search

CyberArk Import

Migrating CyberArk Accounts to Keeper

Keeper Commander will log on to CyberArk Privilege Cloud Web Portal or the self-hosted Password Vault Web Access (PVWA), retrieve accounts and their passwords, and automatically create corresponding Server records in Keeper.

keeper import --format=cyberark server.domain

If the server is a CyberArk Privilege Cloud Web Portal, i.e., it ends in ".cyberark.cloud," then it will prompt for the CyberArk Identity Tenant ID and CyberArk Service User credentials:

ℹ️ The Identity Tenant ID is the first part of the login URL, e.g., https://abc12345.id.cyberark.cloud/...

If the server is any other hostname or IP address, then it will prompt for the authentication method, username, and password for PVWA:

ℹ️ Use LDAP (not Windows) to log in with an Active Directory account

CyberArk Accounts based on Platforms in the Windows and *NIX groups will be imported as Server records. Accounts based on the Business Website platform, i.e., CyberArk Workforce Password Management Accounts, will import as Login records.

hashtag
Importing Accounts

The process will list the Accounts to be imported, including the ID, Name, and Safe. It will also show a progress meter with a timer and ETA. If password retrieval fails for an Account, a Retry, Skip, or Skip All dialog is presented. The process can retry the request, skip the Account, or skip all Accounts that trigger the same HTTP status.

A dialog resulting from a 400 (Bad Request) HTTP response from the password API endpoint.

hashtag
Skipped Accounts

The skipped Accounts will be listed after processing is complete. The list includes the ID, Name, Safe, and the Error code and message.

hashtag
Using a search string to limit the imported Accounts

The process will import all Accounts by default; however, appending a question mark (?) followed by the search string will limit processing to Accounts that match the search.

hashtag
Using a custom query string

Alternatively, if the search string contains '=', the process will pass it to the CyberArk Get Accounts endpoint as a query string. E.g.,

passes the limit and offset parameters to the Accounts endpoint, causing it to page the accounts 10 at a time, starting at the 20th account.

hashtag
PowerShell Method

The end-user guidearrow-up-right includes a process to import data into Keeper from Cyberark using a PowerShell script. Note, however, that it accesses the Vault server directly, so it only works on self-hosted servers.

PreviousImport/Export CommandsNextCyberArk User Portal Import

Last updated

Was this helpful?