BeyondTrust Password Safe

the beyondtrust password safe connector allows for secure management and automation of privileged credentials, integrating seamlessly with security workflows beyondtrust password safe is a comprehensive privileged access management solution that secures and manages credentials, ensuring only authorized individuals have access to sensitive systems this connector allows swimlane turbine users to automate credential management, access requests, and system updates, enhancing security and compliance by integrating with beyondtrust password safe, swimlane turbine users can streamline privileged account operations, reduce manual overhead, and rapidly respond to access related incidents within their security workflows limitations none to date supported versions this beyondtrust password safe connector uses the latest version api additional docs beyondtrust password safe api documentation link https //docs beyondtrust com/bips/docs/password safe ap configuration prerequisites to effectively utilize the beyondtrust password safe connector with swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the beyondtrust password safe api key your unique api key to authenticate requests run as the username of the user performing actions via the api password the password associated with the 'run as' user authentication methods beyondtrust password safe api key authentication the beyondtrust password safe connector uses the api key authentication method to connect to the beyondtrust password safe api the following are required to set up the asset api key the api key generated from beyondtrust password safe runas username the username of the account that has permissions to use the api key runas password the password for the runas user account api endpoint the url endpoint for the beyondtrust password safe api example configuration in apikey yaml apikey c479a66f…c9484d runas username doe main\johndoe runas password un1qu3 api endpoint https //your beyondtrust instance/api/public/v3 capabilities this beyondtrust password safe connector provides the following capabilities check in or release a request get credentials get managed accounts get managed systems update credentials check in or release a request beyondtrust password safe's documentation for this action can be found here https //docs beyondtrust com/bips/docs/password safe api#put requestsidcheckin required roles requestor role to managed account referenced by the request get credentials beyondtrust password safe's documentation for this action can be found here https //docs beyondtrust com/bips/docs/password safe api#get credentialsrequestid required permissions none get managed accounts beyondtrust password safe's documentation for this action can be found here https //docs beyondtrust com/bips/docs/password safe api#get managedaccounts required roles requestor, requestor/approver, or isa role get managed systems beyondtrust password safe's documentation for this action can be found here https //docs beyondtrust com/bips/docs/password safe api#get managedsystems required permissions password safe system management (read) update credentials beyondtrust password safe's documentation for this action can be found here https //docs beyondtrust com/bips/docs/password safe api#put managedaccountsmanagedaccountidcredentials required permissions password safe account management (read/write) isa role or credentials manager role on a smart rule referencing the account configurations beyondtrust password safe api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required key the api key configured in beyondinsight for your application string required runas the username of a beyondinsight user that has been granted permission to use the api key string required pwd the runas user password surrounded by square brackets (optional; required only if the user password is required on the application api registration) string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions check in or release a request checks in or releases a specified request in beyondtrust password safe using the request id before expiration endpoint url requests/{{id}}/checkin method put input argument name type required description id string required id of the request to check in/release output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" {}, "reason" "ok", "json body" {} } ] get credentials retrieves active and approved credentials for a specified request id in beyondtrust password safe endpoint url credentials/{{requestid}} method get input argument name type required description type string optional the type of credential to retrieve requestid string required id of the request for which to retrieve the credentials output parameter type description status code number http status code of the response reason string response reason phrase credentials string output field credentials example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "credentials" "string" } } ] get managed accounts retrieve a list of managed accounts available for request by the current user, with optional query parameters for specificity endpoint url /managedaccounts method get input argument name type required description systemname string optional (optional) name of the managed system accountname string optional (optional) name of the managed account systemid string optional (optional) id of the managed system workgroupname string optional (optional) name of the workgroup applicationdisplayname string optional (optional, when given, type must be application) display name of the application ipaddress string optional (optional, when given type must be one of system, domainlinked, or database) ip address of the managed asset type string optional (optional/recommended) type of the managed account to return limit number optional (optional) (default 1000) number of records to return offset number optional (optional) (default 0) number of records to skip before returning records output parameter type description status code number http status code of the response reason string response reason phrase platformid number unique identifier systemid number unique identifier systemname string name of the resource domainname string name of the resource accountid number unique identifier accountname string name of the resource instancename string name of the resource userprincipalname string name of the resource applicationid number unique identifier applicationdisplayname string name of the resource defaultreleaseduration number output field defaultreleaseduration maximumreleaseduration number output field maximumreleaseduration lastchangedate string date value nextchangedate string date value ischanging boolean output field ischanging changestate number output field changestate isisaaccess boolean output field isisaaccess preferrednodeid string unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "platformid" 1, "systemid" 12345, "systemname" "examplesystem", "domainname" "example com", "accountid" 67890, "accountname" "exampleaccount", "instancename" "exampleinstance", "userprincipalname" "example\@example com", "applicationid" 54321, "applicationdisplayname" "exampleapp", "defaultreleaseduration" 30, "maximumreleaseduration" 60, "lastchangedate" "2023 01 01t00 00 00z", "nextchangedate" "2023 02 01t00 00 00z", "ischanging" true } } ] get managed systems retrieve a list of systems managed by beyondtrust password safe, detailing each system's attributes and status endpoint url /managedsystems method get input argument name type required description type string optional the entity type of the managed system name string optional the name of the managed system limit number optional (default 100000) number of records to return offset number optional (default 0) number of records to skip before returning records (can only be used in conjunction with limit) output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" \[ {} ] } ] update credentials updates the credentials for a specified managed account in beyondtrust password safe, with an option to apply changes system wide endpoint url managedaccounts/{{managedaccountid}}/credentials method put input argument name type required description managedaccountid string required id of the managed account for which to set the credentials password string optional (optional) the new password to set if not given, generates a new random password publickey string optional (required if privatekey is given and updatesystem = true) the new public key to set on the host privatekey string optional the private key to set (provide passphrase if encrypted) passphrase string optional (optional) the passphrase to use for an encrypted private key updatesystem boolean optional (default true) whether to update the credentials on the referenced system output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" {}, "reason" "ok", "json body" {} } ]