CyberArk
CyberArk is a Privileged Access Management (PAM) tool that securely manages confidential data. CyberArk created a Digital Vault that stores data in an existing network perimeter with eight layers of security. By integrating our Nintex RPA solution with their CyberArk Vault, we can now provide you with a higher level of data security to protect your passwords.
You can now manage your credentials from Console Plus due to the new integration of the CyberArk Vault. This is optional and an alternative to Nintex's proprietary Logon Expert in the Credentials Vault.
In this document:
To complete the configuration, you need the following:
-
CyberArk account authentication details.
If you are upgrading from a previous version, contact Nintex RPA Support Team to configure the CyberArk Vault into the Nintex RPA OS.
-
Nintex RPA Console Plus .
Although the Credentials Vault can be accessed from the Nintex Studio, Nintex Admin Tool Tool, or Nintex RPA Console Plus. OS management can only be done from Console Plus.
To use CyberArk Vault integration, these configurations need to be done on the server side and will need support team assistance.
To configure parameters on the server-side:
-
In config\prod\general\feature-toggles.json, set secretsManagement to True.
-
In config\prod\general\cyberark-vault-direct.json, set the configuration of how to connect to CyberArk from the Robot:
{
"apiUrl": "https://{customer-cyberark-server-address}/AIMWebService/api/Accounts"
"appId": "{Nintex application name in CyberArk of customer}"
"safeName": "{Nintex safe name in CyberArk of customer}"
"sslType": "{ SystemDefault / Ssl3 / Tls / Tls11 / Tls12}"
"unsafeSSL": true/false
}
To configure parameters on the Robot client-side which have default values:
-
Set the parameters in nintex-rpa-client-default.json:
-
secretCacheTimeoutInSeconds
– The TTL for the secret cache, default is 300 (5mins). -
failFetchTaskOnInvalidSecret
– Whether to block the fetch task if the secret isn’t valid, default is true.
-
-
Log in to the Aerobase console.
-
Go to Clients (under Configure on the left pane).
-
Check that the nintex-secrets, nintex-secrets-admin, and nintex-secrets-reader clients don't exist.
If you see any of them present, delete them and close the Aerobase console.
-
Run PowerShell as an administrator.
-
CD to:
{installation-drive}\:{brandName}\installer-assets\config\prod\scripts
-
Run this command:
.\configureAll.ps1 -h " Run {installation-drive}\:{brandName}\" (ex: .\configureAll.ps1 -h "C:\Nintex")
To add CyberArk OS credential to Console Plus:
-
Log in to Nintex RPA Console Plus. See Accessing Console Plus.
-
Select Settings from the left navigation menu.
-
Click Manage by the OS credential type.
The Credentials vault opens to the OS tab.
-
Click +Add credential.
-
Fill out the required Vault Details fields.
Make sure to fill in the correct CyberArk account name, Domain, and User Name. They need to match for the integration to work properly.
Failure to do so will result in errors, listed in Error Troubleshooting.
The new OS credential appears in the Credentials vault list.
The Robot will now attempt to create the connection to CyberArk. If you receive an error message, see Error Troubleshooting.
It takes approximately 300 seconds for the changes in the CyberArk account to take effect on the Robot.