Cyberarc Integration

Has anyone integrated Cyberarc with Appian?

  Discussion posts and replies are publicly visible

Parents
  • 0
    Certified Lead Developer
    Hi @Ankur Are you trying to refer to CyberArk?

    If so, just a quick question, may i know what's the purpose of using CyberArk, do you want to store your API credentials / service account credentials under this and want to retrieve them dynamically?

    If you are not referring to CyberArk to store your API credentials / service account details then please ignore the below mentioned points.

    But if you are, then why not the Connected System or Admin Consol to store these informations?

    As you are aware that, in real-time anyway a basic use will not have access to Design or admin consol and also once the password is saved within connected system, that will be masked and will be shown as asterisk i.e. (****) and while exporting this object, password will not be exported as part of their customization file (.properties).

    Also as you are aware, now a days appian focus is towards maximize the usage of Connected system, to perform an Integration, in order to avoid the duplicate code and achieve flexibility, re-usability and less maintenance, and as per my understanding we do not have the opportunity to setup the property values for connected system dynamically (let's say by making a call to CyberArk and getting the credentials and using them here).

    So, May i know what made you to use cyberark to store your credentials into it.
  • Yes it is CyberArk and it is the credential vault for non-production and production assets. The vault changes the passwords frequently and in some cases everyday for some critical systems and it is a mandatory requirement to use CyberArk. SAML and LDAP is used for user authentication but for appian applications and process to access business schema that currently resides on a DB2 platform it has to go via Cyberark. While setting up appian there is a step to provide credentials for DB which are hashed and those credentials are located in tomcat\tomcatResources.xml if the password for DB2 changes this tomcat\tomcatResources.xml file also needs to be updated can this be done via connected system?

Reply
  • Yes it is CyberArk and it is the credential vault for non-production and production assets. The vault changes the passwords frequently and in some cases everyday for some critical systems and it is a mandatory requirement to use CyberArk. SAML and LDAP is used for user authentication but for appian applications and process to access business schema that currently resides on a DB2 platform it has to go via Cyberark. While setting up appian there is a step to provide credentials for DB which are hashed and those credentials are located in tomcat\tomcatResources.xml if the password for DB2 changes this tomcat\tomcatResources.xml file also needs to be updated can this be done via connected system?

Children
  • +1
    Certified Lead Developer
    in reply to Ankur V
    No, as per my understanding, there are no such OOTB way to update the tomcatResources.xml file dynamically (like, by using Connected System).

    If your DB password changes frequently, means it may change for Primary as well as Secondary Data Store, and if so then you may need to build some 3rd party application (let's say, by using Java) to update a particular XML tag value in a file, so that Appian can pick the latest credentials, but what if your password gets change while a transaction is under process?

    I believe, if your DB credentials are being changed frequently (may be due to some security reasons), then it's better you should contact the Appian Support Team, probably they may suggest you some alternative solution.
  • Yes i guess i have to build a wrappers fetching via https that will encrypt the data in transit i can make this work on premise with weblogic, might have a challenge with our cloud instance.