Forum Discussion
The Cache Refresh Interval is a parameter of the CyberArk Credential Provider. It is not something that is managed or configured by ScienceLogic. The CyberArk documentation provides instructions on how to change it.
The CyberArk documentation also describe the behavior of the Credential Provider during password changes.
Synchronize automatic password changes with the Credential Provider
https://docs.cyberark.com/credential-providers/latest/en/content/ccp/controlling-application-passwords-change-processes.htm?Highlight=password%20change%20process#SynchronizeautomaticpasswordchangeswiththeCredentialProvider
Given that use of SL1 and CyberArk are often unique, tuning of the CyberArk parameters may be required. CyberArk can assist with tuning the Vault and Credential Provider to address this issue.
You might also inquiry with CyberArk how to reduce the timeframe for which password changes occur so that a corresponding maintenance interval can be scheduled within SL1 so that collection is suspended during password changes. There are parameters like ExecutionDays, FromHour, and ToHour that might help narrow the time interval for which password changes occur.
Hi John,
Its great that you brought this up. To that document(Central Credential Provider) SL1 provides documentation for integration with external credential tools like CyberArk with Credential Provider. I am trying to get more into the Credential provider - Single account and Double account password change processes. Which are available with developer (CyberArk). Definitely I will be involving the CyberArk vendor. I appreciate the feedback on this. It will be helpful if SL1 provides the Best practices while using CyberArk credential provider, Polling intervals are critical to SL1 and guidance on those are expected to let clients use tools efficiently. See this.... https://docs.cyberark.com/credential-providers/latest/en/content/cp%20and%20ascp/changing-single-account.htm?tocpath=Developer%7CCredential%20Provider%20(CP)%7CApplication%20passwords%20change%20processes%7C_____2
The statement "corresponding maintenance interval can be scheduled within SL1 so that collection is suspended" drives me crazy. Should we really opt this as practice where we expect to keep the lights on for operations and monitoring?
Related Content
- 2 months ago
- 5 months ago