Requirements: Roles and Settings
Roles and Features
The Password Safe user running the Secrets Cache must have at least one managed account Smart Rule configured with the requestor or requestor/approver role, and must also have the Secrets Safe feature assigned.
ISA Role
The Secrets Cache does not currently support ISA-based password requests; therefore, it’s important to ensure the user running the cache does not have the ISA role defined for any managed account Smart Rules.
Access Policy
Auto Approval
The managed account Smart Rule configured with the requestor or requestor/approver roles must have an access policy assigned that has View Password access set to Auto Approve.
Daily Recurrence - Multi-day Checkouts
If the access policy is configured for Daily recurrence, ensure Allow multi-day checkous of accounts is enabled.
Managed Account Settings
Enable for API Access
Ensure this option is enabled for managed accounts that will be cached.
Default Release Duration
The Default Release Duration is used to determine how long account credentials are cached before being renewed.
Concurrent Requests
If the managed accounts configured to be cached will also be used by other Password Safe users at the same time, concurrent requests should be set to zero (0 denotes unlimited) or a value greater than one. Requests performed by the Secrets Cache count as a request.
Supported Operating Systems
- Windows Server 2012 R2 and above releases
- RHEL 64 bit version 7 or higher
Supported APIs
- POST Auth/SignAppIn
- POST Auth/Signout
- GET Requests
- POST Requests
- POST Aliases/{aliasId}/Requests
- GET Credentials/{requestId}
- GET Aliases/{aliasId}/Credentials/{requestId}
- GET ManagedAccounts
- GET ManagedAccounts?systemName={systemName}&accountName={accountName}
- GET Aliases
- GET Secrets-Safe/Secrets/{secretId}/file/download
- GET Secrets-Safe/Secrets/{secretId}
- GET Secrets-Safe/Secrets
For details on each method, please see the BeyondInsight and Password Safe API Guide.