Manually Integrate Secret Server Cloud

For Secret Server users to use secrets from the Delinea Platform, their Secret Server and platform accounts must share the identical login username. This is true for any administrative accounts used for setting up the Delinea Platform and Secret Server.

Delinea Platform users working with a Secret Server cloud deployment (and URL) will not see Remote Access in the top-level left navigation. The PRA engine is automatically enabled to launch remote access for secrets that are based on appropriate templates.

New customers who sign up for a platform trial are assigned full administrator privileges within both the Delinea Platform and the integrated Secret Server Cloud.

When a new Delinea Platform user account is created and that user first logs in to the platform, the platform checks for an existing corresponding account (by username, domain, and UPN) in Secret Server. If a corresponding account already exists in Secret Server, the platform account is linked to the Secret Server account automatically. If there is no corresponding account in Secret Server, Secret Server automatically creates one and links it to the platform account. The two accounts appear to the user as a single account.

Retrieve the Platform Integration Credentials

  1. Log in to the Delinea Platform with an administrative account.

  2. Click Settings from the left navigation, then select Authentication Profiles.

  3. Click the Secret Server Connection tab.

    Alt

  4. Copy the Client ID and Client Secret and save them for use in the next section.

  5. In the Secret Server URL field, add your Secret Server URL. For example, https://<tenant>.secretservercloud.com.

  6. Click Save.

If you need to regenerate the credentials (Client ID and Client Secret), please contact Delinea technical support.

To test the connection, click Test Connection. The connection status messages depend on your configuration, but could include Connection was successful, Integration was not configured, Integration URLs do not match, or Did not receive an integration response.

Enable Platform Integration in Secret Server

  1. Log in to Secret Server with an administrative account.

  2. Select Administration > Tools & Integrations.

  3. Under Tools & Integrations, click Platform Integration.

    Alt

  4. Click the Configuration tab.

  5. Fill in the fields as follows:

    • Reply URL: Pre-filled
    • Login URL: The login URL displayed on the platform under Settings > Secret Server Connection; for example, https://<hostname>.delinea.app/identity.
    • Client ID: The Client ID you copied in the previous steps
    • Client Secret: The Client Secret you copied in the previous steps
    • Profile Name: Pre-filled
    • Logout URL: The logout URL endpoint for the platform; for example, https://<hostname>.delinea.app/identity/api/Security/Logout
    • Enable audit integration: Yes. In future releases, this setting will probably not be optional.
    • Forward inventory data to Delinea Platform: Yes. In future releases, this setting will probably not be optional.
    • Synchronization Interval: Sets the interval for the Synchronize Platform function
    • Enable Platform on login page: If Yes, the platform log in option appears on the Secret Server log in page. If No, the platform log in option is still accessible but not on the Secret Server log in page.
    • Force Platform Only Login: Redirects to platform login
    • Platform Tenant's ID: The platform tenant's unique identifier (read only)
    • Vault ID: The identifier for the Secret Server instance (read only) 
    • Use Platform settingsYes enables Unified Mode which consolidates role, user, and group management in the platform. After the systems are in sync, this is the last step of the Secret Server migration to platform. Once enabled, integral areas of the product are consolidated and this option cannot be disabled.
  6. Select the Enabled checkbox.
  7. Click Save.

Verify the Integration in the Platform

  1. Log in to the Delinea Platform. If you're already logged in, log out, then log back in.
  2. From the left navigation menu, click Secret Server, then select All secrets from the secondary menu.
  3. The All Secrets page displays all of your secrets from Secret Server, now shared with the platform.

Verify the Integration in Secret Server

  1. Sign out of Secret Server Cloud and return to the Secret Server login page.

  2. When prompted for an identity provider, select Platform.

    alt

  3. The Delinea Platform authentication screen displays.

    alt

  4. Sign in with the credentials for the newly-created Delinea Platform account that maps to your Secret Server account.

  5. If you can log in successfully, your integration between Secret Server Cloud and the Delinea Platform is complete.

  6. Refresh the Delinea Platform page. The Secrets tab appears in the left navigation, and the browser launcher appears in Secret Server.