Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
Free Trial

Alteryx Server Ideas

Share your Server product ideas - we're listening!
Submitting an Idea?

Be sure to review our Idea Submission Guidelines for more information!

Submission Guidelines

Integration with Enterprise Password Vault

As large enterprises continually strengthen security around their system and data assets, we're seeing adoption of products like CyberArk's Enterprise Password Vault (https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ )

 

The system is essentially a central repository that secures and automatically rotates passwords for privileged accounts- things like a functional account you would use to run workflows against a certain database or set of systems.

 

It would be great if Alteryx could build both Server (Run As Account) and Designer (for individual database connections) integrations with a tool like that.

26 Comments
KMC246
5 - Atom

As we advance with Alteryx Server in our environment we are finding that it would be very useful to have a feature which allows integration with CyberArk for automatic retrieval of passwords for privileged accounts.  The current process of needing to do so manually is proving somewhat cumbersome. I hope that Alteryx will have this on the road map in the near future.

sjd123
5 - Atom

This is causing us many useless hours of republishing because Alteryx has not provided a solution.  It appears from this thread that it's been on your radar for almost 3 years.  What do we as a User Community need to do to get this prioritized?

goodej
6 - Meteoroid

Agree with previous comments regarding inefficiencies with updating credentials (in odbc manager, in alteryx connection manager, in file connections, etc) any time a password needs to be updated. 

 

While support for common credential management platforms should be considered, one option I see is a modification to the data input tools to allow a passed connection string.  In this manner, a call to the proprietary credential manager can be made and then the credentials are passed to the input tools. This would allow the input tools to become dynamic without requiring any workflow changes (supporting workflow transition between development environments (dev > QA > Prod)).  If the password needs to be updated it gets modified in one place - the key vault;  Any dependent workflows will simply get the updated credentials on the next workflow execution without any changes needed.

sjd123
5 - Atom

Hello Alteryx,

Same issue! Countless hours spent republishing workflow with new passwords as they expire every 2 months.  PLEASE add this to a release soon, it's causing an inordinate amount of pain.

sjd123
5 - Atom

Adding a new comment here just to reiterate that a HUGE amount manpower goes into republishing Workflows with user-passwords each time (every 60 days) they expire.  If integration with CyberArk existed, we could securely manage Service-Type accounts to execute the workflows and never have a need to re-publish.  PLEASE, help us save money and productivity

danielbrun2
ACE Emeritus
ACE Emeritus
KNguyen
7 - Meteor

Curious, any progress on this idea? This would be an excellent benefit if there are opportunities to connect to an enterprise vault like Cyberark. 

DataInvestigator007
6 - Meteoroid

Has there been any progress on this Idea?  With the recent increase in focus on security, this has become a priority for large companies.  It would be good to implement integration with CyberArk to start with.  At least it may cover 80% of the user server user base.  If not, I would recommend conducting a poll on the quarterly server alteryx group to get instant feedback on types of EPV's used among existing customers. 

sjd123
5 - Atom

WHOLEHEARTEDLY AGREE WITH DataInvestigator007

If Alteryx wants to be a viable product embraced by Security professionals in Enterprise Deployments, this is a MUST-HAVE, not a nice-to-have.

jkilby1991
5 - Atom

Any update on this? Not sure why it has not been added. It's been 5 years on the radar and with the move towards securing things a lot of companies have migrated to utilizing CyberArk as an Enterprise Password Vault.

 

Daniel's suggestion would work to retrieve credentials to connect to APIs or pass them to a different tool, but not change the "Run-As" portion of a scheduled workflow.