Solved: Re: MS SQL Server Extension to Pull Account Password from IAM Tool?

sivart_89 · ‎03 Apr 2023

We are using NTLM authentication with the current version of AG extension Microsoft SQL Server. Our account passwords need to get updated every x number of months and when updated we will need to update ever endpoint to use the updated password. Are there any plans to allow for endpoints to pull from an IAM tool such as Cyberark to get their password?

Mike_L · ‎04 Apr 2023

A CyberArk integration with the credential vault, and for extensions to use the credential vault are both currently being developed. It should both land in just a matter of months.

Mike

sivart_89 · ‎04 Apr 2023

This will be a great addition. Thank you Mike and all involved!

sivart_89 · ‎12 Apr 2023

What this would like this when rolled out? Specifically we are leveraging the extension Microsoft SQL Server 2.0 from the hub and looking for this integration so that we don't need to configure our api call to use the username and password. Will cyberark integration with extensions 2.0 be a phased in approach as in they will eventually be updated to allow for this? Trying to understand specifically for our extension when we may have that ability.

I assume too that the extension endpoint would have an extra value in maybe the authentication scheme for cyberark and upon choosing that you would provide additional information such as what is prompted for when you attempt to use it in the credential vault? Or would we setup the credential in the vault then simply configure the endpoint to use this credential?

dglugla · ‎12 May 2023

In DB endpoint monitoring configuration it's possible to use DT credential vault credentials. These are synchronized with CyberArk using periodic synthetic test.

Unfortunately, it does not support other authentication schemes, like NTLM or Kerberos.

Empower Enterprise Apps and Services monitoring in Dynatrace