SailPoint Credential Provider integration using CyberArk CCP not working

PushparajBendigoBank · February 25, 2026, 10:25pm

Hello There

Receiving the following error when trying to use the Credential Path option for Password value in AD connector .

ERROR:

We have detected an error from the managed system.

Error Received:

java.lang.RuntimeException: java.io.FileNotFoundException: /opt/sailpoint/ccg/lib/custom/xxxx.identitynow.com.pfx (No such file or directory)

I have followed the document and I have configured my CCP (cyberark) in my SailPoint ISC tenant alongside my company’s CyberArk team. I have followed all the pre-requisites. and created credential provider and mapped in the source.

We have tested the CyberArk credentials are successfully retrieved using rest API call. but for some reason the VA is not recognising the certificate.

I am unable to manually copy the files on the location highlighted in error as CCG is not allowing to create new folder on VA.

aegcrawat · February 26, 2026, 11:42am

Hi @PushparajBendigoBank are both CCP and AD source associated with the same virtual appliance cluster?

And does the ‘Certificate File Name’ value in connection settings page exactly match the pfx file name that is uploaded in the base configuration page?

abhi617 · February 26, 2026, 6:27pm

Hey @PushparajBendigoBank,

That error is pretty telling — the VA is looking for the .pfx at /opt/sailpoint/ccg/lib/custom/ but it’s not there. The cert file doesn’t get placed there automatically; it has to be uploaded through ISC itself, not manually dropped on the VA filesystem (and yeah, you can’t SSH in and create folders there, that’s by design).

A few things worth checking:

1. Did you upload the cert through ISC admin, not directly to the VA?
Go to Admin > Credential Provider > your CyberArk config > upload the .pfx there. That’s what actually pushes it to the right path on the VA.

2. Filename match
What Chirag pointed out is important — the “Certificate File Name” field in the connection settings has to match the filename you uploaded exactly, including case. Even a minor mismatch throws this error.

3. Same VA cluster
CCP source and your AD source need to be on the same VA cluster, otherwise the cert is on a different node and the AD connector can’t reach it.

4. VA restart after upload
We ran into a case where the cert was uploaded correctly but the VA needed a restart before it actually showed up on the filesystem. Worth trying if everything else looks right.

The REST API working independently just means CyberArk’s side is fine — the issue is purely the VA not having the cert file at the path it expects

Topic		Replies	Views
Credential Provider unable to retrieve password from CyberArk safe ISC Discussion and Questions identity-security-cloud , credential-provider	17	433	October 11, 2025
New Capability: Credential Provider Integration - CyberArk Central Credential Provider Product News connectors , new-capability	2	719	November 27, 2024
Prerequisites Connectivity Documentation Feedback va-con-docs	3	74	February 4, 2026
Cyberark SaaS source - Create account not working ISC Discussion and Questions identity-security-cloud , provisioning , connectors	10	116	January 23, 2026
Read credentials from CyberArk in the AD After provisioning Rule IIQ Discussion and Questions rules , identityiq , provisioning	3	68	September 1, 2025

SailPoint Credential Provider integration using CyberArk CCP not working

Related topics