( desktop client) To add an application registration
- Log in to the Safeguard for Privileged Passwords desktop client as a Security Policy Administrator.
- Navigate to Administrative Tools | Settings | External Integration | Application to Application.
-
Click Add. The New Registration dialog displays.
- On the General tab, specify the following information:
- Name: Enter a name for the application registration.
- Description: Enter information about the application registration.
-
Certificate User: Click Browse to select a certificate user who is associate with the third-party application being registered.
A certificate user must be specified. If not specified when you initially add an application registration, click Edit on the Application to Application pane to specify the certificate user.
-
I want to configure this registration for: Select the tasks to be performed by the Application to Application service:
Depending on the check boxes selected, additional tabs are displayed.
-
If Access Request Broker is selected, the Access Request Broker tab displays a list of users for which the third-party application can create an access request on behalf of.
- Click to add a user or user group to the list.
-
Click Edit Restrictions to specify IP address restrictions for all of the users and user groups in the list.
A restriction is a list of IP addresses or range of IP addresses that are allowed to call the Application to Application service to perform this task. That is, if a restriction is added to a Credential Retrieval or Access Request Broker task, the service will only allow requests that initiate from the IP addresses specified in the restriction list.
The IP address notation can be:
- An IPv4 or IPv6 address (for example, 10.5.32.4)
- An address range in CIDR notation (for example, 10.5.0.0/16)
- Click to remove the selected user from the list.
-
If Credential Retrieval is selected, the Credential Retrieval tab displays a list for which the third-party can retrieve credentials from Safeguard for Privileged Passwords without going through the normal workflow process.
- Click to add an account to the list.
-
Click Restrictions in the Restrictions column to specify IP address restrictions for the selected account.
A restriction is a list of IP addresses or range of IP addresses that are allowed to call the Application to Application service to perform this task. That is, if a restriction is added to a Credential Retrieval or Access Request Broker task, the service will only allow requests that initiate from the IP addresses specified in the restriction list.
The IP address notation can be:
- An IPv4 or IPv6 address (for example, 10.5.32.4)
- An address range in CIDR notation (for example, 10.5.0.0/16)
- Click to remove the selected account from the list.
- Click Create Registration.
Once an application registration is added to Safeguard for Privileged Passwords, the third-party application can authenticate with Safeguard for Privileged Passwords using the API key that was generated and the certificate that was associated with the registration. To make a request, you must retrieve the relevant API key for the application using an authorized account (that is, using bearer token authentication) and install the correct certificate on the host that will make the request. For more information, see Making a request using the Application to Application service.