Integrating CyberArk Central Policy Manager (CPM) with Data Insight to automate Service Account password management
Description
This article explains how to integrate CyberArk Central Policy Manager (CPM) with Data Insight to efficiently rotate the passwords for Saved Credentials.
Prerequisites for the integration
A working CyberArk installation integrated with a domain controller via LDAP.
Integration steps
Note: Contact your CyberArk administrator for configuration assistance.
- Deploy and configure CPM.
- Identify a domain user (for example, earth\msmith) within the Data Insight domain and grant necessary permissions to rotate passwords for other users in Active Directory.
- Configure earth\msmith as a login account in the CPM instance.
- Configure the CyberArk CPM plugin for Data Insight.
Note: The CPM login account must also be a local administrator on the Data Insight Managment Server.
Additional information
For instructions on configuring and using the CPM plugin developed for Data Insight, refer to this article. You may need to log in to the CyberArk Community page to access it.
This plugin enables the execution of the credrotation.ps1 script on the Data Insight Mangement Server through the CPM instance.
Note: The credrotation.ps1 script supports Data Insight (Information Governance) 7.2 and later.
This script runs on the Data Insight Management Server and rotates the credentials of the Saved Credenital accounts, updates the configuration database, and updates across all Data Insight nodes.
Troubleshooting steps
Refer to the <INSTALLDIR>\Program Files\DataInsihgt\log\password_rotation.log on the Data Insight Management Sever for any issues.
Common Events
| Event Message | Troubleshooting Steps |
|---|---|
| CyberArk - Password update failed for <username>. Database open error | Ensure config.DB is not open. |
| CyberArk - Invalid parameters received for password updation | Verify that CyberArk is passing the correct parameters. |
| CyberArk - Encryption/Decryption failed | Confirm that a valid encryption key is provided. |
| CyberArk - System out of memory, unable to update password | Check that the system has sufficient available memory. |
| CyberArk - Password update failed for user %s : domain %s | Refer to the log file for further information. |
| CyberArk - Invalid encryption key received | Validate that the correct encryption key is being used. |
| CyberArk - User not found for password update | Ensure the correct user details are configured. Contact Support if the issue persists. |
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.