CyberArk Safe Creation through REST API

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Hello Expert,

I am trying to create CyberArk Safe through the REST API and I am able to get the token from CyberArk after passing the username and password but when creating the safe after passing the token then its returning the response code 403. Anybody have the sample code or can provide the details about 403 response code.

URL used to create the CyberArk Safe-

https://<cyberarksafeurl>/PasswordVault/WebServices/PIMServices.svc/Safes

Thanks,

CB Singh

2

Hi CB -
A few questions that may help us find a solution:

  1. Where in IdentityIQ are you making the REST request to CyberArk for safe creation?
  2. Are you currently using the Privileged Access Management application type in IdentityIQ to aggregate data from CyberArk?
  3. Do you know if your CyberArk deployment has the optional (from CyberArk) SCIM server component installed?
3

Hi Adam,

  1. Yes, I am trying from Sailpoint to create the safe in CyberArk through REST API. I am able to get the token but not able to create safe.
  2. Yes and aggregation also working fine.
  3. Not sure about this one but previously it was working through same code but now its creating issue in safe creation.

Thanks
Cb Singh

4

If you have a connector set up already (of type ā€˜Privileged Account Managementā€™) to communicate with CyberArk - you can actually use the SailPoint ā€˜Provisionerā€™ class in your beanshell code to do this - an example would look like:

ProvisioningPlan safePlan = new ProvisioningPlan();
ObjectRequest safeReq = new ObjectRequest();
safeReq.setApplication("CyberArk Application Name");
safePlan.setTargetIntegration("CyberArk Application Name");
safeReq.setTargetIntegration("CyberArk Application Name");
safeReq.setNativeIdentity("The new Safe name");
safeReq.setOp(ProvisioningPlan.ObjectOperation.Create);
safeReq.setType("Container");

AttributeRequest aReq = new AttributeRequest("name", ProvisioningPlan.Operation.Set, "The new Safe name");
safeReq.add(aReq);
aReq = new AttributeRequest("location", ProvisioningPlan.Operation.Set, "\\");
safeReq.add(aReq);
aReq = new AttributeRequest("Description", ProvisioningPlan.Operation.Set, "A description about the safe");
safeReq.add(aReq);
safePlan.add(req);

Provisioner safeProvisioner = new Provisioner(context);
safeProvisioner.setDoRefresh(true);
ProvisioningProject createProj = safeProvisioner.compile(safePlan);
safeProvisioner.execute();
2 Likes