Digital Exchange

 View Only
last person joined: 5 days ago 

This community is a place to discuss Blue Prism DX assets and development.

  • 1.  CyberArk Blue Prism Integration - Certificates

    Posted 06-22-2021 06:16
    Dear community,

    my query relates to the CyberArk Blue Prism Integration solution that is published on the BP Digital Exchange website:

    https://digitalexchange.blueprism.com/dx/entry/10326/solution/blue-prism-cyberark-integration

    The integration  is primarily designed to authenticate BP client using a client certificate. A Client Certificate will need to be distributed to each Blue Prism Runtime Resource machine.

    Is it to be a single certificate, a certificate with the same serial number, that will be distributed in this way? Is it better to store it in the current users' certificate store or the local machine certificate store?

    Does anyone have any practical experience with this?
    Thank you

    Jiri


    ------------------------------
    Jiri Hlucil
    Blue Prism Developer
    Sberbank CZ, a. s.
    Europe/Prague
    ------------------------------


  • 2.  RE: CyberArk Blue Prism Integration - Certificates

    Posted 06-22-2021 16:37
    Hi Jiri,

    In my experience with CyberArk, each Digital Worker would have its own unique client certificate (stored in the User Certificate store). In that way, it is clear to CyberArk which Digital Worker it is communicating with.

    ------------------------------
    Charles Kovacs
    Developer Consultant
    Blue Prism
    America/Chicago
    ------------------------------

    Original Message


  • 3.  RE: CyberArk Blue Prism Integration - Certificates

    Posted 06-23-2021 07:35
    Hi Charles,

    thank you for your reply.
    What you write sounds logical. It will be a suitable solution for our environment where we have a Digital Worker fixed to each BP runtime resource.

    However, the CyberArk Blue Prism Integration solution that is published on the BP Digital Exchange website assumes a single certificate definition in the process layer based on the thumbprint. Can multiple personal certificates have the same thumbprint? I confess that I don't know much about digital certificates.

    Jiri


    JH

    ------------------------------
    Jiri Hlucil
    Blue Prism Developer
    Sberbank CZ, a. s.
    Europe/Prague
    ------------------------------

    Original Message


  • 4.  RE: CyberArk Blue Prism Integration - Certificates
    Best Answer

    Posted 06-23-2021 16:48
    The thumbprint will be unique to each certificate, so no two certificates should have the same thumbprint.

    That process in the CyberArk integration is more of an example rather than a production-ready process. With multiple Digital Workers at play, each with their own unique certificate, you can use that example process as a springboard, but you will want to re-work it so that it can dynamically select the right thumbprint for the Digital Worker who runs the process. Off the top of my head, this might be some sort of lookup table that matches the Digital Worker's computer name to the right certificate thumbprint.

    Have you worked with the Login Agent before? I ask because the Login Agent VBO has a clever way of using BP's Credential manager and an environment variable to dynamically retrieve a password for a Digital Worker. You could apply this same logic to the CyberArk certificate thumbprint retrieval. Just food for thought, but this would be my approach for a CyberArk production environment.

    https://bpdocs.blueprism.com/bp-7-0/en-us/Guides/login-agent/advanced-installation-configuration.htm#Setting

    Cheers

    ------------------------------
    Charles Kovacs
    Developer Consultant
    Blue Prism
    America/Chicago
    ------------------------------

    Original Message


Related Content

Welcome to the Blue Prism Digital Exchange Community!

The Blue Prism Digital Exchange is a "shop window" for new and emerging technologies—a platform that puts powerful RPA and AI capabilities into the hands of business leaders. Users can find and apply pre-built AI capabilities, in the form of downloadable integrations and Visual Business Objects (VBOs), to automated processes. These assets connect and integrate Digital Workers, existing systems and processes to Blue Prism's technology partners, creating a solid foundation of AI-enabled Intelligent Automation that's scalable and sustainable.

Blue Prism Digital ExchangeDX Asset IdeasContact DX Support

FAQs

The Blue Prism Digital Exchange (DX) is an online marketplace where businesses can instantly access, apply and share pre-built AI, cognitive and advanced RPA technologies from best-in-class providers. These assets easily connect to existing digital workers, systems and processes to enhance automation capabilities.
The Digital Exchange is free to all users. Most of the content on the DX is free to download but there are some submissions that do have a cost associated. The submissions with a cost are advertised on the asset card and profile. No unwanted costs will be applied to any users.
You can visit and browse the Digital Exchange here. If you would like to consume or download any material it is necessary to create an account on the Blue Prism Portal first.
Everyone can access the Digital Exchange and consume the assets on it. If you would like to contribute to the marketplace it is necessary that you create an account and sign up as a partner.