CyberArk Vault - RADIUS Configuration with Authentication Manager - RSA Ready Implementation Guide
8 months ago

This article describes how to integrate Authentication Manager (AM) with CyberArk Vault using RADIUS.

     

Configure CAS

Perform these steps to configure AM using RADIUS.
Procedure

  1. Sign in to Security Console as an administrator.
  2. Go to RADIUS > Radius Client and click Add New.
  3. Provide the following details.
    1. Client Name.
    2. IP Address Type: IPV4.
    3. IPV4 Address: IPAddress of the Vault server
    4. Make/Model: Standard Radius
    5. Shared Secret: Secret of valid format, which will be used in the Vault configuration.
  4. Click Save & Create Associated RSA Agent.

       

Configure CyberArk Vault

Perform these steps to configure the Cyberark Vault.
Procedure

  1. Log in to the machine where  CyberArk Vault server and client are installed.
  2. Stop the instance of CyberArk Vault if it is running using Run > services.msc >PrivateArk Server.
  3. Open the command prompt as an administrator and run the following command after replacing the content between angle brackets: 
    "C:\Program Files (x86)\PrivateArk\Server\CAVaultManager.exe" SecureSecretFiles /SecretType Radius /Secret <myradiussecret> /SecuredFileName "C:\Program Files (x86)\PrivateArk\Server\myradiussecret.dat"
  4. Navigate to C:\Program Files (x86)\PrivateArk\Server\conf and make the changes to DBParm.ini.
    1. Add the following line to the bottom of the page after replacing the content between angle brackets. 
      RadiusServersInfo=<Management IP address of the identity router>;1812;<IPAddress of the vault server >;myradiussecret.dat
       
    2. (Optional) Change the DefaultTimeout value to 60. This will allow more time for users to complete out-of-band authentication challenges.
  5. Go to Run > services.msc and restart the PartnerArk service. Ensure the CyberArk Event Notification service is also started.

     

Configure a RADIUS user on Vault  

  1. Log in to the Vault client as an administrator (created during setup) and go to Tools > Administrative Tools > Users and Groups.
  2. Create or update a user.
  3. Under the Authentication tab, select RADIUS Authentication as the Authentication method and click OK.

     

Configure PrivateArk Client to Use RADIUS Authentication

  1. Open the PrivateArk client, right-click the Vault, and click Properties.
  2. Click Advanced.
  3. Choose the RADIUS authentication option and click OK.

The configuration is complete. 

Related Articles

Trending Articles

Don't see what you're looking for?