Skip to main content

CyberArk FAQ

CyberArk offers automatic password rotation of privileged accounts, session recording, and extensive auditing when these accounts are used.  Keeping privileged accounts monitored and controlled improves the security posture of the University.

No, CyberArk does not require an agent to be installed for normal password rotation and PSM sessions. However, some application integrations might require a “credential provider” to be installed on the application server to communicate with the CyberArk Vault.

The firewall rules needed are dependent on the target platform. For password rotation, CyberArk needs to communicate using the CPM server to the target. The port will be different depending on the target system/type of account (139,445 for Windows local accounts, 22 for Unix/Linux accounts) For session recording, the CyberArk PSM server needs the RDP or SSH port opened to the target.

Yes, CyberArk integrates with many applications. For a list of CyberArk integration partners, please visit:

https://www.cyberark.com/partners/

Yes, you can use direct connect by using an RDP manager that has an “Open Program” option. Unix-based accounts with no GUI can use the PSMP server for session recordings. PSMP is a session recording server used for command-line only SSH recordings.

Microsoft Windows – Internet Explorer
Apple Macs* - Chrome

*There are additional initial setup steps for Mac users:

  1. Use a hotkey combination to open the terminal: Control + Option + Shift + T
  2. Run the below command from within the terminal:
    • defaults write com.microsoft.rdc.macos ClientSettings.EnforceCredSSPSupport 0

This command only is needed to be run once per system, this changes a setting to allow the PSM files to be opened.

To copy the password, regardless of your Operating System (OS), you must install a Chrome extension for CyberArk.  Follow the steps below:

  1. Go to the Chrome Web Store.
  2. Search for and add the "CyberArk Clipboard Extension" to Chrome.
  3. Chrome will download an RDP file that you will need to open.