Configure Password Safe for Integration with Privileged Remote Access
The integration requires minimal setup within Password Safe and is designed to work with your existing data as it stands. The following steps are required:
- Configure the Secure Remote Access connection settings to use Password Safe as a credential source.
- Add users to the auto-created Secure Remote Access Requesters group.
- Enable managed accounts for API use.
Configure the Secure Remote Access Connection
- In the BeyondInsight Console, navigate to Configuration > Secure Remote Access > Connect to Secure Remote Access.
- Provide the Host and Port information to connect to your Privileged Remote Access instance.
- Obtain the OAuth Client ID and OAuth Client Secret for the API account you created in Privileged Remote Access, and enter these into the Client ID and API Key fields.
- Set the number of minutes for the Release Duration.
- Click Update Settings.
Upon completion of this form, BeyondInsight does the following:
- Creates an all-day auto-approve access policy called Secure Remote Access Approval Policy
- Creates an API registration called Secure Remote Access Integration
- Creates a group called Secure Remote Access Requesters that uses the Secure Remote Access Approval Policy and the Secure Remote Access Integration API registration
- Configures the ECM application with the Secure Remote Access Integration API registration
Although BeyondInsight creates a default access policy, API registration, and group to use for Secure Remote Access integration to simplify your configuration steps, you may use groups, access policies, and API registrations that you manually create, or you may modify these auto-generated ones to suit your needs.
Add Users to the Secure Remote Access Requesters Group
- In the BeyondInsight Console, under Role Based Access, click User Management.
- Locate the Secure Remote Access Requesters group and click the vertical ellipsis button for the group.
- Select View Group Details.
- Under Group Details, select Users, and then assign users to the group.
Enable Managed Accounts for API Use
By default, managed accounts are not accessible via the API. The accounts need to be configured to allow access through the integration.
- In the BeyondInsight Console, select Managed Accounts.
- Select the managed account, and then click the vertical ellipsis button.
- Select Edit Account.
- Under Account Settings, toggle the slider to API Enabled (yes).
- Click Update Account.
Admins also have the option to automate this step by adding Manage Account Settings under Actions in the Smart Rule, and setting the API Enabled option to yes.
Once Secure Remote Access is successfully configured and your managed accounts are enabled for API use within Password Safe, you can then access systems within Privileged Remote Access using credentials stored in Password Safe .