CyberArk Privilege Cloud v14.3 significantly improves user experience and operational efficiency with a new Discovery service and in-product notifications. It also enhances session management capabilities, including added support for Snowflake databases, access for out-of-domain Windows targets, expanded multifactor authentication (MFA) options for *nix sessions and more.
Improvements include:
- New scan management experience with the new CyberArk Discovery service
- In-product notifications
- Session management enhancements:
o Support for Snowflake databases
o Access for out-of-domain Windows targets with Zero Standing Privileges (ZSP).
o Strong account view for Windows access with ZSP
o Reconnection grace time for ephemeral users in Windows sessions
o Added support of expanded MFA options for *nix sessions
o Lightweight, third-party vendor access to Windows targets
- Customized Ticketing Integration support
- HTTP basic authentication for web applications with Privileged Session Manager (PSM)
- Enhanced Google Cloud Platform (GCP) GovCloud MFA Support
New and improved Discovery Service
New scan management experience with Discovery Service
The new CyberArk Discovery service streamlines the scanning of environments containing *nix or Windows targets, enhancing user experience, efficiency and scalability for discovering and onboarding unmanaged privileged accounts. The service adds to existing capabilities for automatic discovery and onboarding of local endpoint accounts, accelerating modern PAM programs.
Key Benefits:
- Efficient scan logic and better automatic account onboarding with scans per machine list or domain.
- The Connector Management service enables Discovery to run scans with reduced footprint, load balancing and high availability.
- Enhanced analysis and onboarding with discovered account tags.
Learn more about the Discovery service.
Improved User Experience
In-product notifications in the CyberArk Identity Security Platform
A new in-product notification system enhances customer engagement and user experience by integrating notifications directly into the user interface.
Session Management Enhancements
Support for Snowflake Databases
CyberArk Privilege Cloud now supports secure native, isolated access to Snowflake databases with Zero Standing Privileges (ZSP) and vaulted credentials. This adds to the existing support for MySQL, SQL server, Maria DB, PostgreSQL, Oracle, DB2 and MongoDB databases.
Learn more about access to databases with ZSP and with vaulted credentials.
Access for Out-of-Domain Windows Targets with ZSP
Customers can now access out-of-domain Windows targets with ZSP in addition to the existing support for access with vaulted credentials.
Learn more about adding out-of-domain access to Windows.
Enhancements to Strong Account View for Windows Access with ZSP
The enhanced interface offers easier management of strong accounts, mainly when many accounts are in use. Examples include replacing the display tile with a table format, and bulk actions are now included.
Learn more about adding and managing strong accounts for Windows targets.
Management of Strong Accounts with APIs
This enables easier administration when accessing Windows targets with ZSP, particularly in large deployments.
Learn more about strong account APIs.
Support for Reconnection Grace Time for Ephemeral Users in Windows Sessions
When accessing Windows targets with ZSP, CyberArk creates an ephemeral user for each session and deletes it when it ends. However, users may need more time to complete processes after the session ends. Now, customers can set an access policy that allows them to reconnect to the same target with the same ephemeral user for the original maximum session time, improving flexibility for end users.
Learn more about reconnection mode.
Added Support of MFA Options for *nix Sessions
New options for the first and second MFA challenges in privileged sessions include mobile authenticator and phone call. These options join the existing MFA challenges for access to *nix targets, improving flexibility and user experience.
Improved User Experience in Session Management
Customers can now easily access up to 50 of their recently accessed target systems, streamlining workflows and improving efficiency. Additional interface enhancements enable more intuitive and user-friendly navigation between target systems.
Learn more about the UI enhancements.
Support for Third-party Vendor Access to Windows Targets
Customers using CyberArk Vendor PAM can now grant third-party vendors access to Windows targets with session isolation from the DPA component, with either ZSP or vaulted credentials. This reduces the footprint required to isolate and audit privileged third-party sessions.
Note - this capability is available for customers licensed to use Vendor PAM.
Learn more about Vendor Access with the DPA component.
Additional support
Customized Ticketing Integration Support
When configuring ticketing integration, users are prompted to provide a valid enterprise ticket ID to connect to a target machine as an extra control layer. Now, customers can request custom ticketing modules by submitting a request to CyberArk support. This enables customers to upload and utilize customized ticketing integrations created by CyberArk that are tailored to their needs. This adds to our existing integrations with ServiceNow and BMC Remedy. Version 14.3 also introduced two REST APIs to enhance Ticketing Integration support. These APIs enable customers to seamlessly import customized Ticketing Integration and access logs for monitoring activities.
Learn more about requesting a custom ticketing module.
Support HTTP Basic Authentication for Web Applications for Privileged Session Manager (PSM)
This enhancement joins our existing support in Central Policy Manager (CPM) Plugins and allows users to seamlessly access and manage their privileged accounts within the web framework. This ensures seamless integration with various authentication mechanisms for improved security and ease of use.
Note - This is supported by PSM version 14.3 and above.
Learn more about web applications for PSM.
Enhanced GCP GovCloud MFA Support
We've enhanced CyberArk’s Government Cloud (GovCloud) support within our Google Cloud Platform (GCP) offering. Now, both the GCP Service Account and the GCP Account Management plugin offer Multifactor Authentication (MFA) support within privileged sessions in GCP GovCloud environments. This ensures secure and efficient management of service accounts for government-related operations.
To learn more about the new features of CyberArk Privilege Cloud, please visit:
Release notes and documentation.
Upgrade Process for Privilege Cloud Connector.
Component downloads are available on the CyberArk Marketplace.