Prerequisites for Integration
CyberArk Admin Role: Required to access and manage CyberArk settings.
Reco Admin Role: Necessary for setting up and managing the integration within Reco.
Configure CyberArk Identity
Login into your CyberArk Identity User Portal using an admin account.
Enter the Admin Portal
In the sidebar, under "Core Services" -> "Users", click on "Add User"
On the user creation page:
Before filling in the user details, under the "Status" header, check the "Is OAuth confidential client" checkbox. The following checkboxes should be automatically changed:
Send email invite for user portal setupIs service userPassword never expires
Fill in the username and password and take note of those credentials. It is recommended to name it "Reco App":
Click on "Create User".
In the sidebar, under "Core Services" -> "Roles", click on "Add Role"
Name the role "Reco". You can also add a meaningful description if you like. Leave all other fields with their default value
Click on "Administrative Rights" and then on "Add"
In the pop-up dialog search and enable all the following rights:
"Read Only Role Management"
"Read Only System Administration"
"Read Only User Management"
Click on "Add"
At the bottom of the page, click on "Save"
In the "Members" section of the Role, click on "Add" and add the user you have created in the previous steps
Integrating with Reco
In the CyberArk integration, pop-up screen in Reco fill in the username and password of the service user you have created above. After that, fill in your CyberArk tenant URL including "https://". Your tenant URL should look like "https://acme123.id.cyberark.cloud/".
Click on "Test" to verify your credentials. If everything goes well, you can click on "Connect".