The Scan Engine can be configured to scan targets using credentials stored within a CyberArk Privileged Account Security Solution vault.

Required components

The integration with CyberArk uses the Application Identity Manager Central Credential Provider Web Service to retrieve credentials from Cyberark. The Central credential provider web service should be installed as per the Central Credential Provider Implementation Guide. This is typically installed on the same machine as the Private Vault Web Access.

Required Account Permissions

In order to access credentials through the CyberArk CCPWA, an Application account must be configured for the Scan Engine to use. This can be created through the Private Vault Web Access.

The application account should be configured to allow access only from the scan engine server.