Privilege Cloud version 12.6 is the first ever version of Privilege Cloud on the Identity Security Platform Shared Services. Through the release of version 12.6, Privilege Cloud is now fully integrated with CyberArk Identity within a unified user experience.
The platform unifies all of CyberArk’s offerings in one holistic Identity Security solution, with unified authentication, authorization and user management, as well as a series of additional shared services, including Identity Security Intelligence.
Note: The Identity Security Platform Shared Services are now available for new Privilege Cloud tenants. For existing Privilege Cloud tenants, upgrade to the Identity Security Platform Shared Services will be available for early adopters in Q3/Q4 2022. Reach out to your CyberArk account team for additional questions.
Self-Service and Simplification in Privilege Cloud v12.6
New Self-Service Configuration Options
Users can now more easily configure system experience and functionality without involving CyberArk support, improving ease of use and enabling operational efficiencies. The following configurations are now available for independent administrative control:
- Search Properties - Organizations can now configure parameters to define account search properties for easier, more accurate account search.
- Dual Control - Organizations can now configure parameters to define dual control access to accounts. You can now define policies to control connection request creation processes, request view and confirmation properties (such as request timeframe settings), request mandatory specifications and more.
- Ticketing Systems - Organizations can now configure parameters for integrating ticketing systems supported out of the box by Privilege Cloud (i.e., Service Now). This integration enables dual control workflows to use ticket creation and approval flows.
- Account UI Preferences - Organizations can now configure the Accounts page of the UI to make key information—such as the number of accounts displayed and the number of actions available—visible to end users.
- Connection Components - Organizations can now configure SSO requirements for remote devices connecting to a specific connection component, such as PSM-RDP or PSM-SSH. Other available configurations for improved user experience are user parameters, target settings, web form settings and more.
- Privileged Session Management (PSM) UI - Organizations can now configure parameters to define how PSM-related sessions are displayed in the Privilege Cloud portal, and for the user experience in privileged sessions.
- Privileged Session Management - Organizations can now configure parameters to define key settings for PSM and PSM for SSH settings, such as search properties, recording properties, live sessions properties and monitoring sessions properties.
Personal Privileged Account Flow – New capability for improved user experience!
Before this release, IT admins would face long and complex processes when creating privileged accounts.
The new personal account creation flow (currently in Beta) introduces quicker and simplified configuration processes for IT admins. It only requires entering basic and known details. More advanced settings (i.e., platform and CPM details) are preconfigured once by the system admin.
The new Personal Privileged Account Flow delivers these benefits:
- Account control: The characteristics for a new personal account are aligned from an organization’s selected platform settings and the new configuration form. This provides system admins better end-to-end control over personal privileged account settings. IT admins will not be able to misconfigure these accounts or deviate from organizational policy.
- Automatic safe creation: IT admins can now onboard their own privileged accounts using a dedicated personal safe that will be created automatically in the background with predefined properties.
- Secured account: The account and safe are personal and designed to be used only by the IT admin who created the account.
Terminate privileged session after dual control timeframe expiration
In addition to enforcing the start time of a privileged session, users can now enforce the timeframe associated with a dual control request and trigger session termination at the end of the timeframe. This capability offers accountability and compliance.
Learn more about how to enable, create and manage accounts.
Identity Security Platform Shared Services
Identity Security Intelligence (ISI)
Identity Security Intelligence is a shared threat intelligence service that automatically detects anomalous user behavior and privileged access misuse for both workforce and privileged users. It also produces real-time alerts and automated remediations to expedite identification, analysis and response to risky events.
In the first stage, the solution will provide security managers with the ability to receive and review user behavior analytics and security alerts, and to detect users’ risky behavior in privileged sessions.
By using Identity Security Intelligence, auditors can review risky sessions on the Monitoring page, while security teams leverage unified dashboards with behavioral analytics for all workforce and privileged identities to review and analyze alerts.
Currently, Identity Security Intelligence is available in regions serviced by data centers in America, Australia, England, Germany and Japan.
Identity Administration
By leveraging Single Sign On and built-in Adaptive MFA capabilities, Identity Administration provides a consistent identity management, authentication and authorization layer for all human and machine identities within an organization.
Identity Administration offers a built-in, default cloud directory, as well as integrations with on-prem and cloud-based directories, and federation with external IDPs.
For more information on these features, please visit:
Release notes and documentation
