Prerequisites for deploying the Windows Cloud Agent
The Windows Cloud Agent supports AD, Hybrid Azure AD, and CyberArk Cloud Directory users on both domain-joined and non domain-joined Windows machines (workstations and servers). AD users on machines that are not domain joined essentially function as cloud users; they are not bound to AD infrastructure. CyberArk Identity facilitates their log in through AD credentials; however, remember that features that are specific to AD-joined machines (IWA, Kerberos) are not available.
Ensure the following prerequisites are met before deploying the Windows Cloud Agent.
|
Prerequisite |
Description |
|---|---|
|
Allow communication on outbound ports |
The Windows Cloud Agent does not listen on any incoming ports. It only requires an outbound connection - either direct or through a proxy - and connects to |
|
You must install the Windows Cloud Agent on a supported version of Windows. |
CyberArk supports the Windows Cloud Agent on Windows 10, 11, Server 2012 R2, Server 2016, Server 2019 and Server 2022. Desktop Experience is required for Windows servers. |
|
AD users on domain-joined machines must have a connection to the domain controller for their first login to the machine. |
This prerequisite is typical of AD-based Windows environments, and is not specific to the Windows Cloud Agent. Some VPN clients can be configured to make the VPN available on the login screen. For example: |
|
The CyberArk Identity Connector must be installed and running on a domain server in order to support AD users. |
Refer to Install the CyberArk Identity Connector for more information. |
|
Users subject to an authentication policy must have sufficient authentication mechanisms configured in their account. |
Refer to Manage adaptive MFA for more information. |
