CyberArk Vault - RADIUS Configuration with Cloud Access Service - RSA Ready Implementation Guide
7 months ago

This article describes how to integrate Cloud Access Service (CAS) with CyberArk Vault using RADIUS.

     

Configure CAS

Perform these steps to configure CAS using RADIUS.
Procedure

  1. Sign in to RSA Cloud Administration Console as an administrator.
  2. Go to Authentication Clients > RADIUS and provide the following details.
    1. IP Address: IP Address of the Vault server.
    2. Shared Secret: Shared secret, which should be the same as what will be configured on the Vault side.
    3. Select the configured 1.0 access policy.
  3. Click Save and Next Step, and then click Finish.

    

Configure CyberArk Vault

Perform these steps to configure the Cyberark Vault.
Procedure

  1. Log in to the machine where  CyberArk Vault server and client are installed.
  2. Stop the instance of CyberArk Vault if it is running using Run > services.msc >PrivateArk Server.
  3. Open the command prompt as an administrator and run the following command after replacing the content between angle brackets: 
    "C:\Program Files (x86)\PrivateArk\Server\CAVaultManager.exe" SecureSecretFiles /SecretType Radius /Secret <myradiussecret> /SecuredFileName "C:\Program Files (x86)\PrivateArk\Server\myradiussecret.dat"
  4. Navigate to C:\Program Files (x86)\PrivateArk\Server\conf and make the changes to DBParm.ini.
    1. Add the following line to the bottom of the page after replacing the content between angle brackets. 
      RadiusServersInfo=<Management IP address of the identity router>;1812;<IPAddress of the vault server >;myradiussecret.dat
       
    2. (Optional) Change the DefaultTimeout value to 60. This will allow more time for users to complete out-of-band authentication challenges.
  5. Go to Run > services.msc and restart the PartnerArk service. Ensure the CyberArk Event Notification service is also started.

     

Configure a RADIUS user on Vault  

  1. Log in to the Vault client as an administrator (created during setup) and go to Tools > Administrative Tools > Users and Groups.
  2. Create or update a user.
  3. Under the Authentication tab, select RADIUS Authentication as the Authentication method and click OK.

     

Configure PrivateArk Client to Use RADIUS Authentication

  1. Open the PrivateArk client, right-click the Vault, and click Properties.
  2. Click Advanced.
  3. Choose the RADIUS authentication option and click OK.

The configuration is complete. 

Related Articles

Trending Articles

Don't see what you're looking for?