We are using NTLM authentication with the current version of AG extension Microsoft SQL Server. Our account passwords need to get updated every x number of months and when updated we will need to update ever endpoint to use the updated password. Are there any plans to allow for endpoints to pull from an IAM tool such as Cyberark to get their password?
Solved! Go to Solution.
What this would like this when rolled out? Specifically we are leveraging the extension Microsoft SQL Server 2.0 from the hub and looking for this integration so that we don't need to configure our api call to use the username and password. Will cyberark integration with extensions 2.0 be a phased in approach as in they will eventually be updated to allow for this? Trying to understand specifically for our extension when we may have that ability.
I assume too that the extension endpoint would have an extra value in maybe the authentication scheme for cyberark and upon choosing that you would provide additional information such as what is prompted for when you attempt to use it in the credential vault? Or would we setup the credential in the vault then simply configure the endpoint to use this credential?
In DB endpoint monitoring configuration it's possible to use DT credential vault credentials. These are synchronized with CyberArk using periodic synthetic test.
Unfortunately, it does not support other authentication schemes, like NTLM or Kerberos.