Creating Authentication Records

Once the authentication vault has been configured, individual authentication credentials can be configured to retrieve their passwords from Secret Server.

1. Authentication > New > record type.

   Authentication vault configuration requires three additional details to retrieve the password:

   • Vault Type: Set to Delinea Secret Server.
   • Vault Title: The previously created Authentication Vault record in Qualys.
   • Secret Name: The Secret record in Secret Server containing the accounts password. In this case, the Secret name for the Windows account is Qualystest.

2. Go to Scan > Authentication.

3. Click New dropdown and select Windows Record.

   The Secret name must match the corresponding Secret name in Secret Server .

   The UserName should be the same as the Secret's username. In addition to creating a Secret with the correct password for the credentials used for authenticated scanning, the Application account (set in the previous steps for Configuring the Vault) must have at least a View access to the Secret.

4. Click Share to view the permissions on the Secret.

   A Secret inherits permissions from the folder settings. View the folder level permissions by editing the folder in which the Secret is stored.

   Once the Secret is configured with the proper permission, Qualys can use it in scans. Run a scan that uses that authentication record to verify that everything is working end-to-end.