Applications

Assign applications to managed accounts to identify the way the credential is to be used. The following reserved application names are required:

• RegistrationOperator
• WindowsUser
• RuntimeUser

An attribute type and attributes

Defines certain system behaviors. Set up an attribute named Pega to store system parameters. Use the following attributes, as needed, to customize how the system responds.

• UseCurrentUserForCredStore — Forces requests made for credentials through the Credential Store component to use the logged-in user.
• UseCurrentUserForASO — Forces requests made for credentials through the ASO Manager component to use the logged-in user.
• NoRunasUserPassword — No password is required for Runas users. You typically include this attribute when the UseCurrentUserForCredStore or UseCurrentUserForASO attributes are in use.

API keys

Required for the integration to retrieve credentials. There must be at least one API key, but the best practice is to provision multiple API keys and provide a more granular level of access control.

User groups

Required to control access to credentials. You can use existing user groups if appropriate. In BeyondTrust, access to specific credentials is granted at the user-group level.

Users

You can use Microsoft Active Directory users to authenticate ASO Manager and Credential Store requests. A user who belongs to a user group is required to retrieve credentials.

Assets

Assets are containers for managed accounts. Assets can be a computer or a container for a group of credentials for an application. The credential use case determines the proper type of container.

Managed accounts

The credential entries are stored as managed accounts.

You can use your preferred method for grouping managed accounts in BeyondTrust. For example, you can use Smart Groups or Quick Groups.