Professional Documents
Culture Documents
CPC Install Exercise Guide Ispss 20230227
CPC Install Exercise Guide Ispss 20230227
page 1
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic
and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
Contents
CONTENTS.................................................................................................................................................... 2
INTRODUCTION............................................................................................................................................ 4
USING SKYTAP................................................................................................................................................................................................4
INTERNATIONAL USERS..................................................................................................................................................................................6
PREPARATION................................................................................................................................... 12
page 2
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic
and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
Test PSM for SSH........................................................................................................................................73
THE END...................................................................................................................................................... 75
page 3
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic
and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Introduction
Using Skytap
Before beginning the exercises, here are a few tips to help you navigate the labs more
effectively. You can refer to the section for International Users for instructions on changing
the keyboard.
1. The virtual machines need to be running for you to be able to do the exercises. You can start
all the virtual machines with one click by pressing the start button (highlighted in red in the
image below).
Note: The number and names of virtual machines vary by course. The image above is
given as an example and might not match exactly what you see.
Occasionally, for reasons outside our control, one or more machine may fail to start up when
requested. If you notice that a particular machine is not responding to a ping or if you cannot log
in using Active Directory, you should check your virtual machines to make sure they are all
running properly.
2. Click on the large monitor icon to connect to a virtual machine with the HTML 5 client.
page 4
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
3. Use the Ctrl-Alt-Del button on the tool bar to send a Ctrl-Alt-Del to the machine.
4. The clipboard icon will allow you to copy and paste text between your computer and your
lab machine. Do NOT copy and paste from this PDF into the Privilege Cloud tool. It will
not work.
5. The full screen icon will resize your virtual screen to adapt to your computer’s screen
settings to avoid scrolling.
page 5
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
International Users
By default, the lab machines are configured to use a US English keyboard layout. If you use a
machine from a country other than the US, you may experience odd behavior from your lab
machines. The solution is to install the keyboard layout for your keyboard on our lab machines.
Follow the process below to find and configure the correct keyboard layout for your keyboard.
page 6
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
page 7
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
5. With the option English (United States) selected, click the Move down button. This will
make your language the default. Don’t remove US English altogether as your instructor
may need it if he/she connects to your machine.
Note: If you use an alternate keyboard layout (e.g. AZERTY, Dvorak) you can click options
next to your language to install that. Otherwise, close the Language window.
page 8
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. In the system tray, click ENG, then choose your keyboard layout. You may switch back
and forth between keyboard layouts. Your instructor may need to switch back to ENG to
help you with exercises.
page 9
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Our environment consists of a total of 5 virtual servers. Some host CyberArk components; some
are IT infrastructure, such as the Domain Controller; and finally others have nothing to do with
either CyberArk or IT and are what we call the target servers, such as servers hosting human
resources or finance applications, for example.
The goal is to provide trainees with an environment that resembles as closely as possible an actual
production environment. As such, there is a domain with Active Directory, a certification
authority, and so on. Our goal is to integrate CyberArk Privilege Cloud in this corporate
environment and to bring the principal privileged accounts under CyberArk control.
The table below lists the various servers, their roles, and configuration. The lines shaded blue
represents servers hosting CyberArk services.
page 10
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
We will do most of our work on the machine Connector1, also known as the 02 -
connector1 server. For convenience, it will also serve as the workstation for the Vault
administrator.
All servers are configured to start automatically when the general power-on button is clicked in
Skytap. Obviously, for CPC to work properly, the servers need to be running. So, if you run into
problems the first thing to do is to check that all the machines are up and running.
page 11
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Preparation
In this first section, we will prepare our environments for the installation and configuration of the
CyberArk Connector software, which allows the current machine to communicate with the
CyberArk Privilege Cloud. We will:
Set
Setthe
thepassword
passwordfor CyberArk
forthe Cloud
Connector admin
installer user
user
Run the prerequisites script
As a first step, we will copy the information we received from the CyberArk Identity
Security Platform to the Skytap environment as we will need this information during the
course of the installation.
1. Launch the Skytap environment and start up ALL the machines. You can do this by clicking
on the master start button.
2. Once all the machines have started (this will take a few minutes), click on the VM 02 -
connector1 and log in to Windows as Mike / Cyberark1.
3. In the VM, open up Notepad or Notepad++, then go to the email you received from
CyberArk (outside of Skytap), copy the tenant information, and then paste it into the Skytap
clipboard as shown below. This will allow us to copy and paste the information required for
the installation and configuration of the CyberArk Connector into the virtual machine.
page 12
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
4. Then, inside the virtual machine (02 - connector1), paste the information into
Notepad and then save it to your desktop with a meaningful name (e.g.,
“tenant_info.txt”)
Note: The copy and paste feature can be tricky, but with a little persistence, it will work.
Set the password for CyberArk Cloud admin user
Next, you will need to log in to the CyberArk Identity Security Platform and set the password for
the administrator account. This is the account that is the administrator of the CyberArk Privilege
Cloud tenant.
page 13
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
1. Open Chrome (you have a shortcut in the taskbar), then copy and paste the URL you received
in the mail from your Notepad file. It should look something like: https://acme-emea-
09.cyberark.cloud. The region – EMEA, USCT, or APJ – will depend on where you are
taking the course. The number is assigned arbitrarily.
2. Enter your CyberArk Identity Security Platform username and click Next. This
information is in the email you received and it should be in your tenant_info.txt file.
3. You will next be prompted for a password, which we don’t have, so click on Forgot your
password? to initiate a password reset.
page 14
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
5. You will receive an email with an eight-digit code, which you can then enter into the field
and then click Authenticate.
Note: Rather than entering the code, you can choose to click on the link Continue with
Authentication, which will also allow you to authenticate.
Note: Make sure that your password meets the requirements, which are displayed below
the Next button. Characters NOT to be used when changing password: \&"|<>$ and space.
page 15
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
In this section, we will set a new password for the built-in Identity user account –
installeruser – that we will use during the different installation processes we will be running
in this course.
3. Navigate to the CyberArk Identity Security Platform URL that was provided to you in
the email containing the privileged cloud tenant details and log in using the username and
password we set previously and then click on Go to Identity Administration.
page 16
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
The first time you connect, you will be presented with an introduction screen. Take the time to
review the material, clicking Next to move through the sections. When you are finished, you
can close the window.
4. In Identity Administration, in the left pane, under Core Services, click Users.
Then on the left, click the All Users or All Service Users set, and then click the
installeruser in the list to view the user details.
5. Note the full name of the Installer user. Copy this username to your tenant_info.txt file as
you will need it at a later stage. Click on Back to Users at the top of the window.
page 17
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. Check the box for the installeruser and at the top of the window, click Actions > Set
Password.
7. In the Set User Password dialog box, enter a new password and click Save. Your
password should include alphanumeric characters only and should not include special
characters. Once again, type this password into your Tenant_info.txt file, save it, and then
copy and paste it into this window.
Note: Do NOT use the following characters when changing the password: \/<>{}''&"$*@`|
and space) (Password example: C-Uuni1234)
page 18
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
The final step in our preparations will be to run a script that will check that all the necessary
prerequisites are in place for installing the Privilege Cloud Connector and, if they are not,
help us to resolve any issues.
2. Navigate to C:\CyberArkFiles\Tools\ConnectorCheckPrerequisites_PrivilegeCloud.
3. Run PowerShell as an administrator, which you can do from the Windows file explorer by
going to File -> Open Windows Powershell -> Open Windows Powershell as
administrator. This has the advantage of opening the terminal in the current directory, which
is where the script we want to run is sitting.
page 19
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Note: The prerequisites script was downloaded to your environment ahead of time for convenience. In production
please run the script again after the update is completed successfully.
Note: Visit the to learn more about the tests performed by the
prerequisites script.
.\ConnectorCheckPrerequisites_PrivilegeCloud.ps1
page 20
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
The script will perform any necessary updates and then ask you to relaunch the script.
Use the Up arrow on your keyboard to relaunch the script.
5. You will then be prompted for information about your CPC tenant, which you can find in
your tenant info file. You will be prompted for:
page 21
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. After performing a number of checks, you will be prompted to deploy RDS. Click
Yes.
7. You will be prompted to restart the server. Make sure you save any changes to your
tenant info file before restarting.
8. Once Windows has restarted, log back in as Mike with the password Cyberark1. The script
will resume automatically.
page 22
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
9. You will be asked to run the CPM Install Connection test. Select Yes.
page 23
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
12. If you scroll back up to the prerequisites checks, you will see that the process encountered
an error relating to the Secondary Logon service. This is used by the Shadow users to
invoke Apps with Apps.
13. We need to resolve this issue, which we can do by by re-running the prerequisites script
with the Troubleshooting flag.
page 24
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
15. Run PowerShell as an administrator, which you can do from the Windows file
explorer by going to File -> Open Windows Powershell -> Open Windows
Powershell as administrator
19. When this step is finished, enter q to return to the previous menu (you may have to enter q
twice to quit).
20. And that completes our prerequisites checks. Log files can be found in the folder where
the script resides:
page 25
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
In this section, we will deploy the Connector Management Agent. This will do two things:
It will install the Management Agent on the target server, which in our case is
connector1.
It will also register the connector1 server in the Connector Management interface so that
we will be able to deploy the CyberArk Privilege Cloud components to that server.
1. Navigate to the Privilege Cloud Web Portal URL that was provided to you in the
email containing the privileged cloud tenant details and login using your Privilege Cloud
username.
2. Click on the icon with the circle and nine dots. Click on Connector Management
page 26
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
4. This will generate a unique PowerShell script with a time-limited security token (valid for 15
minutes). We need to copy this script into PowerShell, so click on Copy to clipboard.
5. Open PowerShell as Administrator on the machine on which you intend to install the
connector (in this case 02 - connector1) and paste the script. Then press ENTER.
page 27
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. The script will fetch the resources, install the Connector Management Agent on the server,
and register it (as Connector1) in the CyberArk Privilege Cloud Connector
Management interface.
7. After a minute or so, the Connector Management interface will display the new
Connector.
page 28
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
8. Click on Connector1 to view what components have been deployed. For the
moment, only the Management Agent is installed.
Now that our Connector Manager can communicate with the Privilege Cloud Vault, we will
deploy the Privilege Cloud Component services to the 02 - connector1 server. This will
deploy and configure the CPM and the PSM on the current machine.
1. Navigate to the Privilege Cloud Web Portal URL that was provided to you in the
email containing the privileged cloud tenant details.
3. Click on the Identity Administration services icon (the circle with nine dots as
shown below) and click on Connector Management
page 29
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
4. Select Connector 1.
6. We can now select which Components we want to install. In this case we will install both
the CPM and the PSM. Click Next.
page 30
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
page 31
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
8. Locate the PSM section. Here we will enter the credentials of a user who has the
authorization to install and configure elements on the connector1 server. We will use the
domain user Mike. Enter acme.corp for the Domain. Enter Mike for the user name and
Cyberark1 for the password. When you are ready, click Next.
9. Since you already have run the prerequisites script, you can click on Install.
page 32
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
10. The components will now we installed. The installation progress will be displayed. This
will take a few minutes.
11. The installation is complete when all four Components display a green checkmark.
In this section we will make sure the installation of the CPM and PSM completed
successfully.
3. Verify the following four services are installed and are running:
page 33
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Note: We will test credential and session management tasks in a later stage.
page 34
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
2. Open the Group Policy Management console (you have a shortcut in the taskbar).
page 35
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
page 36
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. Click on Next twice, until you are prompted to select the folder containing the GPO
backup to import the settings from. Then browse to:
page 37
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
page 38
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
11. Confirm the settings were imported successfully and click on OK.
page 39
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Now we need to link the GOP to the Connector server and enforce it.
1. Expand Servers > expand CyberArk, right-click on Connectors and select Link an
Existing GPO…
page 40
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
page 41
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
2. Open the command line (or PowerShell) as Administrator (you have a shortcut in the
taskbar).
3. Run the following command to update the GPO settings for the server.
4.gpupdate
Confirm the policy was updated successfully.
/force
page 42
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
page 43
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Configuration
Installati
1. Navigate to the Privilege Cloud Web Portal URL that was provided to you in the
email containing the privileged cloud tenant details.
3. Go to Identity Administration.
4. Click on Settings > Network in the menu bar on the left and click on Add CyberArk
Identity Connector.
page 44
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
5. Select Download. Once the file is downloaded, you can close this dialog.
Installation
page 45
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
2. Then click Yes at the UAC dialog to accept to run the software.
page 46
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
4. Tick the box to accept the terms of the license agreement and then click Next.
page 47
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. Click Install.
7. At the end of the installation, click Finish. This will end the installation phase of
CyberArk Identity Connector deployment and will immediately launch the
Connector Configuration Wizard, which we will see in the next section.
Configuration
After installation, the Connector Configuration Wizard should launch automatically. If it does
not, you can find it in the Start Menu.
page 48
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
2. Enter the full InstallerUser username and its password and click Next.
Note: It does ask for the “admin user”, but what it needs here is the installer user.
page 49
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
4. Uncheck the box for Activate Idaptive Pages and click Next.
5. In this step, we will allow the Identity Connector access to the Deleted Objects
container. Select the domain acme.corp and click Edit.
page 50
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. Because we are logged in as Mike, who is a domain admin, we can use the current
credentials. Click OK.
7. Click Yes to change the container ownership and then click Next.
page 51
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
8. The Connector Configuration Wizard will then execute a number of checks, which
should all succeed. When finished, click Next.
9. The Connector service will then start up and you will see Connector setup is
complete. Click Finish to exit the wizard.
page 52
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
10. As a final step, we will verify that the changes we have made locally in our Skytap
environment have been reflected in the CyberArk Identity configuration in the Cloud. The
last connection result should show as successful.
page 53
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Note: You may receive a connection error at this point. Occasionally, the installation
process does not release the ports used during the installation process. A reboot will correct this.
11. Now log in to the Identity Portal with your admin user, go to Identity
Administration | Settings | Network and confirm your directory forest and
connector hostname are present.
13. Check that the new service is running. You should now have five CyberArk services up and
running.
page 54
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
1. Login to Identity and go to Identity Administration > Settings > Authentication >
Authentication Profiles.
3. Name the new profile MFA Profile. Enable Password for Challenge 1 and Email
confirmation code for Challenge 2. Click OK when you are finished.
page 55
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
4. Now go to Core Services > Policies and click Add Policy Set.
5. Under Policy Settings, name the new Policy MFA Policy and check the button for
Specified Roles. This will allow you to add new roles to the policy. Click the Add
button.
page 56
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. Check the boxes for the four following Privilege Cloud built-in roles and click Add.
Privilege
PrivilegeCloud
CloudAuditors
Privilege Cloud
Tip: You can enter the string ‘privilege’ in the search field to reduce the number of
options.
page 57
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Note: For each of these roles, there are three versions: the plain one (e.g. Privilege Cloud Users), a Basic ve
version, as shown in the image above.
7. Still under MFA Policy, select Authentication Policies tab and then CyberArk
Identity.
9. Then change the Default Profile to MFA Profile. Make sure to click Save when you are
done.
page 58
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
page 59
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
We will first extract the installation files and then copy them over to the unix-connector
server, which is where we will install PSM for SSH.
4. Click on Extract to extract the PSM for SSH installation to the suggested folder.
page 60
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
page 61
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
8. In the right-hand pane, you should be in the root user’s home directory: /root. In the left-
hand pane, locate the newly extracted directory – c:\CyberArkFiles\InstallationFiles\
PrivilegedSessionManagerSSHProxy-RHELinux- Intel64-Rls-v13.0 – and drag and
drop it into the /root directory on the PSM-SSH machine, as shown in the image below.
You can use drag and drop.
page 62
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
2. Connect to the PSM-SSH server (10.0.0.4) as root with the password Cyberark1.
5.chmodRun thepsmpwiz1300.sh
755 list command to verify that your script is indeed executable.
ls -al
page 63
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
7../psmpwiz1300.sh
The script will first try to connect to GitHub to find a more recent version.
8. Next, you will be prompted for the Vault Address. This is the same address we used
when deploying the connector on the Windows server and is in the format:
vault-{subdomain}.privilegecloud.cyberark.cloud
vault-acme-emea-09.privilegecloud.cyberark.cloud
page 64
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
9. You will be asked to confirm the address. Enter y and hit Enter.
10. You will then be prompted to perform a connectivity test. Enter y and hit Enter.
11. If the connectivity test is successful, you will be prompted for the Privilege Cloud
Install Username. This is the same installer user that we used earlier. Copy the
information from your notepad file and hit Enter.
12. When prompted, copy and paste the installer user password and hit Enter.
13. You are then asked if you want to validate those credentials. Enter y and hit Enter.
14. Lastly, copy and paste the Portal URL from the Notepad file, but without the https://.
15. If the validation is successful, the installation process will begin. This will take a
couple of minutes, so please wait while the PSM for SSH is installed.
page 65
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
16. You will see a message when the installation completes successfully.
17. When the installation completes, you can close your Putty session.
page 66
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Log in the Privilege Cloud Web Portal, which is the cloud equivalent of the PVWA.
Assign an administrator role
We will first need to assign ourselves a role as an administrator in CyberArk Privilege Cloud.
2. Click on Privilege Cloud Administrators > Members and then click the Add button.
3. Search for your user, tick the box next to it, and then click the Add button.
page 67
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
4. You should see your user in the list of Members. Click the Save button to commit the
change.
1. Open a new tab in your browser and enter the address for your tenant:
https://{subdomain}.cyberark.cloud/privilegecloud
page 68
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
You should be re-directed to the Privilege Cloud Portal, which for those familiar with
CyberArk PAM Self-Hosted solution is essentially the PVWA.
2. Click on System Health and verify that you have 1 user instance for the CPM and 2 user
instances for the PSM / PSM for SSH.
page 69
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Note: The following exercises are based on topics covered in the PAM or Privilege Cloud
Administration courses, which are a prerequisite to this course.
2. Open Chrome and navigate to the Privilege Cloud portal URL assigned to you.
4. Create a safe called TEST. We don’t need to assign any users to it, so just click the
Skip and create Safe button.
page 70
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
6. Confirm the CPM can verify and change the target Linux and target Windows
privileged accounts.
page 71
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
Test PSM
1. Set Require privileged session monitoring and isolation in the Master Policy to
Active for all platforms.
2. Verify that you can launch a privileged session to both Target accounts (root and
Administrator). If prompted, enter a reason for accessing the account.
(Please note the connection to root on 10.0.0.4 may be slow. This is a Skytap issue.)
page 72
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
2. Launch a privileged session to the target Linux machine as root (via PSM for SSH). Use
the following connection string:
page 73
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
3. You will be prompted for your admin user password and then you will need to choose your
2FA authentication method – either 1. Click the link to authenticate, or 2. Enter code
manually. Choose an option and then authenticate according to the method chosen.
Again, the connection to 10.0.0.20 may be slow (after you have provided a reason for the
connection). Do not worry.
page 74
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.
CyberArk Privilege Cloud Install and Configure
The End
And that completes the installation and basic configuration of the CyberArk Privilege Cloud
solution integrated with the Identity Security Platform Shared Services.
page 75
2/27/2023
© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any means, electronic and
mechanical, without the express prior written permission of Cyber-Ark® Software Ltd.