Integration with Password Safe
Integrate with Password Safe, by adding the following items to your BeyondTrust implementation:
- Assign applications to managed accounts to identify the way the credential is to
be used. The following reserved application names are required:
- An attribute type and attributes
- Defines certain system behaviors. Set up an attribute named Pega to store system
parameters. Use the following attributes, as needed, to customize how the system
- UseCurrentUserForCredStore — Forces requests made for credentials through the Credential Store component to use the logged-in user.
- UseCurrentUserForASO — Forces requests made for credentials through the ASO Manager component to use the logged-in user.
- NoRunasUserPassword — No password is required for Runas users. You typically include this attribute when the UseCurrentUserForCredStore or UseCurrentUserForASO attributes are in use.
- API keys
- Required for the integration to retrieve credentials. There must be at least one API key, but the best practice is to provision multiple API keys and provide a more granular level of access control.
- User groups
- Required to control access to credentials. You can use existing user groups if appropriate. In BeyondTrust, access to specific credentials is granted at the user-group level.
- You can use Microsoft Active Directory users to authenticate ASO Manager and Credential Store requests. A user who belongs to a user group is required to retrieve credentials.
- Assets are containers for managed accounts. Assets can be a computer or a container for a group of credentials for an application. The credential use case determines the proper type of container.
- Managed accounts
- The credential entries are stored as managed accounts.
You can use your preferred method for grouping managed accounts in BeyondTrust. For example, you can use Smart Groups or Quick Groups.
Previous topic Understanding how Robot Runtime retrieves credentials from BeyondTrust Next topic Integration with Pega Access (Optional)