CyberArk Import

Migrating CyberArk Accounts to Keeper

Keeper Commander will log on to CyberArk Privilege Cloud Web Portal or the self-hosted Password Vault Web Access (PVWA), retrieve accounts and their passwords, and automatically create corresponding Server records in Keeper.

keeper import --format=cyberark server.domain

If the server is a CyberArk Privilege Cloud Web Portal, i.e., it ends in ".cyberark.cloud," then it will prompt for the CyberArk Identity Tenant ID and CyberArk Service User credentials:

CyberArk Identity Tenant ID: abc12345
CyberArk service user name: myserviceuser
Cyberark service user password:

ℹ️ The Identity Tenant ID is the first part of the login URL, e.g., https://abc12345.cyberark.cloud/...

If the server is any other hostname or IP address, then it will prompt for the authentication method, username, and password for PVWA:

CyberArk logon type (Cyberark, LDAP, RADIUS or Windows): LDAP
CyberArk username: myusername
CyberArk password:

ℹ️ Use LDAP (not Windows) to log in with an Active Directory account

A Server record will be created for every CyberArk Account available to the logon. The Account's address will be used as the Hostname/IP of the corresponding Server record in Keeper.

Using a search string to limit results

The process will import all Accounts by default; however, appending a question mark (?) followed by the search string will limit processing to Accounts that match the search.

keeper import --format=cyberark 10.11.12.13?WinDomain

Error handling

The process will exit by raising an Exception upon the first occurrence of any error; it will not continue on failure, e.g., if getting the password for any one account generates an error.

PowerShell Method

The end-user guide includes a process to import data into Keeper from Cyberark using a PowerShell script. Note, however, that it accesses the Vault server directly, so it only works on self-hosted servers.

PreviousImport/Export CommandsNextLastPass Data Import

Last updated

Was this helpful?