Password Safe VBO Integration with Blue Prism

This guide covers how to install and use the BeyondTrust Password Safe VBO integration for Blue Prism.

Follow the steps below to import and configure the release.

Import VBO integration for Blue Prism.

  1. Right-click Package Overview and click Import Release.

 

Select input file to import the release.

  1. Navigate to the location of the .bprelease file and follow the steps.

 

Locate the credential object in which to store the API key.

  1. Once imported, there is a Credential object for BeyondTrust Password Safe, inside which you store the API Key for the Blue Prism application.

 

Locate the web API services.

  1. There are two generic Web API Services, one for BeyondTrust Password Safe and one for BeyondTrust DevOps Secrets Safe.

 

Lcoate the VBOs, under Studio.

  1. There are also two VBOs, one for each product, under Studio.

 

A sample process for the Blue Prism tutorial illustrates using the VBO.

  1. A sample process, the Centrix Data Solutions example from the Blue Prism tutorial, and an associated VBO, are included to demonstrate how to use the VBOs for both products.

 

Flowchart displaying the VBOs.

  1. The process includes two VBOs: one for BeyondTrust Password Safe and one for BeyondTrust DevOps Secrets Safe.

 

Review and set Password Safe VBO inputs.

  1. Review and set the Password Safe VBO Inputs.
    • ApiKey: This is generated in the BeyondTrust web console BeyondInsight, and associated to an API Registration.
    • RunAs: Service account for the Blue Prism application in Password Safe.
    • PasswordSafeServerName: DNS-resolvable server name for Password Safe. The IP address can also be used.
    • SystemName: System name that represents Blue Prism in BeyondInsight.
    • AccountName: Blue Prism account managed by Password Safe.
    • Duration: Duration for the check-out release request, in minutes.
    • Reason: Added to check-out event in logs.

 

View the API registration key.

  1. In BeyondInsight, go to Configuration > API Registrations to view the API registration key.

 

Grant permission to all assets for the Blue Prism group.

  1. In BeyondInsight, go to Configuration > User Management and grant permission to All Assets for the Blue Prism group.

 

Grant permission to all managed accounts for the Blue Prism group.

  1. Also grant permission to All Managed Accounts for the Blue Prism group.

 

The service account (user) and API registration must also be configured in the Blue Prism application.

Configure the managed account that contains the password for API access.

  1. The managed account that contains the password must be configured for API access.

 

Import a server certificate to allow an HTTPS connection.

  1. In Blue Prism, import a server certificate that matches the server name to the local computer certificate store. This allows the connection over HTTPS.

 

Import the trusted root certificate authority.

  1. Import the trusted root certificate authority.

 

Configure the outputs.

  1. Go to the Outputs tab.
  2. Store the password as a Password Data Type item.
  3. Store the status codes as Text Data Type items.

 

HTTP errors are returned if an error is encountered:

For authentication:

  • 200 is successful.
  • 400 is invalid request.
  • 401 is failed to authenticate.
  • 403 means that the system is sealed and must be unsealed.

For check-out:

  • 200 is successful.
  • 401 means that the user is not authorized.
  • 403 means that the system is sealed.
  • 404 means that the secret or scope is not found.