Configuring Secret Server

To configure Secret Server for the integration with Blue Prism, complete the following steps in the specified order:

Step 1: Creating an application account in Secret Server. The integration requires an application account to authenticate with Secret Server and access secrets.
Step 2: Creating a secret in Secret Server. In the secret, you must provide the credentials to be used by Blue Prism in automated workflows or for logging to remote computers.

Step 1: Creating an Application Account in Secret Server

The integration requires an application account in Secret Server. Blue Prism uses the credentials of the application account to authenticate with your Secret Server instance and access the secret that stores the credentials to be used by Blue Prism bots. If you don't have an application account, you can create one. For more information about creating an application account, see Managing Local Accounts in the Secret Server documentation.

The application account must have a role with the View Launcher Password on Secrets and View Secret permissions in Secret Server. The following procedure describes how to create a role with these permissions and how to assign the role to the application account.

To create a role with the required permissions and assign it to the application account:

In Secret Server, navigate to Access > Roles.
Select Create role.
In the Create role dialog, provide a name and an optional description for the new role, and select Save.
Go to the Permissions tab for the role.
Select Edit and in the Scope dropdown list, select All.
Search for the View Launcher Password on Secrets permission by using the search box at the top.
Select the checkbox next to the permission name and select Save.
Repeat steps 6–7 to add the View Secret permission to the role.

The Permissions tab shows the permissions added to the role.
Assign the role to the application account:
1. Navigate to Access > Users.
2. On the User management page, search for and select the application account.
3. On the user page, go to the Roles tab and select Edit.
4. In the window that appears below, search for and select the role that you created and select the checkbox next to the role name.
5. Select Save.

Step 2: Creating a Secret in Secret Server

You must create a secret in Secret Server to store the credentials that you want Blue Prism bots to use for automated workflows or for logging in to remote computers. You must share the secret with the application account that you use for the integration to enable the retrieval of the credentials from the secret.

To create a secret and share it with the application account:

In Secret Server, select Secrets > All secrets.
In the Create new secret dialog, do the following:
1. (Optional) Change the default folder.
  
  Make sure that the application account has the View permission for the folder. For more information about folder permissions, see Folder Permissions in the Secret Server documentation.
2. Under Choose a secret template, select the template from which to create a secret.
  
  You can use any template that fits your needs.
3. Enter a name for the secret and the username and the password to store in the secret.
  
  For the use case "Retrieve credentials from Secret Server to enable Blue Prism robots to log in to a remote computer with the credentials," make sure that the secret name exactly matches the name of the computer where you want Blue Prism robots to log in.
4. Provide values for the other secret fields according to the template.
5. Select Create secret.
Share the secret with the application account:
1. Go to the Sharing tab of the secret's page.
2. Select Edit in the upper-right corner.
3. Clear Inherit permissions.
4. Search for the application account by using the search box at the top.
5. Select the check box to the left of the application account name and then select View in the dropdown list under Secret Permissions.
6. Select Save.