Here’s a step-by-step guide for CyberArk User Onboarding, Password Rotation, and Password Reset processes:

1. CyberArk User Onboarding (for Privileged Accounts)

CyberArk onboarding involves adding privileged accounts to be managed within the vault.

Steps for User Onboarding in CyberArk:

1. Log in to CyberArk PVWA (Password Vault Web Access):

• Open the PVWA URL and log in using your admin credentials.

2. Create or Select a Safe:

• Navigate to Administration > Safes.

• Create a new safe or choose an existing one where you want to store the privileged accounts.

• Assign permissions (Owner, User, etc.) for specific users or groups to manage the safe.

3. Onboard an Account:

• In PVWA, go to Accounts > Add Account.

• Select the appropriate Platform (e.g., Windows, Unix, etc.).

• Provide details for the account:

• Account Name: Username of the account.

• Target Machine: IP or hostname of the system where the account resides.

• Password: You can enter the current password or let CyberArk automatically discover it if integrated.

• Safe Name: Specify the safe where the account will be stored.

4. Set Policies (Optional):

• Configure password policies such as password rotation interval, complexity requirements, and automatic password reconciliation.

• Define who can retrieve, use, and reset the password (user/group permissions).

5. Save and Validate the Account:

• After saving, validate the account to ensure CyberArk can connect to the target machine and manage the account’s password.

• Validation includes confirming that CyberArk can retrieve the password and that the connection to the target system is successful.

2. Password Rotation in CyberArk

CyberArk offers automatic password rotation to ensure passwords are regularly changed as per security policies.

Steps for Password Rotation in CyberArk:

1. Navigate to the Account:

• In PVWA, go to Accounts and search for the account whose password needs to be rotated.

2. Manual Password Rotation:

• Select the account and click on the Rotate Password option.

• Confirm the password rotation. CyberArk will then change the password on the target machine and store the updated password securely in the vault.

3. Automatic Password Rotation:

• Set up password rotation policies for specific accounts or platforms:

• Go to Platform Management and select the platform associated with the account (e.g., Windows, Unix).

• Under Password Management, configure rotation frequency (e.g., every 30 days) and complexity settings.

• CyberArk will automatically rotate the password at the configured interval without manual intervention.

4. Verify Rotation:

• After rotation, CyberArk verifies the password change on the target system.

• It also updates the new password in the vault and syncs with any dependent systems using the CyberArk Vault.

3. Password Reset in CyberArk

CyberArk allows privileged users to reset passwords securely for accounts they have access to.

Steps for Password Reset in CyberArk:

1. Log in to PVWA:

• Use your credentials to access the vault via PVWA.

2. Navigate to the Account:

• In the Accounts section, search for the account whose password you need to reset.

3. Initiate Password Reset:

• Select the account and click on Reset Password.

• You can manually enter a new password or let CyberArk generate a secure, complex password based on preconfigured policies.

• If required, define password attributes (such as length and complexity) based on your organization’s security policies.

4. Confirm Password Reset:

• CyberArk will connect to the target machine, change the password, and store the new password in the vault.

• The reset is completed on both the vault and the target system.

5. Password Reconciliation (Optional):

• If the password has been changed manually or outside of CyberArk, CyberArk can use Password Reconciliation to detect and fix any discrepancies.

• You can configure automatic reconciliation by going to the Platform settings and enabling the Password Reconciliation feature.

Summary of the Processes:

1. User Onboarding:

• Log in to PVWA, create or select a safe, onboard privileged accounts, and set up policies.

2. Password Rotation:

• Manual or automatic password rotation ensures regular password updates to meet security policies.

3. Password Reset:

• Users can reset passwords manually or let CyberArk generate a new secure password, with changes reflected both in the vault and on the target machine.

These processes help maintain secure access to privileged accounts while ensuring password hygiene and compliance with organizational security policies.