Create CPM plugins for Web applications

This topic describes how to create CPM plugins for web applications.


The prerequisites for testing and running CPM plugins for web applications on the development or CPM server are:

  • A supported browser must be installed. For more information, see Supported browsers below.
  • The latest browser driver must be installed for all browsers that you use. For more information, see Supported browsers below.
  • The latest versions of Credentials Management .NET SDK and Web Application CPM Plugin Framework must be placed in the folder where the plugin will run (for CPM it is the bin folder).

  • CPM plugins require .NET Framework 4.8. If you are using an older version of the CPM, .NET Framework 4.8 must be installed on the CPM machine as well.

Supported browsers


CyberArk may choose not to provide maintenance and support services for Web applications for CPM with relation to any of the platforms and systems listed below which have reached their formal End-of-Life date, as published by their respective vendors from time to time. For more details, contact your CyberArk support representative.

The following browsers are supported:


Download info

Google Chrome (32-bit), version 100 or later

Click here to download this version

Microsoft Edge (32-bit), version 103 or later

Click here to download this version

To prevent incompatibility issues with the CPM Webapp infrastructure, with every new browser version update, make sure to also update the browser's driver with the same version. For example, when updating the Chrome browser to version 104, the Chrome driver on the server must also be updated to version 104.

Download and install the latest driver:

  • For Google Chrome, use this link to download the latest stable 32-bit (x86) driver.

  • For Microsoft Edge, use this link to download the latest stable 32-bit (x86) driver.

Copy the relevant downloaded exe file, Chromedriver.exe or msedgedriver.exe to the CPMbin folder.


You can configure platforms for Web applications based on a default generic platform that is available in the Marketplace.

Create a user profile or user to run a browser

Depending on the type of environment that you have, hardened or non-hardened, to run a browser you must either create a user profile for the PluginManagerUser account or create a new local user.

Perform one of the following procedures according to the environment that you have.

To determine if the CPM environment is hardened or not, search for the specific users such as PasswordManagerUser that are created only in hardened environments. For more information on these users, see Creates Local Windows Service users and configures permissions.

Test the plugin

Before integrating the plugin into a PAM - Self-Hosted environment for an end-to-end test, you can invoke the new plugin manually for faster and easier testing.

Before you begin testing, review the Prerequisites.

Parameter File

To simulate the parameters given to the plugin by CPM, create a user.ini file in the format described below.


A sample user.ini file is provided with the sample project provided with Credentials Management .NET SDK


The parameters user.ini file is built out of sections, each defining a set of account or platform properties.

The supported sections are:

Section Description Account Type
  Target account properties TargetAccount
[extrainfo] Target account platform properties TargetAccount.ExtraInfoProp
[extrapass1] Logon account properties LogOnAccount


Extra account properties


[extrapass3] Reconcile account properties ReconcileAccount
[masterpass] Master account properties (for dependency plugins). MasterAccount

In each section, specify the required parameters.


To run the plugin with passwords
  1. Set the ManagementType policy parameter to password.

    For the Target account, this can be done in the account or the platform properties. For other accounts, currently only passwords are supported.

  2. Specify the following parameters at the Target account section (top of the ini file):

    Current password: password
    New password: newpassword


username=<Target Account Username>
newpassword=<Target Account New Password>
password=<Target Account Password>
username=<Logon Account Username>
password=<Logon Account Password>
username=<Reconcile Account Username>
password=<Reconcile Account Password>



The log file created by the infrastructure will contain the following properties: safename, foldername, objectname and PolicyID. For this reason, they are all mandatory parameters when running the plugin manually.

Web Form Fields

Specify the information listed below in WebFormFields. Add the fields in a list of rows, using the following format: