Manually Integrate Secret Server On Premise

The integration of Secret Server On Premise (SSOP) with the Delinea Platform is limited to the Remote Access use case only. To use this integration, you must launch a Remote Access session from a vaulted secret stored in Secret Server On Premise. No secret server capabilities, such as lifecycle management, can be managed from the platform interface at this time.

Accessing the Delinea Platform

Current Secret Server On Premise customers can access the Delinea Platform and Privileged Remote Access by contacting a Delinea sales representative directly to request the Delinea Platform without the attached Secret Server Cloud.

After signing up for a trial, users will get a welcome email with the subject line, Welcome to your Secret Server Cloud Trial on the Delinea Platform. Follow the steps outlined in the welcome email to provision your platform tenant

Prerequisites

Secret Server On Premise version 11.7.000015 or newer.
An administrator account on both SSOP and on the Delinea Platform.

The Delinea Platform and SSOP accounts must share the same login username, and the user must be logged in with this username in both the platform and SSOP when following the steps below. This is true for any administrator accounts used for setting up the Delinea Platform and SSOP.
Ensure that the network prerequisites are fulfilled to enable the integration between SSOP and the Privileged Remote Access feature on the platform.

Integration Steps

Install a Privileged Remote Access engine.
Add a new Secret Server On Premise connection to the platform.
Update the platform integration settings on Secret Server On Premise.
Update your Secret Server On Premise connection with the PRA site.
Verify the overall integration.

Install a Privileged Remote Access Engine

Deploy a Privileged Remote Access (PRA) Engine and ensure that the PRA Engine has access to your SSOP instance.

Log in to the platform.
Click Settings from the left navigation, then select Remote Access.
Follow the steps in Privileged Remote Access on installing a PRA Engine.

Add a New Secret Server Connection

Log in to the platform.
Click Settings from the left navigation, then select Authentication profiles.
Select the Secret Server Connection tab.
Click Configure Secret Server Connection to generate the required connection credentials.

The platform generates a Client ID and Client Secret.
Make note of the Client ID and Client Secret values. You will need them later.

If you need to regenerate the credentials (Client ID and Client Secret), contact Delinea technical support.
Update the Secret Server URL field, using the format https://<hostname or IP address>/SecretServer. For example, https://secret-server.example.local/SecretServer.

Update the Platform Integration Settings On Secret Server

Log in to your Secret Server On Premise instance.
Select Administration > Platform Integration.
Click Edit.
Update the following settings:
1. Login URL: the platform login URL that you copied from the earlier step
2. Client ID: the identifier assigned part of the OIDC connection
3. Client Secret: a secret used by Secret Server to authenticate with the platform

Update Your Secret Server Connection with the PRA Site

After the PRA engine is successfully installed, perform these steps:

Navigate to Administration > Remote Access > Secret Server Connection.
Click Edit.
Update the Site field with the PRA site that contains the engine you just created.

Verify the Overall Integration

Log in to the Delinea Platform.
Select Administration > Remote Access > Secret Templates. A default set of Secret Server templates displays. You can add other templates as desired by clicking Add Templates.
Select Remote Access from the left navigation menu. Typically, secrets created by or shared with the logged-in user are listed.

You can now launch Remote Access sessions from the secrets that support PRA by clicking the Launch link under the Actions column.