CyberArk Dynamic Privileged Access – Deployment and API Enhancements

April 5, 2023 Ryne Laster

CyberArk Dynamic Privileged Access – Deployment and API Enhancements

CyberArk is continually expanding accessibility and ease of use for CyberArk Dynamic Privileged Access (DPA). CyberArk DPA complements CyberArk Privileged Access Manager (PAM) by provisioning just-in-time (JIT) access to virtual machines and servers hosted in the cloud or on-premises. The solution enables operational efficiencies and continues to deliver enhancements to a comprehensive PAM strategy. See below for the recent updates to CyberArk DPA.  

Unify Deployment for CyberArk PAM and CyberArk DPA Connectors

A CyberArk Dynamic Privileged Access connector can now be installed on the same machine as a CyberArk Privilege Cloud connector or on a machine hosting CyberArk Privileged Session Manager (PSM) for a CyberArk PAM Self-Hosted connector. This functionality decreases the footprint required by customers as only one machine will be needed to host both CyberArk DPA and CyberArk Privilege Cloud connectors. Customers with CyberArk PAM Self-Hosted programs can also efficiently host CyberArk DPA on a single CyberArk PSM component server. To benefit from this functionality, machines hosting the connector must be domain-joined. 

Store the CyberArk DPA Strong Account in CyberArk Privilege Cloud for Central Account Management

CyberArk DPA uses a "strong account" to provision ephemeral users with JIT access to targets. To protect this account from compromise, the best practice is to securely manage it with PAM controls. To reduce risk, customers can now store these strong accounts in the CyberArk Privilege Cloud Vault to easily manage, control and rotate the credential(s) along with other privileged accounts.  Learn more about storing strong accounts in CyberArk Privilege Cloud.

Use Multi-factor Authentication (MFA) Caching to Enable Easy SSH Connections to Multiple Servers 

You can now allow your end users to enter MFA details once, then in a configurable time period, connect to multiple targets with minimal input. The user authenticates to CyberArk DPA and downloads an SSH key. They then use that SSH key command to connect to desired targets via CyberArk DPA.  

Create an Alias for Short SSH Connection Commands

Customers can now create an alias, so users don’t need to enter their details every time they make a connection to a Linux machine.  

Use APIs to Streamline CyberArk DPA Policy Creation, Workflow Integrations and Automation Capabilities

Customers can now enable operational efficiencies for JIT access and workflows with an expanded range of programmatic capabilities through APIs. The Access Policies API allows you to automate the creation of CyberArk DPA policies and integrate CyberArk Dynamic Privileged Access with your IT service management ticketing system to create and update access policies upon user request and automatically add or update an existing policy for a new team member or project. 

CyberArk Dynamic Privileged Access is part of CyberArk’s offering for complete privileged access protection.
For more information on these features, please visit: 

To learn more about how to incorporate JIT access into your PAM program, check out our eBook, “3 Reasons to Adopt Just-In-Time Access for Identity Security.

Previous Article
CyberArk Dynamic Privileged Access Now Supports JIT Access to Windows Targets in Microsoft Azure
CyberArk Dynamic Privileged Access Now Supports JIT Access to Windows Targets in Microsoft Azure

CyberArk Dynamic Privileged Access now supports just-in-time (JIT) privileged access to Windows targets in ...

Next Article
Introducing CyberArk B2B Identity
Introducing CyberArk B2B Identity