Credentials Connections

Description

Allows you to create and share connections to third-party credential sources that tasks can access without exposing the associated values among all or specific users and/or groups.

To access the Credentials Connections settings, select Options on the Server Management Console's navigation bar, and then select SettingsServer Settings > Credentials Connections.

IMPORTANT:
  • Before creating a Credentials Connection for CyberArk®, review and complete the steps outlined in Interfacing with CyberArk on the Fortra Support Portal at https://support.fortra.com/.
  • As of version 11.6.10, the Credentials Connections feature is only compatible with CyberArk software. Additional third-party software support may be added in future versions of Automate.

Related Topics

Parameters

The following table displays the available Credentials Connections preferences:

Property Description
Name The unique name of the connection (for example, CyberArk connection).
Type Specifies the predefined connection type.
Base URL The URL to use with the connection to access the CyberArk service (for example, https://companyname.abc.com).
Port Number The port number to use with the connection to access the CyberArk service (for example, 443)
CyberArk Username The CyberArk username to use with the connection.
CyberArk Password The CyberArk password to use with the connection.
Confirm Password Confirms the password previously entered in the CyberArk Password box.
Application ID The CyberArk Application ID to use with the connection.
Application Name The name of the application in use by the CyberArk service to use with the connection. The default name is AIMWebService.
Safe Name (optional) The name of the CyberArk Safe to use with the connection.
IMPORTANT: This parameter is optional if only one CyberArk Safe is in use. If your CyberArk account uses multiple Safes, it is recommended to create a credentials connection for each Safe.
Use Certificate If selected, this parameter specifies Automate uses a certificate available on the Automate Execution Server (that is, the local machine – see Store Location for more information) to identify itself to the CyberArk service. After selecting this parameter, the Store Location, Store Name, Search Type, and Search String parameters become active. This parameter is disabled by default.
Store Location The identity certificate store location.
IMPORTANT: The Store Location parameter is preset to Local Machine as the identify certificate must be available on the Automate Execution Server for CyberArk-based connections.
Store Name The name of the certificate store to open. The store name also includes the type of certificates included. For example, the My/Personal store includes personal certificates, whereas the Disallowed store includes only revoked certificates. The available options are:
  • Address Book - The certificate store for other users.
  • Auth Root - The certificate store for third-party certificate authorities (CAs).  
  • Certificate Authority - The certificate store for intermediate certificate authorities (CAs).
  • Disallowed - The certificate store for revoked certificates.
  • My/Personal (default) - The certificate store for personal certificates.
  • Root - The certificate store for personal certificates.
  • Trusted People - The certificate store for directly trusted people and resources.
  • Trusted Publisher -  The certificate store for directly trusted publishers.
Search Type The type of search used to search for the certificate. The available options are:
  • Serial Number (default) - A number that uniquely identifies the certificate and is issued by the certification authority.
  • Subject - A Subject Alternative Name (SAN) identity certificate which allows multiple values to be associated with a security certificate. These values are the actual "Subject Alternative Names", which can be IP addresses, URIs, server names or domain names.
  • Thumbprint - A hash value computed over the complete certificate, used as an abbreviated form of the public key certificate that contains all fields, including the signature. 
Search String The search string to the identity certificate.
Connection Timeout (in seconds) The number of seconds to wait before the connection to CyberArk times out if no response is received. The default value is 30.
Comment An optional user-defined comment about the connection (for example, "CyberArk connection").
Task Builder Visibility (Access) Displays the users and/or groups that have visibility to the connection in Task Builder.

Credentials Connection management

To add a Credentials Connection

  1. On the Credentials Connection window, select New.
  2. In the Name box, enter a unique name to identify the connection (for example, CyberArk).

  3. Leave the Type list set to CyberArk. Currently, this is the only connection type available for Automate (see Note).

    NOTE: As of version 24.2.0, the Credentials Connections feature is only compatible with CyberArk software. Additional third-party software support may be added in future versions of Automate.
  4. In the Base URL box, enter the URL to use to access the CyberArk service (for example, https://companyname.abc.com).
  5. In the Port Number box, enter the port number to use to access the CyberArk service (for example, 443).
  6. In the CyberArk Username box, enter a CyberArk username.
  7. In the CyberArk Password box, enter the password that corresponds with the CyberArk Username.
  8. In the Confirm Password box, re-enter the password.
  9. In the Application ID box, enter a CyberArk Application ID (for example, CompanyName-ApplicationName).
  10. In the Application Name box, enter the name of the Application currently in use by the CyberArk service. The default and recommended name is AIMWebService.

  11. In the Safe Name box, optionally enter the name of the CyberArk Safe.

    IMPORTANT: This parameter is optional if only one CyberArk Safe is in use. If your CyberArk account uses multiple Safes, it is recommended to create a separate connection for each Safe.

  12. If the connection to CyberArk requires an identity certificate for authentication, select Use Certificate, and then configure the Store Name, Search Type, and Search String parameters based on the certificate's properties provided by your network administrator. If your connection does not require an identity certificate, skip to step 12.

    IMPORTANT: The Store Location parameter is preset to Local Machine as the identity certificate must be available on the Automate Execution Server for CyberArk-based connections.
  13. In the Connection Timeout box, enter a value from 1-300 to set the number of seconds before a connection to CyberArk times out. The default value is 30.
  14. In the Comment box, optionally enter a custom description or comment.
  15. For Task Builder Visibility, select one of the following options to determine which Automate users and/or groups have access to the connection in Task Builder:
    1. Select All Users to give all users access.
    2. Select Limited by User/Group to choose specific users and/or groups. Move the user and/or groups to the Select Group/User Name list by selecting them from the Available Group/User Name list, and then selecting Add
  16. Select OK to save changes and add the connection.

To modify an existing Credentials Connection

  1. On the Credentials Connection window, select a connection from the list, and then select Modify.
  2. Make your desired changes, and then select OK.

To remove an existing Credentials Connection

On the Credentials Connection window, select a connection from the list, and then select Remove.