4 of 4 people found this helpful
We are using CyberArk to issue the ctmsetown command for Windows RunAs IDs. Previously we'd been adding the ID & Password to the Agent on each host that executed jobs for that ID. Now we define to Control-M and All Hosts, letting Active Directory dictate which servers the ID is authorized on. Our Security team worked with the CyberArk vendor to get it working.
In a nutshell, for each ID that CyberArk manages, it changes the PW every 60 days in AD, then it updates the password in Control-M.
As new IDs are created, they get set up in CyberArk and then it adds the ID/Password to Control-M.
Thanks Tammy, Would you be open for a phone call to discuss with us?
Hi Todd, Yes, I sent you a private message.
Hi Tammy, i would really like to understand how this was fully implemented. We are looking into have Control-M work with CyberArk and Cyberark's AFT.
We had a CyberArk consultant write the plug-in to Control-M (it doesn't come out of the box).
CyberArk changes the PW in Active Directory and then on the Control-M Server(s) using the ctmsetown command. CyberArk is not managing our passwords for any of the Connection Profiles (e.g. AFT).
Hi Tammy, thank you for you answer.
There must be a way to get this plugin also or are you proprietary?
1 of 1 people found this helpful
We were told in order for it to be supported by CyberArk, they had to write the plug-in. If your company has CyberArk, I would suggest you speak to your contact there.
Thank. I just did!
Big thanks for your help.
Hi all, we've just been tapped to add Control-M credentials to Cyberark.
I was just wondering if anyone has had any issues\concerns about jobs running between the AD credentials being updated and the ctmsetown being issued successfully? Has anyone experienced any job failures since adding credentials to Cyberark?