Geneos ["Geneos"]
["Geneos > Active Console"]["User Guide"]

Enable CyberArk in Active Console

Overview

This page outlines the requirements for the Active Console to support Gateway CyberArk when accessing the database for historical data. To know more about historical data in Active Console, see the Import historical events from database and Create history charts documentation.

You can configure a Gateway to retrieve passwords from an external provider. Active Console supports the following external providers:

  • CyberArk Local CP

  • CyberArk Central CP

Note: CyberArk support is only available for Active Console on Windows. You can only use one external provider at a time.

Prerequisites

The following requirements must be met:

  • You must connect Active Console to the Gateway where the CyberArk setup is configured.

  • You must configure the connection to the provider server in the Gateway > Operating environment. To configure an external provider, see Configure the operating environment in Secure Passwords.

CyberArk providers

Gateway setup is CyberArk Local Credential Provider

If the Gateway setup uses CyberArk Local Credential Provider, take note of the following:

  • Gateway collects the password using the locally installed CyberArk agent.

  • If no CyberArk agent is installed, the error message is displayed in the logs that no CyberArk agent is installed. This sets the password to blank.

  • If CyberArk is incorrect or invalid, Gateway displays an error message that the installation is invalid. This sets the password to blank.

  • If no password is returned, the reason for not retrieving the password is displayed in the logs. The errors may be due to the wrong query, no authorisation, or the CyberArk endpoint being inaccessible.

Update the ActiveConsole.gci file

In order for the Active Console to support CyberArk Local Credential Provider when accessing database for historical data, you must update the ActiveConsole.gci file:

  1. Close all running Active Console applications.

  2. Locate the ActiveConsole.gci in your installation directory.

  3. Edit the file in a text editor to add the following flags at the bottom of the file: -cyberarkAppID and -cyberarksdk.

  4. Save the file and open the Active Console.

Flag Description
-cyberarkAppID

If the AppID is not set or has been removed, CyberArk will not work. The application will not display any error messages and the password returned for connection will always be blank.

Default value: ITRS-Geneos

-cyberarksdk

The value points to the clipasswordsdk executable that would retrieve the password from the CyberArk vault.

Default value on Windows: %ProgramFiles(x86)%\CyberArk\ApplicationPasswordSdk\clipasswordsdk

   

To learn more about the local credential provider, see CyberArk Local Credential Provider in Secure Passwords.

Gateway setup is CyberArk Central Credential Provider

If the Gateway setup uses CyberArk Central Credential Provider, take note of the following:

  • The password is retrieved by the Gateway. Therefore, a CyberArk agent is not needed.

  • If the query returns no password or an error occurs, this will set the password to blank.

To learn more about the central credential provider, see CyberArk Central Credential Provider in Secure Passwords.