CyberArk Dynamic Privileged Access – Deployment and API Enhancements
CyberArk is continually expanding accessibility and ease of use for CyberArk Dynamic Privileged Access (DPA). CyberArk DPA complements CyberArk Privileged Access Manager (PAM) by provisioning just-in-time (JIT) access to virtual machines and servers hosted in the cloud or on-premises. The solution enables operational efficiencies and continues to deliver enhancements to a comprehensive PAM strategy. See below for the recent updates to CyberArk DPA.
Unify Deployment for CyberArk PAM and CyberArk DPA Connectors
A CyberArk Dynamic Privileged Access connector can now be installed on the same machine as a CyberArk Privilege Cloud connector or on a machine hosting CyberArk Privileged Session Manager (PSM) for a CyberArk PAM Self-Hosted connector. This functionality decreases the footprint required by customers as only one machine will be needed to host both CyberArk DPA and CyberArk Privilege Cloud connectors. Customers with CyberArk PAM Self-Hosted programs can also efficiently host CyberArk DPA on a single CyberArk PSM component server. To benefit from this functionality, machines hosting the connector must be domain-joined.
Store the CyberArk DPA Strong Account in CyberArk Privilege Cloud for Central Account Management
CyberArk DPA uses a "strong account" to provision ephemeral users with JIT access to targets. To protect this account from compromise, the best practice is to securely manage it with PAM controls. To reduce risk, customers can now store these strong accounts in the CyberArk Privilege Cloud Vault to easily manage, control and rotate the credential(s) along with other privileged accounts. Learn more about storing strong accounts in CyberArk Privilege Cloud.
Use Multi-factor Authentication (MFA) Caching to Enable Easy SSH Connections to Multiple Servers
You can now allow your end users to enter MFA details once, then in a configurable time period, connect to multiple targets with minimal input. The user authenticates to CyberArk DPA and downloads an SSH key. They then use that SSH key command to connect to desired targets via CyberArk DPA.
- Learn more about CyberArk DPA MFA caching and connecting to targets using MFA caching.
Create an Alias for Short SSH Connection Commands
Customers can now create an alias, so users don’t need to enter their details every time they make a connection to a Linux machine.
Use APIs to Streamline CyberArk DPA Policy Creation, Workflow Integrations and Automation Capabilities
Customers can now enable operational efficiencies for JIT access and workflows with an expanded range of programmatic capabilities through APIs. The Access Policies API allows you to automate the creation of CyberArk DPA policies and integrate CyberArk Dynamic Privileged Access with your IT service management ticketing system to create and update access policies upon user request and automatically add or update an existing policy for a new team member or project.
- Learn more about using CyberArk Dynamic Privileged Access policies API and integrating your ticketing system on the CyberArk DPA Integrations documentation page.
CyberArk Dynamic Privileged Access is part of CyberArk’s offering for complete privileged access protection.
For more information on these features, please visit:
To learn more about how to incorporate JIT access into your PAM program, check out our eBook, “3 Reasons to Adopt Just-In-Time Access for Identity Security.”