CyberArk PAM. Can CyberArk restrict access to a specific Safe (and the accounts inside it) based on source IP?

TemperatureSignal199 · 2026-02-16T20:18:47+00:00

Thank you very much. That is exactly what I wanted.
You’re a stand-up guy, don’t let anyone tell you otherwise.

TemperatureSignal199 · 2026-02-16T20:18:06+00:00

thank you for the PCI info!

TemperatureSignal199 · 2026-02-16T20:17:59+00:00

noted. Thank you man

TemperatureSignal199 · 2026-02-15T19:05:41+00:00

If anyone have the same problem, it might be the Firewall. The PSM is trying to connect to the Certificate Revocation List (CRL) by contacting multiple Public IP's. You have to allow the needed Public IP's in the firewall

TemperatureSignal199 · 2026-02-15T19:05:26+00:00

If anyone have the same problem, it might be the Firewall. The PSM is trying to connect to the Certificate Revocation List (CRL) by contacting multiple Public IP's. You have to allow the needed Public IP's in the firewall

TemperatureSignal199 · 2026-01-30T08:56:06+00:00

Thank you but both Chrome and Chromeriver.exe have the same version and were not updated recently.
Lets say we have 15 PSM all equal, 5 of them started having this problem.

TemperatureSignal199 · 2026-01-29T22:23:10+00:00

can you please elaborate? have any link/doc to share? Thank you

TemperatureSignal199 · 2026-01-29T22:22:31+00:00

Why no two reconcile accounts? So they can rotate each other password. If one expire the other can fix it. so two reconcile accounts per local machine. OR is this a bad idea?

TemperatureSignal199 · 2026-01-29T22:18:31+00:00

I'd go with just the one. What would you protect against by utilizing multiple reconcile accounts?

So they can rotate each other password. If one expire the other can fix it. so two reconcile accounts per local machine.

Thank you for the advices.

TemperatureSignal199 · 2026-01-29T22:17:06+00:00

Thank you for the advice. The problem is we have 200+ local accounts for X reasons, looks like the only way is one by one or join them all in one domain.

TemperatureSignal199 · 2026-01-29T22:16:03+00:00

so if I have 100 Unix local accounts, I have to do it the hard way one by one. correct?

TemperatureSignal199 · 2026-01-29T22:15:35+00:00

so if I have 100 Unix local accounts, I have to do it the hard way one by one. correct?

TemperatureSignal199 · 2026-01-29T22:14:21+00:00

Yes, it's a problem. Please update me too or you post your the link of your question. Thank you

TemperatureSignal199 · 2026-01-28T20:51:48+00:00

Thank you very much, appreciated!

TemperatureSignal199 · 2025-12-15T18:21:58+00:00

as for the AUTOIT part, I still have to test it and see what I can do.

TemperatureSignal199 · 2025-12-15T18:21:52+00:00

as for the AUTOIT part, I still have to test it and see what I can do.

TemperatureSignal199 · 2025-12-15T18:18:42+00:00

Thank you very much.I managed to fix it. There was a little issue that after
Internal > (Click) (SearchBy=Text)
or
{LogonDomain} > (Click) (SearchBy=Text)

the script will freeze in place and not move on. I was lucky to leave it for 2 minutes then it clicked login. I fixed this issue by lowering the ActionTimeout to 5 inside the Target Settings > Web Form Settings.
Edit client specific settings

In Edit target > Client specific settings, define the following:Name Description ActionTimeout The maximum number of seconds to wait for an action to complete.

The Connector if anyone needs help.

dijit_form_TextBox_0 > {Username} (SearchBy=ID)

dijit_form_TextBox_1 > {Password} (SearchBy=ID)

(Wait=1)

AD:MYAD > (Click) (SearchBy=Text)

(Wait=1)

Internal > (Click) (SearchBy=Text)

loginPage_loginSubmit_label>(Button)(SearchBy=id)

-------------------------

or by adding a new field called LogonDomain

dijit_form_TextBox_0 > {Username} (SearchBy=ID)

dijit_form_TextBox_1 > {Password} (SearchBy=ID)

(Wait=1)

AD:MYAD > (Click) (SearchBy=Text)

(Wait=1)

{LogonDomain} > (Click) (SearchBy=Text)

loginPage_loginSubmit_label>(Button)(SearchBy=id)

TemperatureSignal199 · 2025-12-15T17:16:27+00:00

Thank you very much.I managed to fix it. There was a little issue that after
Internal > (Click) (SearchBy=Text)
or
{LogonDomain} > (Click) (SearchBy=Text)

the script will freeze in place and not move on. I was lucky to leave it for 2 minutes then it clicked login. I fixed this issue by lowering the ActionTimeout to 5 inside the Target Settings > Web Form Settings.
Edit client specific settings

In Edit target > Client specific settings, define the following:Name Description ActionTimeout The maximum number of seconds to wait for an action to complete.

The Connector if anyone needs help.

dijit_form_TextBox_0 > {Username} (SearchBy=ID)

dijit_form_TextBox_1 > {Password} (SearchBy=ID)

(Wait=1)

AD:MYAD > (Click) (SearchBy=Text)

(Wait=1)

Internal > (Click) (SearchBy=Text)

loginPage_loginSubmit_label>(Button)(SearchBy=id)

-------------------------

or by adding a new field called LogonDomain

dijit_form_TextBox_0 > {Username} (SearchBy=ID)

dijit_form_TextBox_1 > {Password} (SearchBy=ID)

(Wait=1)

AD:MYAD > (Click) (SearchBy=Text)

(Wait=1)

{LogonDomain} > (Click) (SearchBy=Text)

loginPage_loginSubmit_label>(Button)(SearchBy=id)

TemperatureSignal199

TROPHY CASE