Using the ITP for Active Directory Workload
The ITP for Active Directory workload for Windows is used to integrate identity data from Active Directory in order to use features such as ITP and Active Directory Identity Discovery.
The workload fetches data such as, users, groups, service accounts, memberships, and user ACLs to provide a full picture about the accounts and their permissions, identifying admins and shadow admins and helping you to quickly vault privileged accounts and keep your AD secure.
Prerequisites
.Net 8 - must be installed on the Delinea Platform Engine target machine.
Adding ITP for Active Directory
-
From the left navigation menu click Settings, then click Engine Management.
-
On the Engine management page, select a Site. If no site exists, create a new site and select it.
-
Select the Engines tab
-
Select an engine. If no engine exists, create a new engine and select it.
-
Select the Capabilities tab.
-
On the Capabilities page, select Add Capabilities.
-
Select the box next to ITP for Active Directory.
-
Click Add.
Editing ITP for Active Directory
To run the ITP for AD workload, you must select an AD account with read access. Follow the steps below to add the account. The user will see only the secrets for which they have permissions.
-
From the left navigation menu click Settings, then click Engine Management.
-
Select a site.
-
Click the Settings tab. The first time this settings page is opened, the Command Relay service account shows None.
-
Next to ITP for Active Directory, click Edit.
-
Next to Active directory credentials, click Select.
-
On the Share secret with Delinea Workload page, select All secrets.
-
Search for a secret that you own.
-
Select the secret.
-
Make sure the secret is not configured for checkout.
-
Select Turn off folder inheritance and Share Secret. This disables inheritance, granting workloads access to the secrets.
-
Click Save.
