Orchestrator/CyberArk for storing Assets

Hi all,

We are currently looking into incorporating CyberArk for securing robot credentials. From the documentation it is not entirely clear whether CyberArk can also be used for storing application credentials, e.g. for SAP, much like Assets in Orchestrator. My questions:

  1. Is this feature available in CyberArk?
  2. If yes, does CyberArk support a Value per Robot- setting, so that different robots can retrieve the same asset by its key/name but get a different username/password in return?

Thank you in advance!

Regards,
JD

Anyone has an idea/answer to the above question? Thanks!

Hi @JD_1992 - This is possible in latest versions. Please check the official guide https://docs.uipath.com/orchestrator/docs/about-credential-stores

Hi Mahesh,

Thanks for the confirmation. However, the documentation is not really clear on how to store Credential Assets in CyberArk and subsequently use them in UiPath Studio scripts, e.g. to log into SAP, send emails,… Do you perhaps have more information, documentation or a practical example?

Thanks for your help!

Hi @JD_1992 -

  1. You have to create credential Store - https://docs.uipath.com/orchestrator/docs/managing-credential-stores#section-key-vault
  2. When you will create credetial asset in Orchestrator, it will ask you to choose “Credential store” and you can select “CyberArk” here.

@mahesh.kumar @JD_1992 I have done the following to store the Credential Asset as shown:


CyberArk has already been setup using AAM and the Robot Credentials are integrated.

What is the corresponding action in CyberArk to link the Credential Asset set up in Orchestrator?

I noticed the Username and Password field changed to “External Name” upon switching Credential Stores - presumably this is something CyberArk is using.

Here it is mentioned CyberArk can store Credential Assets - but I have not been able to find anything else:


Please let me know - any links to documentation for Credential Asset storage in CyberArk would be helpful. Thank you!!

Hi Melinda,

  1. From CyberArk, open the details view of one of the accounts; you should now be able to see more details of the account in question, e.g. username, domain etc.
  2. Look for a field called ‘account name‘, there should be a value there with username and directory address, e.g.

robo-ldap.acme.com

  1. Use this value as the ‘External name’ in Orchestrator.

Hope this helps!

JD_1992

1 Like