Configuration

To enable the integration between BackBox Network Automation Manager and Secret Server, complete the following configuration tasks in the order listed:

Configuring Secret Server

Creating an Application Account

The integration requires an application account in Secret Server.

If you don't have an application account, you can create one. For detailed information about creating an application account, see Managing Local Accounts in the Secret Server documentation.

Creating a Secret in Secret Server

You must create a secret in Secret Server to store the credentials that BackBox will retrieve during automation and then share the secret with the service user.

The following procedure describes how to do this.

To create and share a secret:

  1. In Secret Server, select Secrets > All Secrets.

  2. Select Create Secret, and in the Create New Secret dialog, do the following:

    1. (Optional) Change the default folder.

      Make sure that the service user has View permission for the folder. For more information about folder permissions, see Folder Permissions in the Secret Server documentation.

    2. Under Choose a Secret Template, select the template from which to create the secret. You can use any template that fits your environment.

    3. Enter a name for the secret and the username and password to store.

    4. Provide values for other secret fields according to the template.

    5. Select Create Secret.

  3. Share the secret with the service user:

    1. Go to the Sharing tab of the secret’s page.

    2. Select Edit in the upper-right corner.

    3. Clear Inherit permissions.

    4. Use the search box to find the service user.

    5. Select the check box next to the user’s name and choose View in the Secret Permissions dropdown.

    6. Select Save.

Configuring BackBox Network Automation Manager

After creating the service user and secret, configure BackBox to connect to Secret Server and use the stored credentials.

To configure BackBox:

  1. Log in to the BackBox portal at https://<serverFQDNOrIP>.

  2. Navigate to Integrations > + PAM Vendor > Select Delinea.

  3. Configure the following parameters:

    • In the Protocol field, select HTTP from the dropdown.

    • In the Delinea Server field, enter the Server FQDN/IP.

    • In the URL field, enter the API path for your Secret Server instance.

    • In the Port field, enter the port number used by your Secret Server (typically is 443 for HTTPS).

  4. Validate that the Preview URL is correct for your implementation.

  5. Select Save.

  6. Navigate to Devices > Authentication Templates.

  7. Select +Add to add a new template.

  8. From the Type dropdown, select Delinea.

  9. Enter a Name, optional description, and username.

  10. Save the template.

  11. In the Integration Pane, enter the credentials for the Secret Server application account.

  12. Select Configure Fields

  13. Select +Add.

  14. Set Search Field to Host.

  15. Set Field Type to Device IP.

  16. Save all dialogs to complete the configuration.

    Assign the Template via a Device

  1. Navigate to Devices > All Managed Device , and select Edit for the device you want to assign the template to.

  2. Open the Authentication tab.

    • Verify that the correct Delinea authentication template is selected.

  3. Save the configuration.