Integrating with Centrify Identity Platform




Centrify Identity Platform is application software that helps you to store and manage credentials securely, according to policies that your organization might require.

You can configure the integration with Centrify Identity Platform using the vault providers page in the BMC Discovery Outpost.

Before you begin

Tip

Credential broker performance testing

Credential brokers are designed with human interaction in mind. When BMC Helix Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.

To integrate with Centrify Identity Platform

  1. From the main menu in the BMC Discovery Outpost, click Manage > Vault Providers. The Manage Vault page opens. 

  2. Select the Centrify Identity Platform tab.

  3. Enter the settings appropriate to your Centrify Identity Platform on the page:

    Parameter

    Description

    Status

    A read-only display showing the status of the integration with Centrify Identity Platform. This can be one of: WORKING, DISABLED, or messages such as TEST OK, TEST ERROR, or ERROR and an explanatory message.

    Enabled

    Select the check box to enable the integration with Centrify Identity Platform.

    URL

    The URL of Centrify Identity Platform. Only HTTPS URLs are permitted. This field is mandatory.

    You should ask your Centrify Identity Platform administrator for the URL, tenant ID, user name, and password to access Centrify Identity Platform.

    Tenant ID

    The Tenant ID for Centrify Identity Platform. This field is mandatory.

    User Name

    A user name for Centrify Identity Platform. The user name is of the form, name@domain. This field is mandatory.

    Set Password

    Field in which you can enter the password. To make the field editable, select the check box and set the password. The password is not displayed.

    Checkout Duration
    (in minutes)

    The time (in minutes) for which the password is guaranteed to remain valid. The default is 15 minutes and the minimum is one minute.

    Timeout (in seconds)

    The timeout (in seconds) for requests to the provider. The default is 300 seconds and the minimum 5 seconds.

    SSL Certificate Check

    Select to enable an SSL certificate check against the server. The result is reported in the Status message.

  4. Click Test to test the connection. The configuration is not saved until you click the Apply button.
  5. Click Apply to save and apply the configuration.

The integration between BMC Helix Discovery and Centrify Identity Platform is complete. For information on using credentials from Centrify Identity Platform to access discovery targets, see Adding credentials.

How credentials are stored in Centrify Identity Platform

You add credentials according to the  Centrify Identity Platform documentation . Credentials are organized under the following headings, that are shown with the corresponding BMC Helix Discovery Add Credential field name in the following table:

Centrify
Identity Platform parameter

BMC Helix Discovery Add Credential field name

Meaning in BMC Helix Discovery

System

Centrify System

The name of the system for which the credential has been configured in Centrify Identity Platform. This should be considered as the credential name in BMC Helix Discovery. It has no effect on the target that BMC Helix Discovery will scan, it simply locates the credential in Centrify Identity Platform.

Account

Centrify Account

The user name with which to access the discovery target. The integration retrieves the corresponding password from Centrify Identity Platform.

There might be more than one account for each system. For example, an account called discovery and one called root or admin for discovering targets using elevated permissions.

To use a credential from Centrify Identity Platform in BMC Helix Discovery

In this example there is a server called "server74". The following details are configured in Centrify Identity Platform:

  • System — server74
    • Account — discovery. A UNIX account called discovery and its corresponding password
    • Account — root. A UNIX root account for the server and its corresponding password

For the discovery account, you specify the credential using server74 for the system and discovery for the user.

For the root account, you specify the credential using server74 for the system and root for the user.

The following screenshot shows adding the credential for server74:



Was this page helpful? Yes No Submitting... Thank you

Comments