This documentation supports the 20.02 (12.0) version of BMC Discovery.To view an earlier version of the product, select the version from the Product version menu.

Integrating with Centrify Identity Platform

Centrify Identity Platform is application software that helps you to store and manage credentials securely, according to policies that your organization might require.

You can configure the integration with Centrify Identity Platform using the vault management page in BMC Discovery.

Related topics

Integrating-with-credential-brokers

Credentials

Adding-credentials

Managing-the-credential-vault

Before you begin

Tip

Credential broker performance testing

Credential brokers are designed with human interaction in mind. When BMC Discovery is scanning, it can make many simultaneous API calls. Before putting an integration with any supported credential broker into production, you should perform scale and performance testing in your IT environment.

To integrate with Centrify Identity Platform


For the BMC Discovery appliance to be able to access Centrify Identity Platform, you must also perform the integration from the appliance. For a registered BMC Discovery Outpost to be able to access Centrify Identity Platform, you must also perform the integration from the BMC Discovery Outpost.

  1. To integrate the BMC Discovery appliance with Centrify Identity Platform:

    1. From the main menu of the appliance UI, click the Administration icon.
      The Administration page opens. 
    2. In the Discovery section, click Vault Management.
    1. Select the Centrify Identity Platform tab.
      CentrifyApplianceWorking.png

    To integrate the BMC Discovery Outpost with Centrify Identity Platform:

    1. From the main menu in the BMC Discovery Outpost, click Manage > Vault Providers.
      The Manage Vault page opens. 
    2. Select the Centrify Identity Platform tab.
      CentrifyWorking.png

  2. Enter the settings appropriate to your Centrify Identity Platform on the page

    Parameter

    Description

    Status

    A read-only display showing the status of the integration with Centrify Identity Platform. This can be one of: WORKING, DISABLED, or messages such as TEST OK, TEST ERROR, or ERROR and an explanatory message.

    Enabled

    Select the check box to enable the integration with Centrify Identity Platform.

    URL

    The URL of Centrify Identity Platform. Only HTTPS URLs are permitted. This field is mandatory.

    You should ask your Centrify Identity Platform administrator for the URL, tenant ID, user name, and password to access Centrify Identity Platform.

    Tenant ID

    The Tenant ID for Centrify Identity Platform. This field is mandatory.

    User Name

    A user name for Centrify Identity Platform. The user name is of the form, name@domain. This field is mandatory.

    Set Password

    Field in which you can enter the password. To make the field editable, select the check box and set the password. The password is not displayed.

    Checkout Duration
    (in minutes)

    The time (in minutes) for which the password is guaranteed to remain valid. The default is 15 minutes and the minimum is one minute.

    Timeout (in seconds)

    The timeout (in seconds) for requests to the provider. The default is 300 seconds and the minimum 5 seconds.

    SSL Certificate Check

    Select to enable an SSL certificate check against the server. The result is reported in the Status message.

  3. and click Test to test the connection. The configuration is not saved until you click the Apply button.
  4. Click Apply to save and apply the configuration.

The integration between 

BMC Discovery

 and Centrify Identity Platform is complete. For information on using credentials from Centrify Identity Platform to access discovery targets, see Adding-credentials.

How credentials are stored in Centrify Identity Platform

You add credentials according to the Centrify Identity Platform documentation. Credentials are organized under the following headings, that are shown with the corresponding BMC Discovery Add Credential field name in the following table:

Centrify
Identity Platform parameter

BMC Discovery Add Credential field name

Meaning in BMC Discovery

System

Centrify System

The name of the system for which the credential has been configured in Centrify Identity Platform. This should be considered as the credential name in BMC Discovery. It has no effect on the target that BMC Discovery will scan, it simply locates the credential in Centrify Identity Platform.

Account

Centrify Account

The user name with which to access the discovery target. The integration retrieves the corresponding password from Centrify Identity Platform.

There might be more than one account for each system. For example, an account called discovery and one called root or admin for discovering targets using elevated permissions.

To use a credential from Centrify Identity Platform in BMC Discovery

In this example there is a server called "server74". The following details are configured in Centrify Identity Platform:

  • System — server74
    • Account — discovery. A UNIX account called discovery and its corresponding password
    • Account — root. A UNIX root account for the server and its corresponding password

For the discovery account, you specify the credential using server74 for the system and discovery for the user.

For the root account, you specify the credential using server74 for the system and root for the user.

The following screenshot shows adding the credential for server74:

CentrifyAddCredential.png

For information on integrating BMC Discovery with Centrify Identity Platform, see the following video (03:06):

icon-play.png https://youtu.be/elcibuDagjc