A large number of applications on SailPointIdentityIQ rely on using service accounts to communicate with the application targets. These accounts have the authorizations to perform identity management tasks and should be treated as privileged accounts. When a privileged account management solution like CyberArk or BeyondTrust is used in the organisation, the credentials of the privileged account would be stored on the PAM solution and retrieved by IdentityIQ whenever required. The feature of credential cycling introduced in IdentityIQ 7.3 allows this to be configured with ease.
The following presentation discusses the need for credential cycling and how it works:
The following demonstration illustrates a use case where credential cycling is configured with the CyberArk PAM solution:
The next video demonstrates credential cycling when configured with the Thycotic Secret Server PAM solution:
CyberArk is the global leader in PAM solutions with a holistic approach towards privileged account management. It covers not only traditional PAM problems but also extends its capabilities with various features like managing hard-coded application credentials, analytics, on-demand privileges escalation and managing end-user devices like desktops.
Privileged accounts on a system possess higher authorizations and control. These accounts pose a higher risk if they are compromised. Privileged Identity Management solutions aim to address this by providing security and control over these accounts. CyberArk is a major provider that offers privileged account security and is backed by a patented vaulting technology. CyberArk enables organizations to secure, provision, manage, control and monitor activities associated with privileged accounts.
The following presentation describes privileged account security and the architecture of a CyberArk implementation. The various components of the CyberArk architecture and their functionalities are also discussed.