Forum Discussion

schatte1's avatar
schatte1
Icon for Contributor II rankContributor II
2 months ago

CyberArk credential provider and CacheRefreshInterval timing issues with SL1 polling frequency

Rotation of password by Cyberark and the timespan defined with "CacheRefreshInterval" is causing issues with the polling interval of SL1 DAs.

With CyberArk, the SL1 can source credential data from CyberARK. Respecting security policies, Cybersecurity recommends changing of password to the SL1 IDs. CyberARK can only specify a time frame during which the passwords can be changed. Within the collectors on the Cyberark agent setup CacheRefreshInterval is set up with 1500 secs (25 mins) to refresh the local cache with the Cyberark every 25 mins.

As Cyberark can change the password at any minute or secs of time, SL1 still waits for CacheRefreshInterval to refresh the password. As polling frequencies are default set with 5 minutes(with password change happening at the 4th minute), often SL1 still reaches the server with old password and cause account lockouts.


Is there a known way to tackle this issue?