. Navigate to Discovery > Credentials or Orchestration > Credentials.
  2. Click New.
  3. From the list of credential types, select a type that supports CyberArk external storage.
  4. Complete the form using the fields from your credential type.
  5. Select the External credential storage check box.
    The User name and Password fields are replaced with the Credential ID field.
  6. In the Credential ID field, enter an expression using one of these formats:
    • If all your credentials are in the same safe, configure this safe name in the MID Server config.xml file using the ext.cred.safe_name parameter, and then specify the credential ID by name only, as <credential ID>.
    • To name credentials for a given platform that reside is a specific safe, define the credential ID as <safe>:<credential ID>:<platform ID>.
    • If your credentials are in multiple safes, specify the credential ID in this format: <safe>:<credential ID>.
    • If you want CyberArk to look up the credential by IP address, using an alternate safe, specify the credential ID in this format: <safe>:.
    • If you want CyberArk to look up the credential for an alternate platform ID in the same safe, use this format: ::<platform ID>
    • If you want CyberArk to look up the credential in a configured safe by the IP address rather than the credential ID, leave this field blank. This is the best practice for handling installations in which each server has a unique credential. Without this type of lookup, you must create a credential ID record in your instance for every server in your environment.
    Note: The credential ID must match the value in the Name field of the credential in the CyberArk vault. The Credential ID field has a limit of 40 characters.
  7. Click Submit.