Delinea Privileged Access Service offers an external repository for storage credentials used by Discovery and Service Mapping, rather storing them than directly in a ServiceNow credentials record. Delinea Secret Server enables ServiceNow to fetch credentials (for example, passwords and keys) directly from Secret Server without storing them in the ServiceNow database.
The integration of Delinea Credential Resolver with ServiceNow allows you to do the following in Privileged Access Service and Secret Server:
Privileged Access Service:
- Set Up an OAuth Client Application.
- Set Up ServiceNow and ServiceNow MID Server instances.
- Add a PAS SSL certificate to MID Server.
- Perform lookups to identify resources in PAS.
Secret Server:
- Create a secret in Secret Server.
- Create a user in Secret Server.
- Create a role and grant the role necessary permissions.
4.6.0 release notes:
- Added support of Kubernetes credentials.
- Added support of Azure credentials
-
ServiceNow
-
A compatible version of ServiceNow that supports the MID Server Credential Resolver.
-
The following plugins are available and must be activated on the ServiceNow instance:
-
External Credential Storage Plugin: Enables ServiceNow to securely store and resolve credentials from Secret Server.
-
Discovery Plugin: Enables ServiceNow to perform discovery operations on network infrastructure and resolve credentials using MID Server.
MID Server:
-
Ensure that the MID Server has the required access to the Delinea Platform over HTTP/HTTPS.
-
Java 11 or higher must be installed on each MID Server host.
Delinea Platform:
-
The Delinea Platform is properly provisioned and configured in your environment.
-
You have admin permissions for logging in to the Delinea Platform.
Secret Server:
-
Version 10.7.00059 or later
-
Web Services enabled
-
Secret Server user account (Application Account) with minimum VIEW access to secrets configured as credentials
-
If using Delinea Credentials Cache, verify that it is configured correctly to work with your Secret Server instance for credential retrieval and caching.
Privileged Access Service (PAS):
-
Ensure that PAS is accessible via HTTP/HTTPS from the MID Server.
-
Valid user account exists with the System Administrator role in PAS.
-
Required directories must be associated with PAS.
-