Configuring CyberArk Identity to communicate with QRadar

To send events to QRadar® from CyberArk Identity, create a user role and configure a user policy on CyberArk Identity. The QRadar user can then create a log source in QRadar.

Important: Centrify Identity Platform is now CyberArk Identity. The DSM RPM name remains as Centrify Identity Platform in QRadar.

Before you begin

Ensure that you have the Tenant ID and admin login details that are supplied by CyberArk. Ensure that you have the correct user permissions for the CyberArk admin portal to complete the following steps:

Procedure

  1. Log in to your CyberArk Identity admin portal.
  2. Create a CyberArk Identity user role:
    1. From the navigation pane, click Roles > Add Role.
    2. In the Name field, type the name for the role.
    3. Select Members, and then click Add.
    4. In the Add Members window, search for the user name to assign to the role, and then select the member.
    5. Click Add.
    6. Select Administrative Rights, and then click Add.
    7. From the Description list, select Read Only System Administrator.
    8. Click Save.
  3. Create an authentication profile:
    1. From the navigation pane, click Settings > Authentication.
    2. From the Platform menu, click Authentication Profiles.
    3. Click Add Profile, and then type a name for the profile in the Profile Name field.
    4. From the Challenge 1 pane in the Authentication Mechanisms window, select Password.
    5. From the Challenge Pass-Through Duration list, select 30 minutes, and then click OK. The default is 30 minutes.
      Important: Do not select any options from the Challenge 2 pane in the Authentication Mechanisms window. Select options only from the Challenge 1 pane.
  4. Configure a user policy:
    1. From the navigation pane, click Policies > Add Policy Set.
    2. From the Policy Setting pane, type a name for the policy in the Name field.
    3. From the Policy Assignment pane, click Specified Roles.
    4. Click Add.
    5. From the Select Role window, select the role that you created in Step 2 from the Role list, and then click Add.
    6. From the Policy Settings menu, select Login Policies > Centrify Portal.
    7. From the Enable authentication policy controls window, select Yes.
    8. From the Default Profile pane, select the authentication profile that you created in Step 3 from the Default Profile list.
    9. Click Save.
    Note: If you have difficulty when configuring CyberArk Identity to communicate with QRadar, contact your CyberArk administrator or your CyberArk contact.