Using the ITP for Active Directory Workload

 

This feature is currently available only to customers participating in our public preview. To access public preview features, see Using the Public Preview Program.

The ITP for Active Directory workload for Windows fetches Active Directory identity data about users, groups, service accounts, memberships, and user ACLs to provide a full picture about the accounts and their permissions, identifying admins, shadow admins, and AD misconfigurations that can lead to unsecured accounts, and helping you to quickly vault privileged accounts. The workload is used to integrate Active Directory identity data for the platform features listed below. Click the links to learn how privileged accounts are evaluated, discovered, and vaulted:

• Using Cloud Identity Discovery

• Using ITP and PCCE

• Active Directory Identity Discovery

Prerequisites

• .Net 8 installed on the Delinea Platform Engine target machine

• Licensing for the Cloud Identity Discovery feature

Adding ITP for Active Directory

1. From the left navigation menu click Settings, then click Engine Management.

2. On the Engine management page, select a Site. If no site exists, create a new site and select it.

3. Select the Engines tab

4. Select an engine. If no engine exists, create a new engine and select it.

5. Select the Capabilities tab.

6. On the Capabilities page, select Add Capabilities.

7. Select the box next to ITP for Active Directory.
   
   

8. Click Add.

Editing ITP for Active Directory

To run the ITP for AD workload, you must select an AD account with read access. Follow the steps below to add the account. The user will see only the secrets for which they have permissions.

1. From the left navigation menu click Settings, then click Engine Management.

2. Select a site.

3. Click the Settings tab. The first time this settings page is opened, the Platform Engine ITP for Active Directory service account shows None.

4. Next to ITP for Active Directory, click Edit.
   

5. Next to Active directory credentials, click Select.
   
   

6. On the Share secret with Delinea Workload page, select All secrets.

7. Search for a secret that you own.

8. Select the secret.

9. Make sure the secret is not configured for checkout.

10. Select Turn off folder inheritance and Share Secret. This disables inheritance, granting workloads access to the secrets.

11. Click Save.