Cyberark Integration

  • 18 March 2021
  • 1 reply
  • 46 views

Userlevel 1
Badge +5

You can manage and secure Commvault login credentials, application credentials, and administrative login sessions using CyberArk’s Privileged Credentials and Session Management solution.

With CyberArk and Commvault integration, you can synchronously rotate account passwords across your environment. Commvault receives password rotation requests to update application and local admin account credentials so that backups continue to run seamlessly, without manual intervention. You can also use CyberArk session management to log on to Commvault using one-time use admin credentials.

 

This went relatively straightforward. The only thing that is missing in Commvault is a way to verify that the password rotation was successful.

One can either try using the commcell user or the application user to browse a subclient to test whether the change was successful. But this is a trial and error method. An enhancement to this plugin would be to have a report or an event log entry in Commvault that a change request was attempted and was successful or a report about when the last password rotation took place.

So to be sure that the REST API call from Cyberark was successful, one can check the webserver.log on the webserver to see something as follows:

Webserver.log

1 reply

Userlevel 6
Badge +14

This is awesome, @neuwiesener !  Very valuable share!

Reply