CyberArk Connection - User Interface Components

  • Updated on Feb 27, 2026
  • Published on Jan 8, 2026
  • 11 minute(s) read
Prev Next

1.0 Introduction

This article describes the user interface (UI) features of the CyberArk (SaaS and On-premises) connection in Fortanix Key Insight.

2.0 Terminology References

For CyberArk concepts and supported features, refer to CyberArk Connection Concepts.

3.0 CyberArk Connection - Overview

Users can access the CyberArk connection Overview page after adding a CyberArk SaaS or On-premises connection. The Overview page displays the certificates discovered within the CyberArk environment based on the applied Fortanix Key Insight policy.

For more information on the Fortanix Key Insight policy, refer to Cryptographic Policy Management.

NOTE

  • If your Fortanix Armor account is deactivated and you are accessing the Fortanix Key Insight CyberArk connection, you will not be able to view data under the Overview, Assessments, or Certificates pages. You will only have access to view and delete items within the Connections, Policy Center, and Authentication pages.

  • If the count of the certificates before the scan does not match the count of the CyberArk certificates displayed on the Overview page:

    • Verify that the CyberArk platform is properly configured before running the scan.

    • After verification, initiate a re-scan using the RESCAN option on the Overview page. For more information, refer to Section 5.0: Rescan a CyberArk Connection.

Figure 1: CyberArk Overview

The Overview page helps users get a summary of the scanned certificates described in the following sections:

3.1 Discovered Assets

This section summarizes the number of assets discovered for a CyberArk connection.

It displays the count of the scanned certificates.

Click Certificates to view the certificate list.

3.2 Cryptography Bill of Materials (CBOM)

This section describes how to export cryptographic asset metadata from a CyberArk connection into a standardized CBOM JSON file. The exported CBOM file helps you to maintain a cryptographic inventory, demonstrate regulatory compliance, and evaluate post-quantum cryptography (PQC) readiness.

To export the CBOM data, click EXPORT.

A file named bom_report_<CyberArk_scan_id>.json is downloaded to your local system, where CyberArk_scan_id is the unique identifier generated for each scan.

For example,

bom_report_8b91e27a-07fa-11f1-9e96-ab028d7a272b
8.17 MB

The exported file adheres to the CycloneDX specification and includes the following components:

  • bomFormat: Specifies the format of the bill of materials. For CBOM, this value is set to CycloneDX.

  • specVersion: Indicates the version of the CycloneDX specification used.

  • version: The version of the generated CBOM file.

  • components: Lists cryptographic components such as certificates. Each entry includes details such as type, name, algorithm, associated services, and so on.

  • services: Describes the CyberArk resources that interact with the listed cryptographic components. Each service includes details such as its name and Universally Unique Identifier (UUID).

  • dependencies: Defines relationships between certificates and resources, representing how cryptographic elements are interconnected or used together.

NOTE

If your CyberArk connection was last scanned before the Fortanix Key Insight 26.01 release and has not been rescanned, you must perform a Rescan to ensure the correct CBOM.

For more information on how to perform a rescan, refer to Section 5.0: Rescan a CyberArk Connection.

3.3 Certificates by Status

This section summarizes the status of scanned CyberArk certificates, displaying the count of the following:

  • Issued certificates

  • Certificates in error

  • Revoked certificates

  • Unknown certificates

  • Expired certificates

Click any status label or count to navigate to a filtered list view of the corresponding certificates.

3.4 Certificates by Algorithm Type

This section summarizes the distribution of certificates by key algorithm type (for example, RSA 2048).

Click any key algorithm type to view a filtered list of certificates using that algorithm.

4.0 CyberArk Connection - Assessments

Users can access the Fortanix Key Insight Assessment page after adding a CyberArk (SaaS or On-premises) connection.

The Assessment page displays:

  • Key security posture details for the connection.

  • Violations that require remediation to improve the security status.

  • Remediation guidance to strengthen the overall security posture.

Figure 2: CyberArk assessment report

4.1 Risk Score

This section provides the overall risk score of the scanned certificates.

The following is the risk score category and its associated risks:

  • Critical – A critical risk score indicates the total number non-compliant certificates (key algorithm) in use.

  • High – A high score signifies the total number of non-compliant certificates by signature that need attention.

The overall risk score is prioritized based on the number of risks, in order of severity from highest to lowest:

  • Critical

  • High

  • Medium

  • Good

Click each risk label or count to access its corresponding list view.

4.2 Top Security Issues

This section provides the following information about the certificates:

  • PQC readiness: Displays the percentage of CyberArk certificates that are currently quantum-safe. This percentage represents the proportion of assets that use PQC-compliant algorithms or configurations. Click the percentage value to navigate to the PQC Central page, where you can review detailed information for the selected CyberArk connection and assess the readiness of individual certificates.

4.3 Certificate by Violation Type

This section displays the total number of non-compliant certificates categorized by specific violation types (For example, shared certificates), helping you take targeted action to address security or policy gaps.

Click the count for a specific violation type or the overall total to navigate to a filtered list view of the affected certificates.

4.4 Certificate Expiry Status

This section provides insights into certificate expiration across CyberArk environments. It organizes certificates by issuer (if available) to help you monitor and manage lifecycle risks.

Use this section to:

  • Identify certificates nearing expiration

  • Reduce operational and security risks

  • Maintain compliance and service availability

This section contains two sub-sections:

4.4.1 About to Expire in 30 Days

This section displays the top 10 certificates that are scheduled to expire within the next 30 days, grouped by certificate issuer, if any. Each issuer is represented using a distinct color for easy identification.

Click the count associated with a specific issuer or the overall total to navigate to a filtered list view displaying the corresponding certificates.

Click VIEW ALL to view the list of all certificates in the category.

4.4.2 Expired Certificates

This section displays the top 10 certificates that have already expired, grouped by certificate issuer, if any. Each issuer is represented using a distinct color for easy identification.

This data helps to identify misconfigurations, overlooked assets, or potential security risks from expired certificates.

Click the count associated with a specific issuer or the overall total to navigate to a filtered list view displaying the corresponding certificates.

Click VIEW ALL to view the list of all certificates in the category.

4.5 Download Assessment Report

Click DOWNLOAD REPORT on the top-right corner of the Assessment page to view the Data Security Assessment Report for the CyberArk connection in PDF format.

The report will open in the Print dialog box, where you can select to print it or save it locally to your machine as needed.

5.0 Rescan a CyberArk Connection

Click RESCAN on the top right corner of the Overview page to perform a rescan and verify if any certificates have been added, deleted, or updated in your CyberArk environment.

If you click RESCAN to start the scan, you can monitor the progress bar as it runs. After the scan completes successfully:

  • The Last scanned label will update with the completion date and time.

  • The Overview page will reflect the updated status of the CyberArk certificates.

NOTE

  • The RESCAN option is accessible only to users with the Account Administrator and Group Administrator roles.

  • You can also click RESCAN on the top-right corner of the Assessment page to perform the rescan. After the scan is completed, the Assessment page reflects the new state of the certificates.

6.0 CyberArk Connection - Certificates

After onboarding the CyberArk (SaaS or On-premises) connection, click Certificates in the Fortanix Key Insight left navigation panel to view the scanned certificate details. The Certificates page displays information for all certificates discovered within the CyberArk environment.

6.1 Certificates List View

The certificates list view displays all certificates in a table, along with their details.

Figure 3: CyberArk certificates list view

  • Use the Search field to filter certificates based on the available criteria and supported values.

    For example:

    • Certificate Name

    • Issuer

  • Click in the top-right corner of the table to customize which columns are displayed, beyond the default six.

  • Click EXPORT to export the scanned certificates data. For more information, refer to Section 7.0: CyberArk Connection - Scanned Data Export.

  • Click in the VIOLATIONS column to view detailed information about the associated vulnerabilities.

6.1.1 Add Certificate Details

You can assign owners to the scanned certificates to enhance certificate management, simplify tracking, and improve remediation workflows.

Perform the following steps to add the certificate(s) details:

  1. Select the check box () next to the required certificate(s) in the list.

  2. Click ADD DETAILS in the top right corner of the table.

  3. In the Add Details dialog box, enter the following details:

    • Primary owner: Enter the primary owner’s name or employee ID.

    • Email ID: Enter the primary owner’s valid email ID.

    • Click ADD SECONDARY OWNER to add the secondary owner’s details, if required.

    • Description (Optional): Enter an optional description.

    • Click ADD to add the ownership details to the selected certificate(s).

NOTE

To add ownership details, specifying a primary owner is mandatory before adding a secondary owner.

On the Certificates page, the primary and secondary owners’ names or employee IDs and email addresses will appear in the OWNERS column, and the description will appear in the USAGE DESCRIPTION column.

NOTE

Only users with Account Administrator permissions can add or edit certificate details.

6.1.2 Edit Certificate Details

You can modify the details of the selected certificate(s).

Perform the following steps to edit the certificate(s) details:

  1. Select the check box () next to the required certificate(s) in the list.

  2. Click EDIT DETAILS in the top right corner.

  3. In the Edit Details dialog box, update the required values and click UPDATE to apply the changes.

6.1.3 View Certificate Details

Click any Certificate Name in the list to view its properties and violations.

  • The CERTIFICATE DETAILS tab displays the certificate’s properties, ownership information (if provided), and domain name and Subject Alternative Name (SAN) details.

    If required, click EDIT DETAILS on the Ownership section to update the ownership details for the selected certificate.

    Figure 4: Access certificates details view

  • The VIOLATIONS tab displays violation details associated with the certificates.

    Figure 5: View certificate violations

7.0 CyberArk Connection - Scanned Data Export

This feature allows you to export the CyberArk scanned certificates data from Fortanix Key Insight in Comma-Separated Values (CSV) format. Also, it provides flexibility, enabling you to download data for detailed analysis, audits, or reporting, and to access real-time status.

Figure 6: Access data export feature

In the CyberArk Certificates list view, click EXPORT to export the scanned data using any of the available options:

  • Export current page: Use this option to export all column data from the current page in CSV format.

    NOTE

    You can download a maximum of 100 items at a time, based on the settings specified in the Items per page drop down.

  • Export all raw data: Use this option to export all scanned data shown in the certificate tables in CSV format. If you select this option, you can read the details on the Export All Raw Data dialog box and click PROCEED to export all the data.

    After the export process begins, you can track its progress. The export status will be logged with a message under the Activities tab in Fortanix Key Insight. For more information, refer to Section 7.1: View Export Activities.

  • Export selected rows: This option is disabled by default. You can select the checkbox () next to the required rows on the current page and export them in CSV format using this option.

NOTE

  • Users with the Account Administrator and Group Administrator roles can only perform the scanned data export.

  • Within a single account, multiple exports can run concurrently across different connections (cloud, on-premises, external key sources, and vendor applications).

7.1 View Export Activities

After you initiate the export process using Export All Raw Data, you can track the export status in the Activities tab located on the Fortanix Key Insight left navigation panel.

You can view the following details for each export:

  • Name of the activity. For example, Export_all_cyberark-certificates.

  • Name of the file. For example, CyberArk-Certificates.csv.

  • Activity status: This indicates the current state of the data export. This can be,

    • Completed: The data export has been successful, and the CSV file will automatically download to the location specified on your local machine.

    • In Progress: The data export is in progress, and you can cancel it using if required.

    • Cancelled: The data export has been cancelled due to switching accounts or manually cancelling it while it was in progress.

    • Failed: The data export was not completed and failed due to errors.

  • Name of the connection.

  • Export creation date and time.

Figure 7: View export details

NOTE

  • If you switch to a different account during export, the export will be cancelled and logged in the Activities tab.

  • If you navigate to a different solution (for example, Identity and Access Management), the export will continue, but no logs will appear in the Activities tab. The export status will be confirmed using a toast message.

  • If you refresh the web page during the export, the confirmation dialog box will appear. If you refresh, the export will be cancelled, and all entries in the Activities tab will be removed. Therefore, it is recommended not to refresh the page during the export.

Related articles

Platform
Fortanix Armor
Armet AI Key Insight Data Security Manager Confidential Computing Manager
Open Source Platform
Enclave Development Platform®

Solutions
Use Cases
Legacy to Cloud Infrastructure Migration Regulatory Compliance Post-Quantum Readiness Secure, Data-Driven Innovation
Industry
Healthcare Banking & Financial Services Fintech Manufacturing Federal Government

Company
About Us Partners Careers Confidential Computing University Blog FAQ Contact Us Awards Events Webinars Press News Services Media Kit Newsletters

Customers

Resources

Support
Fortanix-logo

4.6

star-ratings

As of August 2025

Request a Demo