HomeProduct documentationGitHubCyberArk developer community

CyberArk Identity Powershell Utility Installation

Suggest Edits

Install the CyberArk Identity PowerShell Utility

  1. Download AWS CLI Tools from the Admin Portal.
  2. Unzip the file into a new folder.
  3. Run Windows PowerShell for AWS as an administrator.
  4. Run Set-ExecutionPolicy Unrestricted to enable the scripts.
  5. Run [System.Net.ServicePointManager]::SecurityProtocol and check for TLS12 in the resulting output. If there no TLS12 in the protocol list, run the following commands.
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
  1. If you are working behind a proxy server, run the following commands to enable your Powershell session to use proxy credentials. 
$webclient=New-Object System.Net.WebClient
$creds=Get-Credential
$webclient.Proxy.Credentials=$creds
  1. Navigate to the aws-cli-utilities-master\AWS Powershell - Idaptive v1 folder that was previously unzipped and run the following command, replacing the tenant variable as needed:
.\Authenticate.ps1 –Tenant <Tenant.idaptive.app> -Location “\absolute_path\aws\credentials”

📘

Note:

  • Both Tenant and Location parameters are optional
  • Tenant by default points to pod0.idaptive.app
  • Default AWS region needs to be set using a different command. See step 14.
  • Location specifies the absolute path of the AWS credentials file
  • If location is not specified, the default location USER_HOME/.aws/credentials is used
  1. Enter your Idaptive credentials for authentication.

📘

Note

Credentials may be a MFA per user configuration.

  1. Once authenticated, all authorized AWS applications are listed.
  2. Choose an application by entering the number of the application.
  3. Running an application will generate a SAML. The SAML will be posted to AWS for its credentials.
  4. Choose an AWS role.
  5. If the inputs are correct, the AWS credentials will be saved in the profile <ProfileName>. Use <ProfileName> to run AWS commands. For example:
Get-S3Bucket -ProfileName <ProfileName>
  1. To set your default region, use the following AWS commands. 
Set-DefaultAWSRegion -Region <region>
Where region = us-east-1, us-west-1 etc.

Updated over 1 year ago