All about credentials and cyber-ark

Hi I have below questions about user credentials and I am laying down a guide for huge implementation, these are many questions but very important

thanks a lot in advance!!!

  1. What is best practice for managing credentials of the BOT?
  2. How does BOT handle systems that have expiring passwords and need frequent changes?
  3. Does a BOT use its own credentials?
  4. Challenges in creating credentials in RPA tool.
  5. Does a common password policy sufficient for different types of BOT environments
  6. Coarse grained vs fine grained access and Single Sign-On. What is the threat from BOT?
  7. How will BOTs bypass or use multi-factor authentication?
  8. How do we manage developer access to BOT?
  9. What is the level of security and log management for access to BOT environment?
  10. What is the approach for designing access roles for BOT administration?
  11. How do we manage role lifecycle for the BOTs?
  12. What interfaces are available in the RPA tools to manage BOT accounts in IAM Solution?
  13. How will BOT check out passwords from PIM solution?
  14. What is effective UAR process for BOT IDs?
  15. How do we certify the BOTs?
  16. Is a separate UAR tool required?
  17. Should BOTs be used in IDP and ASP scenarios?
  18. Will federated partners allow use of BOTs?
  19. Are BOTs a new user type?
  20. How many BOT IDs are required for managing the RPA environment?
  21. What User accounts should the BOTs have at server level?
  22. How do we define Bot’s role?
  23. Can we follow the end user role design strategy for BOTs? SoD? Sensitive access?
  24. How do we manage access security of a BOT?
  25. Can BOTs manage lifecycle of service accounts for IT infrastructure
  26. Can BOTs manage production or non-production environment?
  27. Can a BOT configure and trigger the access certification campaigns?
  28. Which controls are required to detect and protect exploitation of BOT credentials?
  29. Can BOTs access the federated applications seamlessly using single sign-on?
  30. Can BOTs be misused to trigger attacks as IDP and ASP from federated partners?
  31. Do we need to develop BOT specific User and privileged account management
  32. How are the BOT ID owners defined?

Hi @automatenow Did you manage to find some answers to this? I think these will be relevant to most large scale deployments

1 Like

I’m a developer and these are questions that my business is trying to figure out. If anyone has some suggestions please advise.

1 Like

I wonder if anyone has documented these details anywhere. It would be very helpful.

1 Like