Deploy the CyberArk Identity Connector

This section describes how to deploy and manage the CyberArk Identity Connector.

The CyberArk Identity Connector is a multipurpose service that provides support for key features and enables secure communication between other services on your internal network or a cloud instance. Not all services require a connector, however. For example, if all users are CyberArk Cloud Directory user accounts, the connector isn’t required.

You must have at least one connector for the following use cases.

Use case Description

Use Active Directory or LDAP as a directory service

To integrate your Active Directory service with CyberArk Identity, you need to install at least one CyberArk Identity Connector on your network inside the firewall. The CyberArk Identity Connector adds AD as a directory service by facilitating secure communication between CyberArk Identity and your AD domain. The CyberArk Identity Connector runs on domain-joined Windows server and monitors AD for changes to objects such as Users and Groups, syncing changes to CyberArk Identity every 10 minutes by default. It also monitors Active Directory for group policy changes, which it sends to CyberArk Identity to update enrolled devices.

Manage application access with the Application Gateway

With App Gateway, you can configure on-premise applications for off-site access without requiring a VPN connection.

Refer to App Gateway for more information.

Enforce MFA on VPN clients that support RADIUS

Configure the connector as a RADIUS server to enforce MFA on RADIUS clients.

Refer to MFA for VPNs and VDIs for more information.

In this section: