Integrating with Centrify Identity Platform
Centrify Identity Platform is application software that helps you to store and manage credentials securely, according to policies that your organization might require.
You can configure the integration with Centrify Identity Platform using the vault providers page in the BMC Discovery Outpost.
Before you begin
Credential broker performance testing
Credential brokers are designed with human interaction in mind. When BMC Helix Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.
To integrate with Centrify Identity Platform
From the main menu in the BMC Discovery Outpost, click Manage > Vault Providers. The Manage Vault page opens.
Select the Centrify Identity Platform tab.
Enter the settings appropriate to your Centrify Identity Platform on the page:
A read-only display showing the status of the integration with Centrify Identity Platform. This can be one of: WORKING, DISABLED, or messages such as TEST OK, TEST ERROR, or ERROR and an explanatory message.
Select the check box to enable the integration with Centrify Identity Platform.
The URL of Centrify Identity Platform. Only HTTPS URLs are permitted. This field is mandatory.
You should ask your Centrify Identity Platform administrator for the URL, tenant ID, user name, and password to access Centrify Identity Platform.
The Tenant ID for Centrify Identity Platform. This field is mandatory.
A user name for Centrify Identity Platform. The user name is of the form,
name@domain. This field is mandatory.
Field in which you can enter the password. To make the field editable, select the check box and set the password. The password is not displayed.
The time (in minutes) for which the password is guaranteed to remain valid. The default is 15 minutes and the minimum is one minute.
Timeout (in seconds)
The timeout (in seconds) for requests to the provider. The default is 300 seconds and the minimum 5 seconds.
SSL Certificate Check
Select to enable an SSL certificate check against the server. The result is reported in the Status message.
- Click Test to test the connection. The configuration is not saved until you click the Apply button.
- Click Apply to save and apply the configuration.
The integration between BMC Helix Discovery and Centrify Identity Platform is complete. For information on using credentials from Centrify Identity Platform to access discovery targets, see Adding credentials.
How credentials are stored in Centrify Identity Platform
You add credentials according to the . Credentials are organized under the following headings, that are shown with the corresponding BMC Helix Discovery Add Credential field name in the following table:
BMC Helix Discovery Add Credential field name
Meaning in BMC Helix Discovery
The name of the system for which the credential has been configured in Centrify Identity Platform. This should be considered as the credential name in BMC Helix Discovery. It has no effect on the target that BMC Helix Discovery will scan, it simply locates the credential in Centrify Identity Platform.
The user name with which to access the discovery target. The integration retrieves the corresponding password from Centrify Identity Platform.
There might be more than one account for each system. For example, an account called
To use a credential from Centrify Identity Platform in BMC Helix Discovery
In this example there is a server called "server74". The following details are configured in Centrify Identity Platform:
- System — server74
- Account — discovery. A UNIX account called discovery and its corresponding password
- Account — root. A UNIX root account for the server and its corresponding password
For the discovery account, you specify the credential using server74 for the system and discovery for the user.
For the root account, you specify the credential using server74 for the system and root for the user.
The following screenshot shows adding the credential for server74: