Create a New Application Platform
Custom application platforms leverage the custom platform functionality, with the added capability of providing an intermediary target (application host) for the custom platform using a script-based approach to managing accounts on application servers specific or customized to your environment.
Custom application platforms only support SSH; Telnet is not supported.
Prior to creating a new application platform, you must configure a managed system to be an application host by enabling the Allow Managed System to be an Application Host setting in its properties. The application host is the managed system where the scripts for the application are run.
Once a managed system is configured as an application host, other managed systems can be configured to use it, as indicated by the Associated Managed Systems indicator. You cannot disable the Allow Managed System to be an Application Host setting if other managed systems are currently configured to use this application host.
To create the new application platform, follow the following steps:
- In the BeyondInsight console, go to Configuration > Privileged Access Management > Custom Platforms.
- In the Custom Platforms pane, click Create New Custom Platform, and then select Create New Application Platform.
- Configure the settings on the Options, Steps, and Check/Change Password tabs as detailed in the following sections.
Configure the Options Tab
- Platform Name: Enter a name for the custom platform. The given name appears in the Platform lists throughout BeyondInsight and Password Safe and must be unique. Platform names cannot be changed after they have been created.
- Platform ID and Platform Type are assigned by the system and cannot be entered or edited.
- Active: Check this option to make the platform active in BeyondInsight and Password Safe.
- Enable Login Account: Check this option to display the Use Login Account for SSH Sessions option under the Credentials section in the settings for a managed system. Use this feature when an account other than the functional account is used to log in to the managed system.
- Enable Account Name Format: Check this option to display the Account Name Format dropdown under the Credentials section in the settings for a managed system.
- Enable Account Elevation: Check this option if you want to select an Elevation Command.
- Elevation Command: Select an elevation command from the list to enable the option to elevate the functional account permissions on a managed system. The following elevation command types are supported:
- pbrun jumphost
Configure the StepsTab
The Steps tab is configured in the same way as it is for all custom platforms. However, for application platforms there are 6 additional fields available for Expect statements, as follows:
- App Host Functional Account Keypass
- App Host Functional Account Key
- App Host Functional Account Name
- App Host Functional Account Password
Configure the Check/Change Password Tab
The Check/Change Password tab is configured in the same way as it is for all custom platforms; however, you must also select an Application Host.
Once your custom application platform has been created, you can configure a managed system to use it by selecting it from the Platform dropdown. Also select the Application Host for this manged system. When Password Safe rotates or checks a password for an account that exists on this managed system, it connects to the application host and then runs the steps as defined on the Steps tab for this custom application platform instance.