CyberArk PAS Onboard Website Account (Wordpress Admin Page as an Example)

I spent sometime to try to figure out how to add a website account into Vault and use PVWA to log in Website using CyberArk PAS without revealing password. There are many documents relating to this topic but the steps are not clear enough for me at the beginning. I summarized all steps together in this post. Hopefully it will helps if someone has same confusion as I.

Enable Chrome in PSM Server

By default, Chrome is not enabled at PSM server, only IE. To get PSM works well with your web sites, Chrome option will be a best browser so far. 

Install ChromeDownload and  Install Google Chrome on your PSM machine.Ins

AppLocker rulesConfigure AppLocker to enable Chrome to run.

Remove the read-only permission from the PSMConfigureAppLocker.xml file.
2. In the Hardening subfolder of PSM installation folder, open the PSMConfigureAppLocker.xml configuration file and edit the AllowedApplications section:
   At the beginning of the Google Chrome processes section, remove the following line:
   
   
   <!-- If relevant, uncomment this part to allow Google Chrome webform based connection clients
   
   
   At the end of the Google Chrome processes section, remove the following line:
   
   
   End of Google Chrome process comment -->
   
   
   Specifically, make sure that the following lines are uncommented:
   
   
   <Application Name="PSM-WebAppDispatcher" Type="Exe" SessionType="*" Path="C:\Program Files (x86)\CyberArk\PSM\Components\CyberArk.PSM.WebAppDispatcher.exe" Method="Hash" /> <Application Name="chromedriver" Type="Exe" SessionType="*" Path="C:\Program Files (x86)\CyberArk\PSM\Components\chromedriver.exe" Method="Hash" /> <Application Name="PSM-ProgressBar" Type="Exe" SessionType="*" Path="C:\Program Files (x86)\CyberArk\PSM\Components\CyberArk.ProgressBar.exe" Method="Hash" /> <Application Name="GoogleChrome" Type="Exe" Path="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" Method="Hash" />
   <Application Name="IExplore32" Type="Exe" Path="c:\Program Files (x86)\Internet Explorer\iexplore.exe" Method="Publisher" /> <Application Name="IExplore64" Type="Exe" Path="c:\Program Files (x86)\Internet Explorer\iexplore.exe" Method="Publisher" />
   
   
   
   Verify that the path specified in the xml matches the browser installation path. Save the PSMConfigureAppLocker.xml configuration file and close it.
   Use the following command to run PowerShell and start the script:

CD “C:\Program Files (x86)\CyberArk\PSM\Hardening”
./PSMConfigureAppLocker.ps1

Create a new connection component

Copy a existing PSM-WebAppSample (Not PSM-WebFormSample) connection component and paste in as a new one. Rename id to a different one.

Create a new platform

• Duplicate a existing Generic Web App platform.
• Edit it.
• Assign PSM and the new created connection component to new platform

Create a Website Account

Create an account

System Type : Website
Assign to Platform : 51Sec-Generic Web App
Store in Safe : 51Sec-Personal-Test
Username : admin
Address: blog.51sec.org/wp-login.php
Password: Password123456!

References

• Microsoft Office 365 Marketplace
• Microsoft Office 365 Implementation Guide
• Web Applications for PSM
• https://www.reddit.com/r/CyberARk/comments/5rkekp/office_365_with_cyberark/
• Secure Web Application Connectors Framework Installation Guide
• Secure Web Application Connectors Framework Developers Guide
• PSM Use Google Chrome: PSM for Web Applications