Forum / Remote Desktop Manager - PAM Partners

Cyberark Privileged Access Solution

  • Create an Issue
  • Cancel

Current integration


We offer two credential entry types to get passwords that are stored in a Cyberark vault.

The first one is named Cyberark AIM and, as the name implies, it gets the passwords in a AIM server that typically resides in your own infrastructure. That being said, authorization is still performed against your PAS server, that means that this integration is not available offline.

The second one is simply Named Cyberark, it performs authorization, and also gets the credentials directly from the PAS. It reflects more closely the usage pattern of entry level customers of the PAS solution.

Our current limitation is that we cannot list credentials that one has access to in order to offer a list to pick from. This means that all credentials that you need to access, need to have a corresponding entry in RDM. We can work around that limitation by using the PACLI to extract a csv, which can then be imported in RDM.

Coming features

We are currently working on integrating the PSM, which would reduce the workload of sysadmins that have to handle creation and management of alternate shell commands in tens of entries. We will offer a mechanism, much like a gateway, which will create a single PSM server to a great number of sessions.

We recommend that you subscribe to new replies to this topic, as we will publish a notice when the feature can be tested. Please be advised that Cyberark must approve any integration before we can render it available to our community.

Best regards,



Maurice Côté

signaturesignature

Clock13 mths

Thanks for the update, any indication on how far we are away from the PSM/GW solution.

As a organization that uses both methods it would be great if there was a way to choose between methods (PSM vs GW) or give them a priority order?

Clock11 mths

Hello,

It turns out that another integration had been prioritized before this one, luckily it has just been completed. Engineering should start on this in the coming days.

Its a few days work, but intertwined with bug fixes and the daily whirlwind, it should be done in a release or two.

Sorry about that.



Maurice Côté

signaturesignature

Clock11 mths

We're also evaluating CyberArk PSM, and are using a RDM Enterprise version, so we're really keen on testing these new features as soon as they're coming out, please keep us posted.
Please also note that we are using different multifactor tools to access CyberArk PSM, including RSA tokens, so it would be great if we can combine those features. I'll post a separate feature request to create a credential type of RSA for that.

Clock11 mths

Hello,

we are almost ready to showcase our integration to Cyberark’s team. if they accept it as is, it should be a matter of weeks before the feature is delivered in a beta. I cannot say for sure when it will be available in a General Availability release though.

For RSA, we are at the initial phases of being able to work with them, and i mean just at signing their non-disclosure agreement. The whole process could takes months, can’t says for sure before we get access to their documents and platform.

Best regards,



Maurice Côté

signaturesignature

Clock11 mths

Thank you for the continued status updates! Look forward to that Beta more than you can imagine!

Clock11 mths

Has there been any progress in regards to the CyberArk PSM integration?

Clock10 mths

Hello,

The feature is currently going through the testing phase internally with the QA departement.

best regards,

Alexandre Roy

signaturesignature

Clock10 mths

I can see that the Beta have got some of this work now, Do we have some documentation on how to setup and use it?

Clock10 mths

@Anders Anderson,

The PSM feature is not available yet. We are still in the improvement process and the approval process from CyberArk.
We will post it here when it will be available and in which version of RDM.

Best regards,



Jeff Dagenais

Happy Holiday Season!
Although our various support queues will be monitored during the coming holiday season, Devolutions' offices will be closed from December 24th, 2019, to January 1, 2020, inclusively.

signaturesignature

Clock10 mths

Well I am running with version: 2019.1.3.0 and I have access to "CyberArk PSM Connection" and "CyberArk PSM Server".
Is this not the features your are working on?

or have it been released into the beta to soon?

Clock10 mths

Hello,

we need to get reviewed by Cyberark with production ready code, but we cannot call the feature as complete until it’s vetted by them.

i realize that our mistake was including it in the release notes, ill see what we can do about fixing that.

best regards



Maurice Côté

signaturesignature

Clock10 mths

Sorry looking for some clarification, does that mean the beta code is running in 2019.1.3.0? Or is the Feature still completely unavailable until the production ready code is released?

Clock10 mths

Hello,

You see the feature, it is there.

  • It's never been delivered, therefore has never been tested by a customer.
  • It hasnt been vetted. Cyberark's business team can request changes, they can even ask us to remove the integration.

It's not in Devolutions' DNA to withhold features only for our major releases. We typically have two major releases per year, which contain new features that require a lot of testing, or change the DB schema.


Throughout our minor releases, we do publish new features that have limited impact on the operations of our products.


The PSM integration, having never been published, therefore not being used by anyone, also not impacting the data access layer, nor the security system, fits that bill.

It will appear in our release notes when the business process has taken its course.


Best regards,



Maurice Côté

signaturesignature

Clock10 mths

Greetings,

I am being asked by management to get a date when the PSM feature may be available in a major release. Do you have a roadmap that I can share with them?

Clock9 mths

Hello,

The PSM integration has not being approved by CyberArk so it's not possible for us to release this integration in an official release.
Unfortunately, I cannot provide you any timeline regarding this.

Best regards,



Jeff Dagenais

Happy Holiday Season!
Although our various support queues will be monitored during the coming holiday season, Devolutions' offices will be closed from December 24th, 2019, to January 1, 2020, inclusively.

signaturesignature

Clock9 mths

Is there a new version that will have an updated integration in the works or something? Basically what does this mean?

Clock9 mths

Hello,

When RDM 2019 will became an official release and when the CyberArk PSM feature will be officially included, I will post in this thread with an available download link.
Unfortunately, I don't have an exact release date for the moment.

Best regards,



Jeff Dagenais

Happy Holiday Season!
Although our various support queues will be monitored during the coming holiday season, Devolutions' offices will be closed from December 24th, 2019, to January 1, 2020, inclusively.

signaturesignature

Clock9 mths

Hello,

Just a quick update to inform you that we are still working with Cyberark on getting approval. It turns out that we've had to initiate a process to switch from a virtualized environment provided by CyberArk, to an on-premises environment integrated with our Domain.

Setting up that environment is planned for next week.

Best regards,



Maurice Côté

signaturesignature

Clock7 mths

Hello, are there any updates? I used RDM in the past and I'd like to suggest to use this product in our company, but we would need CyberArk PSM integration including RSA authentication

thanks
Jan

Clock5 mths

@j17,

CyberArk PSM is integrated in RDM, however, if I remember correctly, the API/SDK provided by them doesn't support the RSA authentication feature.
I would need to very with our business architect, but this could take a few days because because of the summer vacation.

Best regards,



Jeff Dagenais

Happy Holiday Season!
Although our various support queues will be monitored during the coming holiday season, Devolutions' offices will be closed from December 24th, 2019, to January 1, 2020, inclusively.

signaturesignature

Clock5 mths

What version is CyberArk PSM in? I would like to test this out.

Clock4 mths

Hi Andrea,

Base on the discussion we had with CyberArk our integration works fine with the latest version of CyberArk PSM.

For information, you need to configure CyberArk PSM Server first and then CyberArk PSM Connection.

CyberArk PSM can be tested with RDM 2019.1.41.0.

Best regards,



David Grandolfo

Happy Holiday Season!
Although our various support queues will be monitored during the coming holiday season, Devolutions' offices will be closed from December 24th, 2019, to January 1, 2020, inclusively.

signaturesignature

Clock4 mths

Is there documentation on how to set it up? We have had CyberArk fully implemented for the last 6 years.

Clock4 mths

Hello,

The documentation is on our todo list, but we tried to build them easy to configure.

CyberArk PSM needs to be configured, if you need help for this, please contact CyberArk.

Looking at CyberArk PSM Server, it requires the CyberArk Server (the PSM Server) then a Username, Domain, and Password. We add the requirement of an RDP Template.

Create an RDP template on your team data source by following the help topic https://help.remotedesktopmanager.com/file_templates.htm .

The latest parts are which Connection components are enabled on your PSM server. You have to look with your PSM expert.

Once the PSM Server is configured, you create as many PSM Connection you want. For then, you need the information:

  • Host = The host of the target machine you want to connect to
  • Privileged Account = The name of the privileged account in your CyberARK you wish to use
  • PSM server = Select in the dropdown the PSM Server you configured before
  • Connection Component = Select the component installed on the CyberArk PSM server


Best regards,



David Grandolfo

Happy Holiday Season!
Although our various support queues will be monitored during the coming holiday season, Devolutions' offices will be closed from December 24th, 2019, to January 1, 2020, inclusively.

signaturesignature

Clock5 mths

I have found the PSM server & PSM connection additions (As a vault admin this makes me very excited), but I need to know, what information is required in the RDP Template to make it work. I just tried one I have lying around and PSM didn't accept it. While I know documentation is coming, it would be great to get an example of the RDP template.

Clock4 mths

Hi,

The connection components are related to the session type you start. As an example, I set it to PSM-RDP for an RDP connection.
CyberArk+PSM+Connection

My CyberArk Server configuration looks like this:
CyberArk+PSM+Server
Best regards,



David Grandolfo

Happy Holiday Season!
Although our various support queues will be monitored during the coming holiday season, Devolutions' offices will be closed from December 24th, 2019, to January 1, 2020, inclusively.

signaturesignature

CyberArk_PSM_Connection.png
CyberArk_PSM_Server.png
Clock4 mths

When I attempt to create a PSM Server Entry I am prompted for Template. Where can I find information on how to create said template?

psm.png
Clock16 days

Hello,

The templates can be accessed and created from File -> Templates -> Templates.
The RDP Template can be very basic (default values), or adapted to your preferences.

I hope this helps!


Best regards,



Alex Belisle

Happy Holiday Season!
Although our various support queues will be monitored during the coming holiday season, Devolutions' offices will be closed from December 24th, 2019, to January 1, 2020, inclusively.

signaturesignature

Clock16 days

Why is a template necessary though?
PSM Server just really acts as a gateway for the end point server. I expected RDM to use it in a similar manner as they would a Remote desktop gateway Server.
I am not understanding what settings I would need to apply in a template for a PSM Connection.


UPDATE


FYI to anyone else, I just created a blank template with no settings and applied it to this PSM Server entry and they subsequent PSM Session entries started working. I would still like some information on why you would put in this template or what purpose it is to serve though.

Clock16 days