How to integrate Beyond Trust with UiPath Orchestrator as credential store
This is a step by step guide for the integration of Beyond Trust with UiPath Orchestrator as a credential store.
Beyond Trust Side
- Log in to Beyond Trust and Navigate to Configuration -> API Registrations(under "General").
- Click on "Create API Registration" and provide details. API Registration is a key feature used to facilitate integration between BeyondTrust systems and external applications.
- Create an Authentication Rule to allow incoming connection to API from UiPath.
- Create a new Group for UiPath Service Account(s) from Configuration -> User Management -> Groups and add these Features:
- Smart Rules need to be assigned. Managed Accounts/Read-Only/Requester will be sufficient for regular User Requests. For ISA access, Assets/ISA role is needed:
- Add the API Registration to the Group:
- Create a new User and assign the UiPath Group:
For Managed Accounts
- The Managed Accounts should be created under Managed Systems. First, create a managed system and then create a managed account under it.
- Mark the "API Enabled" flag for the managed accounts.
For Team Passwords
The Team Passwords should be created on their own page.
- Select a Folder (optionally create a new Folder)
- Use the Create New Credential
On the Orchestrator side
- Create a new credential store at the tenant level with the respective details from Beyond Trust. Name, Beyond Trust URL, API registration key, API run as username, System-Account delimiter and Managed Account types are mandatory fields.
- Type - Select “BeyondTrust Password Safe - Managed Accounts” or “BeyondTrust Password Safe - Team Passwords”
Common Settings
|
Parameter |
Description |
Example |
|---|---|---|
|
Name |
(Required) Credential Store name. |
MyBeyondTrust |
|
BeyondTrust Host URL |
(Required) The URL of your secret server instance. |
https://****.com/ |
|
API Registration Key |
(Required) The API Registration’s Key value from Beyond Trust |
|
|
API Run As Username |
(Required) The BeyondTrust user’s username under which you want to execute the calls. |
uipath |
Managed Accounts Specific Settings
|
Parameter |
Description |
Example |
|---|---|---|
|
Default Managed System Name |
(Optional) A fallback Managed System to be used in case no other Managed System has been provided in the Orchestrator Asset. |
MyDefaultSystemName |
|
System-Account Delimiter |
(Required) The delimiter is used to split the Managed System name from the Managed Account name in the Orchestrator Asset. |
/ |
|
Managed Account Type |
(Required) The BeyondTrust managed account type. |
system |
Team Passwords Specific Settings
|
Parameter |
Description |
Example |
|---|---|---|
|
Folder Path Prefix |
(Optional) A default folder path prefix. This will be added in front of all Orchestrator Asset values. |
myfolder/mysubfolder/ |
|
Folder / Account Delimiter |
(Required) The delimiter used to split the Path from the Title in the Orchestrator Asset. |
/ |
Note: Before trying to set your Credential Store in Orchestrator first you should test the BT configuration.
Using Postman, or something similar, do the following request:
Method: POST
URL: {BeyondTrust Host URL}/BeyondTrust/api/public/v3//Auth/SignAppin
Headers:
"Authorization" : "PS-Auth key={API Registration Key}; runas={API Run As Username};"
Or as a curl
curl --location --globoff --request POST '{BeyondTrust Host URL}/BeyondTrust/api/public/v3//Auth/SignAppin' \
--header 'Authorization: PS-Auth key={API Registration Key}; runas={API Run As Username};'