How to Configure the CyberArk Integration

Purpose and Benefits

Integrating Hydden with CyberArk creates a synergistic solution that combines identity discovery, threat detection, and access governance with CyberArk's market-leading Privileged Account Security platform. This integration enables organizations to:

• Achieve Complete Identity and Privileged Account Visibility: Discover all internal and external user accounts, service accounts, vaulted accounts, and groups across your CyberArk deployment, creating a comprehensive inventory of privileged identities and enabling accurate ownership mapping.
• Detect and Respond to Privileged Account Threats: Leverage Hydden's threat detection rules and account classification to identify suspicious patterns in privileged account usage, triggering real-time alerting and automated remediation workflows.
• Enable Seamless Credential Lifecycle Management: Automatically discover service accounts and credentials across your environment, then securely onboard them into CyberArk vaults through Hydden's automated workflows, reducing manual administration and security gaps.
• Unify Access Governance and Compliance: Use Hydden's identity intelligence to perform unified access reviews across both privileged (CyberArk-managed) and non-privileged accounts, supporting consolidated compliance reporting and attestation workflows.
• Support Single Sign-On Integration: Authenticate to Hydden using CyberArk as your identity provider via OpenID Connect, enabling seamless integration with your existing identity infrastructure.
• Maximize PAM ROI: By discovering all credentials and privileged accounts across your infrastructure, Hydden ensures maximum ROI on your CyberArk investment while reducing orphaned credentials and security blind spots.

The following procedural outline provides the main steps on how to configure the CyberArk Integration for use with Hydden.

Single Sign-on (recommended)

Setting up Single Sign-on to Hydden from CyberArk using OpenID Connect. Refer to OpenID Provider.

Data Collector

The CyberArk Collector discovers internal and external CyberArk User Accounts, Service Accounts, and Vaulted Accounts (CyberArk Privileged Accounts). It also discovers Groups, Group Membership, MFA Configuration, and Status (enabled/disabled). The collector has visibility into users and service accounts that have access to the Identity Security platform.

1. Configure the CyberArk Service Account on Hydden. Refer to Creating a CyberArk Credential.
2. On-Prem only: Configure a CyberArk Service Account for on-prem deployments. Refer to CyberArk On-Prem.
3. Configure the CyberArk Data Collector on Hydden. Refer to CyberArk collector module.
4. Create a Data Source for the CyberArk Data Collector on Hydden. Refer to How to Configure a CyberArk Data Source.

CyberArk Credential Provider

1. Set up the CyberArk Credential Provider. Refer to Configure a CCP (with recommended Client SSL Certificate).
2. Select a Privileged Account from CyberArk in Hydden. Refer to Creating a Vaulted Credential.