CyberArk is proud to announce the next version of the Privileged Access Manager solution, version 12.2. Of note, this version is designated for Long Term Support as part of CyberArk’s End of Life policy and schedule, available at CyberArk Docs. Version 12.2 enables browser-based logins with credentials stored in the CyberArk Vault for applications used by business users, introduces enhancements to the CyberArk Telemetry tool, and improves the availability and performance of SCIM integrations through cloud hosting via the CyberArk Identity (formerly Idaptive) service.
Please note: these features are currently available only for self-hosted deployments. In late August, several of these features and other exciting announcements will be incorporated into CyberArk Privilege Cloud, our as-a-service solution.
With version 12.2, the CyberArk Privileged Access Manager Solution supports the following new features:
Simplification and Usability
Cloud-service SCIM support
Version 12.2 introduces new SCIM (System for Cross-domain Identity Management) support provided through the CyberArk Identity SaaS service to facilitate integrations between Privileged Access Management and Identity Governance and Administration (IGA) solutions such as SailPoint. The new SaaS approach improves availability and performance while reducing customers on-premises footprint. To learn more, please see here.
- Note: This capability is limited to customers with specific CyberArk Identity (formerly Idaptive) licenses. Contact your account team for more information.
- Note: Customers can continue to use our IGA integrations in the CyberArk Marketplace that leverage SCIM server technology.
Offline access to privileged accounts via CyberArk mobile app
Customers can now use the CyberArk mobile app to access privileged accounts and credentials when there is no network connectivity. The mobile app securely stores and protects credentials with multi-factor and biometric authentication. To learn more about offline access for PAM, please see here.
- Note: This capability is limited to customers with specific CyberArk Remote Access (formerly Alero) licenses. Contact your account team for more information.
- Note: This capability is already available for Privilege Cloud.
CyberArk Telemetry tool now reports on Secrets Management
The CyberArk Telemetry tool provides user-friendly dashboards to help customers track component utilization, compliance status of managed credentials and license utilization for their self-hosted PAM deployments. As of the 12.2 release, Telemetry reports on new metrics, including deployed and licensed Credential Providers, and counts for application secrets retrieved from the CyberArk Vault. To learn more about Telemetry’s reporting capabilities, please see here.
- The CyberArk Telemetry Tool is available in the CyberArk Marketplace for simple, self-service installation.
PVWA UI enhancements
Version 12.2 introduces several enhancements to the PVWA user interface, including a modernized look and feel in alignment with CyberArk’s transition to a single, unified UI for all solutions. The new UI provides an improved experience by simplifying many standard processes for PAM administrators managing Safes. To learn more about the PVWA UI updates, please see here.
Enhancements for large-scale Privileged Session Manager deployments
Several updates improve the flexibility for large-scale PSM deployments, including reduced storage consumption requirements, custom recording paths and automatic clean-up of unnecessary storage for PSM shadow users, saving up to 100mb per PSM Shadow user. To learn more about these updates, please see here.
Global default connection method for Privileged Session Manager
This version introduces a global default setting that eliminates the need to manually configure connection methods (RDP or HTML5 Gateway) for all account platforms, helping PAM administrators to benefit from simplified workflows, while retaining the option to use either connection method. To learn more about the global PSM setting, please see here.
New Security Capabilities
Browser-based login for business users
In this version, the CyberArk Identity browser extension streamlines login to web applications for business users by storing credentials in the CyberArk Vault. Without installing agents, business users can leverage auto-capture and form-fill capabilities to launch applications from their browser extensions, the Identity User SSO Portal or the CyberArk Mobile App. To learn more about the new login experience, please see here.
- Note: This capability is limited to customers with specific CyberArk Identity (formerly Idaptive) licenses. Contact your account team for more information.
- Note: This capability is already available for Privilege Cloud.
Credential management for Google Cloud Platform (GCP) IAM users with MFA enabled
A new Central Policy Manager (CPM) plugin enables secure management of credentials for GCP IAM users, including those with MFA enabled. This integration is available via the CyberArk Marketplace. To learn more about the CPM plugin, please see here.
Automation and Deployment
Vault deployment on Windows Server 2019
The CyberArk Digital Vault now supports deployment on the Microsoft Windows Server 2019 Data Center edition OS. To learn more about Vault deployment for Windows 2019, please see here.
- Note: Support covers the Standalone Vault, DR Vault and Cluster Vault. Distributed Vaults and cloud deployment images are not yet available for Windows 2019.
REST API enhancements
Previous versions of the Privileged Access Manager solution have introduced REST API enhancements aimed at increasing automation and facilitating more efficient user and Safe management processes. Version 12.2 includes new and improved REST APIs to collectively enable automation for:
- Management of Safes and Safe Members
- Retrieval and update of details for a Safe, a Safe’s Members, or overall users and groups
To learn more about REST API enhancements, please see here.
For more information on the 12.2 release at CyberArk docs.