3 of 3 people found this helpful
We are using CyberArk to issue the ctmsetown command for Windows RunAs IDs. Previously we'd been adding the ID & Password to the Agent on each host that executed jobs for that ID. Now we define to Control-M and All Hosts, letting Active Directory dictate which servers the ID is authorized on. Our Security team worked with the CyberArk vendor to get it working.
In a nutshell, for each ID that CyberArk manages, it changes the PW every 60 days in AD, then it updates the password in Control-M.
As new IDs are created, they get set up in CyberArk and then it adds the ID/Password to Control-M.
Thanks Tammy, Would you be open for a phone call to discuss with us?
Hi Todd, Yes, I sent you a private message.
Hi Tammy, i would really like to understand how this was fully implemented. We are looking into have Control-M work with CyberArk and Cyberark's AFT.
We had a CyberArk consultant write the plug-in to Control-M (it doesn't come out of the box).
CyberArk changes the PW in Active Directory and then on the Control-M Server(s) using the ctmsetown command. CyberArk is not managing our passwords for any of the Connection Profiles (e.g. AFT).
Hi Tammy, thank you for you answer.
There must be a way to get this plugin also or are you proprietary?
1 of 1 people found this helpful
We were told in order for it to be supported by CyberArk, they had to write the plug-in. If your company has CyberArk, I would suggest you speak to your contact there.
Thank. I just did!
Big thanks for your help.