3 Replies Latest reply on Sep 27, 2017 11:56 AM by Bill Robinson

    Cyberark / Sailpoint for BSA Console access BSA 8.9

    Iain Taylor

      Has anyone ever used either Cyberark or Sailpoint integration into BSA for

      A. BSA Console Access

      B. User access management - Role/User population/authorisation

       

       

      Currently all access is via a Terminal Server presented in Cyber Ark that has the BSA console installed on it all users are currently logging in as local admin to the server, if possible can we present the BSA console as an application (the same as presenting the bsa console application on Citrix).

       

      There is also a potential requirement that if possible Sailpoint be used for UAC and groups / users be created and mapped to Roles within BSA pretty much as AD integration is available at present.

       

      Are there any api's that Cyberark or Sailpoint could consume? or do we only have the option to use the methods of authentication available to us at present, SRP, LDAP, Domain Authentication, AD Kerbros Authentication, RSA SecureID and PKI.

       

      Thank you

       

      Iain

        • 1. Re: Cyberark / Sailpoint for BSA Console access BSA 8.9
          Bill Robinson

          if possible can we present the BSA console as an application (the same as presenting the bsa console application on Citrix).

          in theory yes.  i don't think we've ever tested w/ sailpoint but we have several customers using the rcp via citrix.

           

          There is also a potential requirement that if possible Sailpoint be used for UAC and groups / users be created and mapped to Roles within BSA pretty much as AD integration is available at present.

          unless sailpoint presents and LDAP interface to get this information or you have an api to pull it from sailpont and write some scripts to update bsa i don't see how that will be accomplished.

           

          Are there any api's that Cyberark or Sailpoint could consume?

          to do what ?  sync up the users/roles in bsa w/ the groups in sailpoint ?  blcli. 

           

          or do we only have the option to use the methods of authentication available to us at present, SRP, LDAP, Domain Authentication, AD Kerbros Authentication, RSA SecureID and PKI.

          those are the only authentication methods currently supoprted.  can sailpoint provide any of these for authentication ?

           

          you do want to use sailpoint for both authorization and authentication ?  if sailpoint is also managing your AD why not use domain auth and the existing ldap user sync ?

          1 of 1 people found this helpful
          • 2. Re: Cyberark / Sailpoint for BSA Console access BSA 8.9
            Iain Taylor

            I've just been given this by the UAC guy, looking at his response we should be able to use AD as our method of authentication and user to role synchronisation and have Sailpoint managing the population of the users into the AD groups, the requirement might be easier than was originally explained.

             

            Supported Connectors to be looked at for BMC for Sailpoint or AD:

            Connectors

            Connector

            Supported System Type

            Active Directory

            Directories

            LDAP

            Directories

            OpenLDAP

            Directories

             

            Sailpoint would be used to managed the users in and out of the BMC product defined roles with authentication for individuals still using "CompanyDomain" AD.

            Or you use "CompanyDomain"AD to manage Authentication and Authorisation of roles and have Sailpoint manage the user provisioning process to "ComanyDomain".

             

            If 2FA is a requirement then the Technology one could be considered and would be a combination of activities.

            • 3. Re: Cyberark / Sailpoint for BSA Console access BSA 8.9
              Bill Robinson

              right - use domain or adk auth for bsa.  setup AD groups or ous or whatever that the user sync will pull from to populate the roles. 

              1 of 1 people found this helpful