Configure the MID Server for CyberArk

Configure the config.xml file to grant the MID Server access to the CyberArk vault.

Before you begin

Role required: admin

Before starting this procedure, import the JavaPasswordSDK.jar file into the instance.

Procedure

Manually configure the MID Server config.xml file with these parameters.

This configuration cannot be done from the instance.

Table 1. Required configuration parameters
Parameter	Value	Description
ext.cred.safe_folder	NameOfFolder	Folder to use for all credential lookups. For example, root.
ext.cred.use_cyberark	true	Boolean parameter indicating that this MID Server is integrated with CyberArk.

Table 2. Optional configuration parameters
Parameter	Value	Description
ext.cred.safe_timeout	5 (sec)	Timeout of each credential lookup in the vault, specified in seconds.
ext.cred.safe_name	NameOfSafe	Default safe name used for all credential lookups. If parameters are in multiple safes, the credential ID may be specified in the format <safeName>:<CredentialID>. When configured like this, the NameOfSafe field is ignored. If all external credentials have their credential IDs specified in this format, then leave out the NameOfSafe field. Note: By default the separator character in this format is a colon. To assign any character you want as a separator, add this line to the CredMap.properties file: `safe.cred.split.string=<string>`.
ext.cred.app_id	ServiceNow_MID_Server	Specifies the App-ID used to grant permission to the MID Server to access the CyberArk vault. The default value, ServiceNow_MID_Server, must be defined in the CyberArk vault. You can use this parameter to override the default and specify your own App-ID. If you edit the App-ID in this parameter, make sure to configure CyberArk to match.
ext.cred.type_specifier	true	Forces an IP address lookup to return credentials that match both the CyberArk platform ID and the IP address. For example, if an IP address is shared by both Windows and Tomcat, a credential with a platform ID starting with Win returns the Windows credential only. When this parameter is set to true, CyberArk looks for platform IDs that begin with: Win: Windows Unix: SSH VMWare: VMware
ext.cred.check_ssh_type	false	When set to true, requires that the type of SSH credential returned from CyberArk matches the type of credential requested. For example, if a normal SSH username/password credential is requested and only SSH keys are available, the credential lookup fails.

Configure the MID Server for CyberArk

Configure the config.xml file to grant the MID Server access to the CyberArk vault.

Before you begin

Role required: admin

Before starting this procedure, import the JavaPasswordSDK.jar file into the instance.

Procedure

Manually configure the MID Server config.xml file with these parameters.

This configuration cannot be done from the instance.

Table 1. Required configuration parameters
Parameter	Value	Description
ext.cred.safe_folder	NameOfFolder	Folder to use for all credential lookups. For example, root.
ext.cred.use_cyberark	true	Boolean parameter indicating that this MID Server is integrated with CyberArk.

Table 2. Optional configuration parameters
Parameter	Value	Description
ext.cred.safe_timeout	5 (sec)	Timeout of each credential lookup in the vault, specified in seconds.
ext.cred.safe_name	NameOfSafe	Default safe name used for all credential lookups. If parameters are in multiple safes, the credential ID may be specified in the format <safeName>:<CredentialID>. When configured like this, the NameOfSafe field is ignored. If all external credentials have their credential IDs specified in this format, then leave out the NameOfSafe field. Note: By default the separator character in this format is a colon. To assign any character you want as a separator, add this line to the CredMap.properties file: `safe.cred.split.string=<string>`.
ext.cred.app_id	ServiceNow_MID_Server	Specifies the App-ID used to grant permission to the MID Server to access the CyberArk vault. The default value, ServiceNow_MID_Server, must be defined in the CyberArk vault. You can use this parameter to override the default and specify your own App-ID. If you edit the App-ID in this parameter, make sure to configure CyberArk to match.
ext.cred.type_specifier	true	Forces an IP address lookup to return credentials that match both the CyberArk platform ID and the IP address. For example, if an IP address is shared by both Windows and Tomcat, a credential with a platform ID starting with Win returns the Windows credential only. When this parameter is set to true, CyberArk looks for platform IDs that begin with: Win: Windows Unix: SSH VMWare: VMware
ext.cred.check_ssh_type	false	When set to true, requires that the type of SSH credential returned from CyberArk matches the type of credential requested. For example, if a normal SSH username/password credential is requested and only SSH keys are available, the credential lookup fails.

How search works:

Topics are ranked in search results by how closely they match your search terms

Configure the MID Server for CyberArk

Configure the MID Server for CyberArk

On this page

Configure the MID Server for CyberArk

Configure the MID Server for CyberArk

Log in to personalize your search results and subscribe to topics