Configuring Delinea MidServer Utility for the Delinea Platform

This configuration applies to version 5.0 and above. Otherwise, manually run the Delinea MidServer Setup Utility.

After establishing the basic requirements for creating a service account and a discovery secret, you need to run the Delinea MidServer Setup Utility. This utility is designed to generate all necessary parameters while providing a secure and reliable method for storing user credentials, avoiding the use of plain text in the MidServer configuration file. It facilitates the configuration of the connection between your MID Server and Delinea Platform.

Starting with version 5.0, the Delinea MidServer Setup Utility introduces a graphical UI mode that simplifies configuration. You can now launch the setup utility and complete MID Server configuration directly through the UI instead of manually editing files or running all commands from the console.

Step 1: Run the Delinea MidServer Setup Utility

Before running the Delinea MidServer Setup Utility, ensure the following:

Java Requirement:
You can use the bundled Java included with the ServiceNow MID Server to run the setup utility. No separate Java installation is required.
Open Command Prompt and navigate to the following folder:

C:\servicenow\agent\jre\bin
Then run the setup command to open the Delinea MID Server Setup Utility UI:

java -jar C:\servicenow\agent\extlib\DelineaMidServerSetupUtility.jar
This uses the same built-in Java runtime that the ServiceNow MID Server uses (<MID Server>\agent\jre\bin), ensuring compatibility and eliminating the need for an external Java installation.

Step 2: Create New Configuration

When authenticating the Delinea Platform with ServiceNow using Just-in-Time mode or Grant File mode, there is one way to establish a connection. You can use your Delinea Platform username and password to authenticate or generate a token in the file.

Just-in-Time (JIT) Mode

The Just-in-Time (JIT) Mode in the Delinea MidServer Setup Utility lets you securely authenticate with the Delinea Platform using a service account. This mode generates all necessary parameters, encrypts credentials, and produces a config.xml file for your MID Server, ensuring a safe and reliable connection.

In the Vault Type field, select Platform from the dropdown.

Select the Create New Configuration checkbox.
In the Mode field select the JIT Mode checkbox.

The Mode field determines how the Delinea MidServer Setup Utility authenticates with the Delinea Platform

Provide the following information:
- In the Server URL field provide the Delinea Platform URL.
- Enter the Username and Password for the Platform service account
Select additional(optional) parameters as needed.
1. If you want to allow self signed certificates select the Allow Self Signed Certificates checkbox.
2. If you know you want to use a proxy server, select the Use Proxy Server checkbox and then provide the Proxy host and port.

Default Parameters:
1. Select the Enable Logging checkbox to enable additional logging other than the default one.
2. The Log Level is set to 4 by default which means that all three logs type will get printed.
3. Select the Search Secret by Name checkbox if you want to validate the secret based on the secret name. For detailed configuration, go here.
4. Select the Enable Auto Comment checkbox if you want to enable auto comment. In the text box next to it type the comment. For detailed configuration, go here.
5. Select the Enable Cache URL checkbox if you want to use the Delinea Credential Cache. In the text box next to it type the Cache URL (e.g: "https://10.XX.XX.XX:80XX"). For detailed configuration, go here.

Click Generate Configuration File, and then select the Config.xml file located in the mid server's agent folder to save your updates.

A confirmation message appears: Parameters updated in config.xml
Click Ok.
Open the config.xml file to see all the parameters that you just configured being reflected in the file.

Grant File Mode

The Grant File Mode in the Delinea MidServer Setup Utility allows you to authenticate with the Delinea Platform using an OAuth2 grant file. This mode encrypts your credentials and produces both an oauth2_grant.json file and a config.xml file for your MID Server.

In the Vault Type field, select Platform from the dropdown.
Select the Create New Configuration checkbox.
In the Mode field, select the Grant File checkbox.

The Mode field determines how the Delinea MidServer Setup Utility authenticates with the Delinea Platform.
Provide the following information:
- In the Server URL field, enter the Delinea Platform URL.
- Provide the Username and Password for the Platform service account.
Click Generate oauth2_grant.json to create the grant file.

When you select Generate oauth2_grant.json, the setup utility displays:

OAuth2 grant file created successfully at: C:\servicenow\agent\extlib\oauth2_grant.json
Click Save oauth2_grant.json to store it locally.
Select additional parameters as needed.
- If you want to allow self signed certificates select the Allow Self Signed Certificates checkbox.
- If you know you want to use a proxy server, select the Use Proxy Server checkbox and then provide the Proxy host and port.
Click Generate Configuration File and then select the Config.xml file available in the mid server's agent folder to save the updates.

A confirmation message appears: Parameters updated in config.xml
Click Ok.
Open the config.xml file to see all the parameters that you just configured being reflected in the file.

Step 3: Update Existing Configuration

The Update Existing Configuration option lets you modify an existing config.xml file for your MID Server.

In the Vault Type field, select Platform from the dropdown.

Select the Update Existing Configuration checkbox.
Click Load Parameters to import the current settings from your config.xml file.
Mode is selected by default.

The Mode field determines how the Delinea MidServer Setup Utility authenticates with the Delinea Platform. It is selected based on your config.xml file, but you can change the Mode or any parameter values as needed before generating the configuration file.
Modify any parameters as needed.

Click Generate Configuration File and then select the Config.xml file to save the updates.

The config.xml file contains the following attributes:

Attribute	Value Description
platform_url	URL for your Delinea Platform.
oauth2_grant_file	Grant File Mode
platform_auth_str	This parameter is set to an encrypted string generated by the encryption utility, which contains the Delinea Platform username and password.
allow_self_signed_certificate	Set to true if you are using a self-signed cert for Delinea Platform instance.
vault_type	This parameter should be set to Secret Server to validate the credentials with Delinea Platform
is_logging	This parameter can be set to either true or false to enable additional logging other than the default one.
log_level	Log Level 1 (Logs Info): logs Information Log Level 2 (Logs Debug): logs for developer Log Level 3 (Logs Error): if any error logs will get printed. Log Level 4 (Logs all): all above three logs type will get printed.
proxy_host	This field will likely be blank, unless you know a proxy to be used to get out to the internet from your MidServer.
proxy_port	This field will likely be blank, unless you know a proxy to be used to get out to the internet from your MidServer.
proxy_auth_str	This parameter is set to an encrypted string generated by the encryption utility containing the username and password of the Proxy Server.
search_secret_by_name	This field can be set as true/false. In case you want to validate credentials using secret name, set this field as true.
auto_comment	This parameter is set as a string.
cache_url	For both Just-in-Time and Grant File modes provide the Delinea Credentials Cache URL in format https://host:port if credential caching is enabled. Leave blank if not used.

If you do not provide an is_logging and log_level parameter in the config file, the default value will be true and 3.

Enabling the Search Secret by Name

Set the following parameter as true in the MID Server config.xml file to enable secret search by name.

\<parameter name="**search_secret_by_name**" value="true"/\>
Pass the secret name from the ServiceNow MID Server in the Credential ID field.
Provide a complete name of the secret because a partial name will not work.

Searching for the secret by name is not recommended because Secret Server can have the same name for two different secrets. This functionality will not work correctly if multiple secrets have the same name.

Enabling the Auto Comment

In Delinea Platform, Secret Server, go to Secret > Security > Other Security > Require comment and select Yes.
In the Mid Server config.xml file, set the following parameter as a string as follows: <parameter name="auto_comment " value="Enter your comment"/>.

If the auto_comment parameter is empty, it will not provide any comment while viewing the secret.

Enabling Delinea Credentials Cache

To enable Delinea Credential Cache, please check the checkbox and set the cache url. "https://10.XX.XX.XX:80XX". For more details, see Delinea Credentials Cache.

The Delinea Cred Cache does not support validating credentials using a secret name. Users can only validate the credentials using the secret ID. Also, it does not support SSH private key credentials.