How to configure Safeguard A2A and credential requests? (4330826)

Tchater maintenant avec le support

Obtenir une aide instantanée
Terminer l’enregistrement

Se connecter

Demander les tarifs

Contacter le service des ventes

Retour

Commentaire envoyé

Cet article vous a-t-il à résoudre un problème ?

Sélectionner une évaluation

Titre

How to configure Safeguard A2A and credential requests?
Description

Steps required to configure Safeguard A2A and credential requests.
Cause
Safeguard 2.2 includes a new API and functionality for security interactions between applications, Application to Application (A2A).
The intention is for customers to be able to configure programmatic users to perform one of two functions:
1. Create access requests on behalf of other users.
2. Obtain passwords for managed accounts in Safeguard without having to go through Access Request Workflow.
Résolution
The following are the steps required to configure Safeguard A2A.

Prerequisites
- Program or Script to access the Safeguard A2A API.
  Customers are strongly encouraged to use the Powershell Safeguard-ps library available here.
- Certificate or PKI.
  To create a programmatic user, a certificate is required. This KB article creates a certificate using OpenSSL.
Steps

1. Certificate Creation

Create a certificate

openssl req -newkey rsa:2048 -nodes -keyout mykey.key -x509 -days 365 -out mycrt.crt

Take note of the certificate thumbprint

openssl x509 -noout -fingerprint < mycrt.crt

Convert to pfx (Windows only, as this guide uses PowerShell libraries)

openssl pkcs12 -out combined.pfx -in mycrt.crt -inkey mykey.key -export

2. Safeguard Configuration

Add certificate to Trusted Certificates in Safeguard

Admin Tools | Settings | Certificates | Trusted Certificates

Create a certificate user

Admin Tools | Users

*Use the thumbprint of the certificate you created earlier.

Enable A2A via the API

Navigate to https://[appliance]/service/appliance/swagger

Authorize with Operations Admin.

Expand 'A2A' API endpoint.

Expand POST /v2/A2AService/Enable

Click 'Try it out!' (response code should be 200)

*This enables a new API, http://[appliance]/service/a2a/swagger

Create Registration
   Admin Tools | Settings | External Integration | Application to Application
   Click '+'
   Select name and enable Credential Retrieval
   Select accounts the Registration can manage

Copy the API key for the account whose password is to be requested

Admin Tools | Settings | External Integration | Application to Application
   Select registration
   Click key icon
   Copy API key
To request for a credential using the PS Credential Request cmdlet, do the following:

Get Credential: Get-SafeguardA2aPassword –Appliance [ip] –Insecure –CertificateFile [filepath to pfx] –ApiKey [key string]

Commentaire envoyé

Cet article vous a-t-il à résoudre un problème ?

Sélectionner une évaluation

Demander un article de la base de connaissances

Contenu recommandé

Produit(s) :: One Identity Safeguard for Privileged Passwords
6.13.1, 6.13, 6.12.1, 6.12, 6.11.1, 6.11, 6.10.1, 6.10, 6.9.x, 6.8, 6.7.3, 6.7.2, 6.7.1, 6.7, 6.6, 2.11.2, 2.11.1, 2.11, 2.10, 2.7, 2.6, 2.5.1, 2.5, 2.4, 2.3, 2.2

Sujet(s) :: How To, Configuration

Historique de l’article :: Créé le : 5/22/2018
Dernière mise à jour le : 5/7/2023

Rechercher tous les articles

Veuillez sélectionner votre produit

Afin de mieux répondre à vos besoins, précisez l'objet du tchat:

Solutions recommandées pour votre problème

How to configure Safeguard A2A and credential requests? (4330826)

Titre

Description

Cause

Résolution

Leave a Comment