The Machine Identity Protection app for ServiceNow (MIPS) leverages the power of ServiceNow and CyberArk Certificate Manager to manage the lifecycle of your TLS Certificates. This application is capable of integrating with both Certificate Manager Self Hosted and Certificate Manager SaaS and supports connecting to more than one Certificate Manager environments at the same time.
The app allows organizations to standardize and streamline the process of requesting, installing, renewing and revoking certificates. When you implement and use this app, you directly implement processes that are based on experience with Fortune 500 organizations and supports Self Service.
With this integration application, an organization can
- Improve compliance and adherence to policies and standards by simplifying User request process
- Maintain an accurate inventory of all Machine Identity installed locations and association with CI in the CMDB
- Be able to replace all machine identities in a business as usual manner without additional manpower and emergency change management
- Leverage ServiceNow workflows for certificate request and approval to adhere to organizational policies and processes
- Avoid outages resulting from
- Unknown and unmanaged key stores / installed locations
- Untimely certificate renewals
AEYRiX's Machine Identity Protection app is the most comprehensive solution available today for integrating CyberArk Certificate Manager and ServiceNow. Many organizations have chosen and implemented CyberArk Certificate Manager to manage Machine Identities (Certificates, keys), but wish to manage their certificates within their IT Service Management framework seamlessly.
With the Machine Identity Protection application, users can leverage the power of the CyberArk Certificate Manager right from the ServiceNow UI. Certificates, server, and keystore objects created and maintained in CyberArk Certificate Manager can be mapped and associated with CIs in ServiceNow. The app provides a self-service capability for certificate management to application and infrastructure support personnel. It enables users to
- Request for New Certificates
- Automatically deploy certificates using CyberArk Certificate Manager
- Renew Certificates and install renewed certificates
- Revoke a Certificate
- Retire a Certificate
- Synchronize certificate changes in TPP back to ServiceNow
- Bulk renew/revoke certificates
- Request and renew SSH Certificates
This application provides organizations with the fastest path to integrating CyberArk Certificate Manager and ServiceNow. If you are a current user of Self-Hosted CyberArk Certificate Manager and have plans to move to SaaS, the application provides an almost seamless experience for the end users, as their UI, processes, etc., do not change.
Version 9.0 Release Notes
Key Enhancements:
- Rebrand: DifendaWorks has rebranded to AEYRiX.
- Credential Module Revamp: Credential code has been updated to use Flow Designer. The form has also been updated to enhance the user experience.
- Updated Expiry Management: Expiry Management has been consolidated into a single flow. A new system property is created to control the creation of renewal requests.
- New Decom/Revoke UI Action: Simplifies the process of creating decom/revoke requests for Certificates.
- SaaS Rest Call Update: Now allows customers to specify the location of the encryption file. Also retrieves Satellite Encryption Keys for various calls.
Bug Fixes:
- Download Certificate for CertManager SaaS doesn’t work consistently
- Issuing Templates not showing correctly when dynamically selecting Business Applications
- CertManager Self Hosted - IBM GSK objects not being created correctly
- Issue with newer ServiceNow versions - Query_range Error for ACL on TLS requests
- User roles configured from Record Producers
- Config/ReadAll REST calls to CertManager SelfHosted now include 'BypassCache: True' Attribute
- Decommission and Revocation actions can be initiated from a Renew Request
- Installation Requests are missing association to a parent certificate request
This release improves overall stability, enhances integration capabilities, and refines user experience.
ServiceNow ITSM module required. Integration Hub is not required.
A MID Server will be required for this application. Connections to the Self-Hosted CyberArk Certificate Manager REST API are made through the MID Server.
For CyberArk Certificate Manager SaaS, the MID server is still required, as some PowerShell scripts and one other executable are needed to encrypt sensitive data before sending it to the SaaS API.