Thycotic Connect IDs

Owned by Stephen Biro
Sept 28, 2020
4 min read

The Thycotic Connect IDs provide direct integration with a Thycotic Secret Server and enable a bot to obtain a secret to use for credentials when connecting to systems or applications as part of a task.

Overview

There are two sub-types of Thycotic Connect IDs, one to enable connection to a specific Secret Server and another to access a specific secret in the Secret Server instance.

Thycotic Secret Server Connect ID

This Connect ID is required before any Thycotic Secret Connect IDs may be defined and used. This Connect ID contains the authentication information to access a particular Thycotic Secret Server instance under a specific user scope. Multiple Thycotic Secret Server Connect IDs may be defined to permit access to secrets under different user scopes and/or Secret Server tenants.

Thycotic Secret Connect ID

This Connect ID references a specific Secret within an already defined Thycotic Secret Server.

 

Configuring in Secret Server

First an application account must be created in the Secret Server tenant for the Cloudbridge Platform to use. Follow these steps to create a new application account user.

  1. Login to the Secret Server tenant and an admin user

  2. From the left nav click Admin → Users

  3. On the User’s page a listing of existing Application Accounts can be view by clicking on the blue Application Accounts link. This is optional.

  4. Click the Create New button

  5. Provide the details for the new user account

  6. Click the blue Advanced link

  7. Check the Application Account checkbox

  8. Click the Save button and confirm the notification dialog

  9. Apply any additional Restrictions, Roles and/or Permissions to the account as appropriate for your Secret Server implementation.

  10. Ensure the necessary Secret(s) is(are) shared with the new account.

Configuring in Cloudbridge

Thycotic Secret Server Connect ID

This Connect ID provides a reference to a Secret Service instance which Thycotic Secret Connect IDs will use. To create a new Thycotic Secret Server Connect ID:

  1. Choose Connect ID Type: Thycotic Secret Server

  2. Provide a meaningful name for this Connect ID that will be displayed in the list of Connect IDs
    eg. Corporate Secret Server.

  3. Provide the URL to the Secret Server instanceeg. https://corp.secretservercloud.com/

  4. Provide the username under which you want the Cloudbridge Platform to login

  5. Provide the password for the username given

  6. Click the blue (Verify) link to confirm that credentials are correct for logging into the Secret Server instance. If credentials are good a green checkmark will appear; if not a red exclamation mark.

  7. Click OK

Thycotic Secret Connect ID

This Connect ID references a specific Secret within an already defined Thycotic Secret Server. This is the Connect ID that will be selected from a folder or script Credentials tab.

  1. Choose Connect ID Type: Thycotic Secret

  2. Provide a meaningful name for this Connect ID that will be displayed in the list of Connect IDs
    eg. Corp O365 Admin

  3. Provide the Secret Id for the secret to be pulled from Secret Server. The Secret Id can be viewed for any secret in Thycotic Secret Server by either:

    1. Hovering over the secret and inspecting the URL displayed in the the browser’s status bar

      or,

    2. Clicking on the secret and viewing it’s id in the URL in the browser’s address field

       

  4. Click OK

Using a Thycotic Secret in a Bot Script

To have a bot use a Thycotic Secret, choose the appropriate Thycotic Secret Connect ID from the Crendtials tab of the script.

(Credentials can also be set at the folder level for a script to Use Inherited)