Configuration

The required configurations in Delinea Secret Server enable the API to locate and retrieve the corresponding secret and securely transmit it to SecureLink.

Web Services

Web Services must be enabled in Delinea.

  1. Go to Admin > Configuration.

  2. View the General tab and select Enable Web Services (or set to Yes).

  3. Select the checkbox if it is not enabled.

  4. Click Save.

  5. Access Secret Server’s web services with the following URL or by selecting View Webservices from the Configuration page.

    • https://yourDelinea.yourdomain.com/SecretServer/webservices/SSWebservice.asmx

  6. To create the WSDL URL required for the API, add ?WSDL at the end of the Webservices URL (for example, https://yourDelinea.yourdomain.com/SecretServer/webservices/SSWebservice.asmx?WSDL).

If you are using Secret Server Cloud, remove the "/SecretServer/" from the URL (for example: https://yourDelinea.yourdomain.com/webservices/SSWebservice.asmx?WSDL).

API User

The integration with Delinea requires an API user to authenticate requests for passwords via the API. Use the account as an application account that doesn’t require a license.

To create an API user follow these steps:

  1. Go to Admin > Users.

  2. Go to the User Management page and click Create User and use an application account.

    Make sure that you remember your username and password because they are needed to configure the SecureLink plugin.

  3. Go to Roles on the API user's account to view or assign the User's role(s).

    The Delinea admin determines the user's role.

    The API user must have access to the folder where the secrets are stored. In addition, the user's role must have View Launcher Password and View Secret permissions that are included in the User role.

 

Delinea Secrets

To create secrets in Secret Server, follow the steps below.

  1. Configure Delinea secrets in Secret Server via the New Secret option by creating or viewing them in their relevant folders.

  2. SecureLink supports password-based authentication for Windows and Unix accounts (SSH). For example, API can match a Windows account's Secret Name, Username, and Machine fields.

    Active Directory accounts will have a Secret Name and Username that can be matched, but with no Machine field.

  3. Ensure that the Other Security section has Require Comment set to No on the Security tab. There is no way for the API to make a comment when checking out a secret, and the integration will not work if this is left enabled.

  4. The API user must have View permission for the secrets that will be passed to SecureLink. Usually, the secrets are stored in a shared folder, and they inherit the permissions from the folder.

  5. Right-click the folder and select Edit Folder.

  6. Ensure that the API user created in previous steps has View Permission under Folder Permissions on the Overview tab.

  7. After you get access to the folder, check the Sharing tab of the secret(s) to ensure that permissions are set to inherit, and the API user has View access.

    SecureLink Server Configuration

    The Delinea integration requires SecureLink to upload the Delinea plugin files. There is no downtime required for these changes. Once this is done, configuration in SecureLink can be completed.