03 Apr 2023 07:58 PM - last edited on 12 May 2023 10:02 AM by MaciejNeumann
We are using NTLM authentication with the current version of AG extension Microsoft SQL Server. Our account passwords need to get updated every x number of months and when updated we will need to update ever endpoint to use the updated password. Are there any plans to allow for endpoints to pull from an IAM tool such as Cyberark to get their password?
Solved! Go to Solution.
04 Apr 2023 12:17 AM
A CyberArk integration with the credential vault, and for extensions to use the credential vault are both currently being developed. It should both land in just a matter of months.
04 Apr 2023 07:14 PM
This will be a great addition. Thank you Mike and all involved!
12 Apr 2023 10:35 PM
What this would like this when rolled out? Specifically we are leveraging the extension Microsoft SQL Server 2.0 from the hub and looking for this integration so that we don't need to configure our api call to use the username and password. Will cyberark integration with extensions 2.0 be a phased in approach as in they will eventually be updated to allow for this? Trying to understand specifically for our extension when we may have that ability.
I assume too that the extension endpoint would have an extra value in maybe the authentication scheme for cyberark and upon choosing that you would provide additional information such as what is prompted for when you attempt to use it in the credential vault? Or would we setup the credential in the vault then simply configure the endpoint to use this credential?
12 May 2023 07:48 AM
In DB endpoint monitoring configuration it's possible to use DT credential vault credentials. These are synchronized with CyberArk using periodic synthetic test.
Unfortunately, it does not support other authentication schemes, like NTLM or Kerberos.