Applicative CredentialsOverview This knowledge base articles provides information on applicative credentials, why they are needed, how to determine when they are necessary, how to create them, and how to use them. Table of Contents OverviewWhy are applicative credentials neededDetermine if an applicative credential is neededCreate applicative credentialsHow to use applicative credentialAre applicative credentials supported with CyberArk Why are applicative credentials needed Some applications require credentials in addition to the credentials that the host machine requires. Credentials required to access these applications are referred to as applicative credentials. You create applicative credentials per CI type, for example the CI type for ASCS is SAP ASCS Application [cmdb_ci_appl_sap_ascs]. The preconfigured pattern for discovering CIs belonging to this CI type contains commands that require a MID Server to use the applicative credential for this CI type. If there is more than one credential configured for this CI type, the MID Server tries using these credentials in the order you define until it finds the credential that fits. Please note that applicative credentials do not replace regular credentials. When accessing a target device the credential used will be the credential which aligns with the protocol being used, SSH credential for example when discovering something via SSH. Determine if an applicative credential is needed Check the Discovery requirements information in the ServiceNow documentation to determine if you need to configure applicative credentials for specific application CIs. There is no need to configure an applicative credential, if Discovery prerequisites do not mention it. In the following example we want to find out if we need an applicative credential to discover MSSQL servers. Example: Searching the docs for "MSSQL server discovery" we find the following document MSSQL server discovery In the "Prerequisites" section of the above document we find the following:From the above image we see that "Applicative Credentials" MSFT SQL Instance is needed for this pattern to collect Version count, cpu_ids, and Server properties.The document also lists that the applicative credential should be of type "MSFT SQL Instance" Create applicative credentials In the following example we create a MSFT SQL Instance as suggested by the docs page for discovering MSSQL Servers. Navigate to table discovery_credentialsClick "New"From the list of credential types, select "Applicative Credential"Populate the form fields and click "Submit" In the example above the CI Type is populated as suggested in the prerequisites to discover MS SQL Servers. How to use applicative credential After connecting to the target server, we may (if configured) “inject” applicative credentials of such CI type to specific pattern commands. Such commands will utilize internal tools that will access internal applicative information. Such tools may required a username and password which is not the same as the one used to connect to the target device. To pass the applicative credentials into the command we use the following notation: Username: $$username$$Password: $$password$$ The MSSQL sqlcmd command may take username and password as parameters. In the following example pattern step we see the sqlcmd being used in conjunction with applicative credential: With out of box patterns, the only step necessary to use applicative credentials is to create the credential. However, the following steps can be utilized when creating a custom pattern or step that requires an applicative credential: Create the applicative credentialCreate a step which runs a commandClick on "Advanced Details"Select the "CI Type"In the command to be executed use $$username$$ and $$password$$ as placeholders for the username and password. The discovery logic will automatically replace them. Are applicative credentials supported with CyberArk Review the "CyberArk credential storage integration" documentation for your version to determine if applicative credentials are supported with CyberArk. For the San Diego release they are listed as supported.