Cyber-

Cyber-Ark lesson

PVWA – Advanced Lesson

Objectives

• Additional Advanced Topics

– Create new safes
– Passwords Check-out and Check-in
– Installing multiple instances of PVWA
• managing the PVWA
– The PVWA Environment on the Web Server
– The PVWA Environment in the Vault
– Configuring the PVWA
• Configuring passwords for Automatic Management
• Installing the PVWA

2
Cyber-
Cyber-Ark lesson

Additional Advanced Topics

Creating new safe
From the safes tab, click on Add Safe

4
Password Check-
Check-out &
Check-
Check-in
• Enforce Exclusive Passwords

Users will be able to access passwords exclusively. If the Safe is assigned to a CPM, after
being accessed the password value will be changed.

• Require Dual Control

Users must receive confirmation from authorized users before they can access passwords.

• Require Access Reason

Users are required to provide a reason for accessing passwords before they can be
accessed

• Enable Object Level Access Control

Access to passwords can be controlled according to passwords and files, regardless of user
authorizations in the Safe

5
Enforce Exclusive Passwords

• A locked password will have a lock next to it

in the PVWA

• A user must release a password after it was

locked by him by entering the password
details window screen and pressing the
release button

6
Enforce Exclusive Passwords

• To Unlock an Exclusive Password locked by another user

– Make sure you have administer safe authorization
– In the Passwords list, click the password object to unlock,
the password details screen appears
– Click the unlock button

• To Unlock an Exclusive Password locked by another user

immediately
– In the Passwords list, select the password object to
unlock, then click Edit; the Edit Password window
appears.
– Click Show advanced section; the advanced options
appear
– Click Unlock
7
Enforce Exclusive Passwords

• In the Password Policy configure the following

parameters:
– MinValidityPeriod – determines the number of minutes after
which an exclusive password will be released automatically
by the CPM.
– OneTimePassword – ensures that passwords will be
replaced after being retrieved by any user. If the passwords
are not released manually, they are released automatically
after the number of minutes specified in the
MinValidityPeriod parameter (OneTimePassword=Yes)
– ResetOveridesMinValidity – This parameter enables the
user to immediately release a locked password manually
through the PVWA

8
Installing multiple
instances of PVWA

• For load balancing and HA or access from

different networks: installed on 2 different
machines
• Instructions for installation are found in the
installation guide.

9
Cyber-
Cyber-Ark lesson

Managing the Policies

Add Policy – Step I

• System Tab | Web Access | Policies

11
Add Policy – Step I

• Right-click on
Policies, then in
the pop-up menu
select Add Policy;
a new Policy is
created.

• Modify existing
parameters and
properties and/or
create new ones
for this policy.

12
 Add Policy – Step I

• ID - specify the unique ID for

the new policy

• Properties – Required and

optional password properties that
will be displayed for all policies
under this device.

• Policies – Required and

optional password properties for
the specific password policy, as
well as properties that define the
functionality that will be applied
to passwords that are connected
to each policy.

13
Add Policy – Step II

• System Tab | Central Policy Manager | Add

Policy

14
Add Policy – Step II

• Specify the name of the password policy.

This name must indicate what sort of policy it is
and must be unique so that users can identify
it.

15
Add Policy – Step II

Display the
General
parameters, and
specify a unique
PolicyID.

16
Cyber-
Cyber-Ark lesson

Reports
Configuring the PVWA

18
Multiple Authentication methods

• One PVWA supports different types of

authentication.

19
Cyber-
Cyber-Ark lesson

Configuring passwords for Automatic

Management
Auto management

• Only a user with store authorization in a safe can add

passwords using the Add Button

• Add the correct policy to the PasswordManager safe

using the PrivateArk WebClient

• Create a password using the PVWA

– Select safe to store password
– Select correct policy
– Fill in information required

• Check that CPM can manage the password correctly

21
Installing the PVWA

• Before Installation
– Decide which authentication method to use and install it on
the PVWA machine
– Create a certificate for the web site to support SSL
• During installation
– Make sure you mention the correct CPM user
• After Installation
– Make sure the different users have correct permissions on
the web server
– Add Restrictions to the Protected Credentials File
– Add Restrictions to the Protected Credentials File
– In the Windows Temp folder: PVWAInstall.log
,PVWAInstallError.log

22
Installing multiple
PVWAs

• Two Password Vault Web Access

applications on different machines:
– High-Availability or Load Balancing
– To connect different types of users from different
networks

• Follow instructions in installation guide

carefully

23
Summary

• Adding new policies

• Multiple PVWAs
• The PVWA environments
• Configuring the PVWA
– There are more parameters that can be configured
• Manage passwords Automatically
• Refer to Implementation guide for additional
information

24
Q&A