Saviynt Forums

Thanks @Vajra for quick revert. What's the "write" account id? do you mean the account id must have the permissions to modify password in Vault?

Hi @Vajra - can you please confirm this as well?

1) Are you using this CyberArk logon api "PasswordVault/API/auth/Cyberark/Logon" for getting session token? this api is available in public domain so you can confirm on this.

2) which authorization type you are using to setup this api in Saviynt? is it basic or Oauth 2.0 or any other auth type? in other way, the userid/password you configure in CyberArk vault connector is a simple CyberArk api service account & password OR you generate a client id/secrete in CyberArk identity after registering Saviynt into CyberArk identity?

thanks for your help.

Regards

Gaurav

1) Are you using this CyberArk logon api "PasswordVault/API/auth/Cyberark/Logon" for getting session token? this api is available in public domain so you can confirm on this.

YES

the userid/password you configure in CyberArk vault connector is a simple CyberArk api service account & password -We are using this

Thanks @Vajra for confirmation. At least, this clears my doubt that CyberArk logon api's are not setup using OAuth 2.0 authorization and its working with a normal CyberArk service account for API's. Thanks for your help on this.

Hi @Vajra Any clues on how to add/remove users to an LDAP/AD group? don't see any details on LDAP/AD guide related to this 

Configuring the Integration for Provisioning and Deprovisioning Accounts (saviyntcloud.com)

Any idea?

Doesnt need any additional config in newer versions. if not add the connection config  on the endpoint 

Ok. But in Saviynt where to define those LDAP groups where user needs access? I want users to select LDAP groups while requesting access and the same should be provisioned after approval.  but i don't see any such config in documentation so confused How it actually works in Saviynt? can you share some steps to achieve this usecase?

Hi @Vajra 

1) whats the significance of attached screen shot while configuring Vault connector in any other connector type? documentation is very confusing so if you have any idea please throw some light

2) what should be the value of "Vault Config"? is it correct "/${accountID}/Password/Retrieve" or there is more to it?

3) Save Credential Vault checkbox - i dont think we can save anything in vault from Saviynt so this checkbox must be unchecked only right?

Hi @Vajra i am still struggling with CyberArk vault connector.

i have checked with CyberArk vendor and confirmed that token expiry time is several hours so that could not be the issue.

whats currently happening is the LOGON api is giving 401 error which means authentication issue but the LOGON api is working fine with same credentials in POSTMAN.

secondly, the password retrieval api in CyberArk expects a mandatory parameter "Reason" to pull password from vault but there is no way in Saviynt to configure this additional parameter.

Please help.

Hi @Vajra we queried the CyberArk vendor and found that token expiry time is several hours. So that might not be the issue right? can you put some more light on this when you have few minutes. thanks for your assistance.

Also, look at the other posts i have tagged you on if any info. appreciate your help. thanks