start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
start portlet menu bar end portlet menu bar
Close
Select Page
Automation, HCLSoftware
  | May 24, 2022

Ensuring Passwordless Job Schedulation with CyberArk Integration

Andrea Fiore
Andrea Fiore
Workload Automation Senior Software Engineer, HCL Technologies
Ensuring Passwordless Job Schedulation with CyberArk Integration

CyberArk Integration

CyberArk is an identity and access manager offering a wide set of identity security capabilities. You can use it to submit Workload Automation jobs without specifying any passwords, which are retrieved from the CyberArk vault.

How it can be integrated with Workload Automation? Simply by using 2 files:

  • the CyberArkVault library file

CyberArk Integration

  • the CyberArk.ini properties file that needs to be customized

CyberArk Integration

The CyberArkVault library file allows you to retrieve the password for a specific user from CyberArk. The password is not stored locally on the Workload Automation workstation, but retrieved from CyberArk while the Workload Automation job is running.

There are 2 types of integration methods:

CyberArk Integration

  • With the Central Credential Provider (CCP) that starts an HTTPS call to CyberArk Central Credential Provider that manage the accesses.
  • With the local Credential Provider (CP) that starts a secure call to CyberArk Credential Provider using a proprietary CyberArk library file.

Installation Steps

  1. Download the package from Automation Hub and extract it to all your agents.
  2. Stop the agent with ShutDownLwa
  3. Save the CyberArkVault library file and the CyberArk.ini properties file to a path of your choice.
  4. Add in the JobManager.ini file, [Launchers] section, the PasswordResolver key.
  5. Set the PasswordResolver key with to the full path to the CyberArkVault_version_number library file.

CyberArk Integration

  1. Edit the CyberArk.ini properties file

CyberArk Integration

7. Restart the agent witn StartUpLwa command.

8. Add the necessary accounts in CyberArk, using the dedicated interface

CyberArk Integration

Job Definitions

There are 2 types of jobs that are eligible to run with CyberArk integration:

  • Windows Native Job

Define the job specifying a user managed by CyberArk and defined in the Windows OS too but with empty password (the password will be returned by CyberArk)

CyberArk Integration

then specify a user by using a query syntax as the follow:

section_name::parameter_name=parameter_value;

CyberArk Integration

  • Job Application Plug-In

You can specify the CyberArk user and then using the syntax for password type: ${agent:password.<username>}

or you can specify a user by using a query syntax as the follow: section_name::parameter_name=parameter_value;…

CyberArk Integration

Query Syntax building

User Syntax:

section_name::parameter_name=parameter_value;…

By using the above query user syntax it’s possible to build some examples as follows:

CyberArk Query

Query Syntax

 

Comment wrap
Andrea Fiore
Andrea Fiore
Workload Automation Senior Software Engineer, HCL Technologies
Andrea joined HCL in April 2017 in the Verification&Validation Test team. He works as verification tester for Workload Automation suite both on L3 Support team (in distributed and cloud-native environments) and in Test Team for new releases developing. He has a master's degree in Computer Science Engineering, with specialization in Automatic and System Engineer.
Read more

Topics in this article:

#Automationanywhere#automationhub#HCLSoftware#workloadautomationcyberarkintegrationsPlugins

Submit a Comment

Your email address will not be published. Required fields are marked *

* HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


workload-automation
Automation | July 24, 2023
Workload Automation: More than 100 Plugins Lets You Automate More (and Better)
The Automation Hub is an innovative work-in-progress as we regularly add many more items to it. It showcases HCL Workload Automation’s ability to orchestrate IT and business workloads.
Uffe Sorensen
Ernesto Carrabba
Product Manager, HCL Clara, HCL HERO and HCL Workload Automation
workload-automation
Automation | February 10, 2023
Banking Case Study: New Client Adoption and Reverse Check: HWA+DRYiCE-iControl
We look at a banking case study wherein we are going through the “New Client Adoption and Reverse Check” business process.
Uffe Sorensen
Sriram V
Technical Advisor-Workload Automation
workload-automation
Automation | September 28, 2022
See your scheduling metrics on Prometheus and Grafana
HCL Workload Automation has exposed its metrics for the main components, the back-end which reports metrics around job execution.
Uffe Sorensen
Juscelino Candido de lima Junior
HCL Workload Automation IT Architect / Technical Advisor
start portlet menu bar end portlet menu bar