Requirements: Roles and Settings

Roles and Features

The Password Safe user running the Secrets Cache must have at least one managed account Smart Rule configured with the requestor or requestor/approver role, and must also have the Secrets Safe feature assigned.

ISA Role

The Secrets Cache does not currently support ISA-based password requests; therefore, it’s important to ensure the user running the cache does not have the ISA role defined for any managed account Smart Rules.

Access Policy

Auto Approval

The managed account Smart Rule configured with the requestor or requestor/approver roles must have an access policy assigned that has View Password access set to Auto Approve.

Daily Recurrence - Multi-day Checkouts

If the access policy is configured for Daily recurrence, ensure Allow multi-day checkous of accounts is enabled.

Managed Account Settings

Enable for API Access

Ensure this option is enabled for managed accounts that will be cached.

Default Release Duration

The Default Release Duration is used to determine how long account credentials are cached before being renewed.

Concurrent Requests

If the managed accounts configured to be cached will also be used by other Password Safe users at the same time, concurrent requests should be set to zero (0 denotes unlimited) or a value greater than one. Requests performed by the Secrets Cache count as a request.

Supported Operating Systems

Windows Server 2012 R2 and above releases
RHEL 64 bit version 7 or higher

Supported APIs

POST Auth/SignAppIn
POST Auth/Signout
GET Requests
POST Requests
POST Aliases/{aliasId}/Requests
GET Credentials/{requestId}
GET Aliases/{aliasId}/Credentials/{requestId}
GET ManagedAccounts
GET ManagedAccounts?systemName={systemName}&accountName={accountName}
GET Aliases
GET Secrets-Safe/Secrets/{secretId}/file/download
GET Secrets-Safe/Secrets/{secretId}
GET Secrets-Safe/Secrets

For details on each method, please see the BeyondInsight and Password Safe API Guide.