Integrating Imprivata SecureLink Enterprise with Secret Server

Third-party vendors create and maintain this integration. Delinea does not guarantee that the integration will work properly or that it respects Delinea product limitations. Delinea has not reviewed this integration and Delinea Support staff can only assist with the Delinea side of setup.

SecureLink Enterprise integration with Secret Server is a 3rd Party integration maintained by Imprivata. This integration allows customers to use Delinea for credential storage and service introduction while utilizing SecureLink through the SOAP API in Delinea and a plugin in SecureLink.

SecureLink's integration with Delinea (formerly Thycotic) allows our customers to use Delinea to store credentials and inject them into services while using SecureLink via the SOAP API in Delinea and a plugin in SecureLink. Plugin Implementation:

  • Delinea is a "Secret" vault, where secrets hold passwords to access other systems.

  • The SecureLink plugin implementation currently supports password credentials bound to a user and a service.

The searchSecrets API call searches for SecureLink secrets based on multiple attributes that include both specific names and wildcards.

This document is available in SecureLink University in the Enterprise Integrations course.

Delinea Secret Attributes Securelink Attributes
Secret Name The Delinea attributes in the left column can be matched with various SecureLink attributes, such as userid, email domain, hostname, service name, service description, and port type. SecureLink allows both wildcards and specific names (depending on SecureLink version).
Machine Name
Username

Requirements

The SecureLink integration with Delinea requires the following:

  • ShapeShapeSecureLink – SecureLink will assist to enable and configure the plugin for Version 5.14 or higher.

  • Delinea - API is included in all versions 10.0 or higher at no additional cost.

  • ShapeAPI User - In Delinea, it’s mandatory for an API user to authenticate password requests.

Connectivity Requirements

The connection between SecureLink Enterprise server and Delinea should be established on port 443 in the DMZ.

To ensure secure communication between clients and the Delinea server, create a valid SSL certificate. A self-signed certificate will not be sufficient for this purpose.

User Workflow

The following are instructions for the user workflow:

  1. Select a service configured on a host that supports credential passthrough (for example, VNC, RDP, SSH, FTP, Telnet).

  2. SecureLink verifies whether a credential has been assigned to the assigned service.

    • By default SecureLink checks first to see if a credential from the SecureLink credential vault is available. If so, then it is allowed to pass through.

    • If a SecureLink Credential is not assigned, SecureLink checks to see if a Delinea credential is available.

    • If a Delinea credential is not available, the user will be prompted to provide one.

    • This default can be modified to check Delinea before checking the SecureLink vault. You will need SecureLink’s assistance to modify this default.