BeyondTrust Password Safe

the beyondtrust password safe connector allows for secure management and automation of privileged credentials, integrating seamlessly with security workflows beyondtrust password safe is a comprehensive privileged access management solution that secures and manages credentials, ensuring only authorized individuals have access to sensitive systems this connector allows swimlane turbine users to automate credential management, access requests, and system updates, enhancing security and compliance by integrating with beyondtrust password safe, swimlane turbine users can streamline privileged account operations, reduce manual overhead, and rapidly respond to access related incidents within their security workflows limitations none to date supported versions this beyondtrust password safe connector uses the latest version api additional docs https //docs beyondtrust com/bips/docs/password safe ap configuration prerequisites to effectively utilize the beyondtrust password safe connector with swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the beyondtrust password safe api key your unique api key to authenticate requests run as the username of the user performing actions via the api password the password associated with the 'run as' user authentication methods the beyondtrust password safe connector uses the api key authentication method to connect to the beyondtrust password safe api the following are required to set up the asset api key the api key generated from beyondtrust password safe runas username the username of the account that has permissions to use the api key runas password the password for the runas user account api endpoint the url endpoint for the beyondtrust password safe api example configuration in apikey yaml apikey c479a66f…c9484d runas username doe main\johndoe runas password un1qu3 api endpoint https //your beyondtrust instance/api/public/v3 capabilities this beyondtrust password safe connector provides the following capabilities check in or release a request get credentials get managed accounts get managed systems update credentials check in or release a request beyondtrust password safe's documentation for this action can be found https //docs beyondtrust com/bips/docs/password safe api#put requestsidcheckin required roles requestor role to managed account referenced by the request get credentials beyondtrust password safe's documentation for this action can be found https //docs beyondtrust com/bips/docs/password safe api#get credentialsrequestid required permissions none get managed accounts beyondtrust password safe's documentation for this action can be found https //docs beyondtrust com/bips/docs/password safe api#get managedaccounts required roles requestor, requestor/approver, or isa role get managed systems beyondtrust password safe's documentation for this action can be found https //docs beyondtrust com/bips/docs/password safe api#get managedsystems required permissions password safe system management (read) update credentials beyondtrust password safe's documentation for this action can be found https //docs beyondtrust com/bips/docs/password safe api#put managedaccountsmanagedaccountidcredentials required permissions password safe account management (read/write) isa role or credentials manager role on a smart rule referencing the account configurations beyondtrust password safe api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required key the api key configured in beyondinsight for your application string required runas the username of a beyondinsight user that has been granted permission to use the api key string required pwd the runas user password surrounded by square brackets (optional; required only if the user password is required on the application api registration) string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions check in or release a request checks in or releases a specified request in beyondtrust password safe using the request id before expiration endpoint url requests/{{id}}/checkin method put input argument name type required description path parameters id string required id of the request to check in/release input example {"path parameters" {"id" "12345678"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 204,"response headers" {},"reason" "ok","json body" {}} get credentials retrieves active and approved credentials for a specified request id in beyondtrust password safe endpoint url credentials/{{requestid}} method get input argument name type required description parameters type string optional the type of credential to retrieve path parameters requestid string required id of the request for which to retrieve the credentials input example {"parameters" {"type" "dsskey"},"path parameters" {"requestid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase credentials string output field credentials output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"credentials" "string"}} get managed accounts retrieve a list of managed accounts available for request by the current user, with optional query parameters for specificity endpoint url /managedaccounts method get input argument name type required description parameters systemname string optional (optional) name of the managed system parameters accountname string optional (optional) name of the managed account parameters systemid string optional (optional) id of the managed system parameters workgroupname string optional (optional) name of the workgroup parameters applicationdisplayname string optional (optional, when given, type must be application) display name of the application parameters ipaddress string optional (optional, when given type must be one of system, domainlinked, or database) ip address of the managed asset parameters type string optional (optional/recommended) type of the managed account to return parameters limit number optional (optional) (default 1000) number of records to return parameters offset number optional (optional) (default 0) number of records to skip before returning records input example {"parameters" {"systemname" "test name","accountname" "test account","systemid" "12233344","workgroupname" "test group","applicationdisplayname" "test","ipaddress" "1 2 333 44","type" "system","limit" 1000,"offset" 0}} output parameter type description status code number http status code of the response reason string response reason phrase platformid number unique identifier systemid number unique identifier systemname string name of the resource domainname string name of the resource accountid number unique identifier accountname string name of the resource instancename string name of the resource userprincipalname string name of the resource applicationid number unique identifier applicationdisplayname string name of the resource defaultreleaseduration number output field defaultreleaseduration maximumreleaseduration number output field maximumreleaseduration lastchangedate string date value nextchangedate string date value ischanging boolean output field ischanging changestate number output field changestate isisaaccess boolean output field isisaaccess preferrednodeid string unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"platformid" 1,"systemid" 12345,"systemname" "examplesystem","domainname" "example com","accountid" 67890,"accountname" "exampleaccount","instancename" "exampleinstance","userprincipalname" "example\@example com","applicationid" 54321,"applicationdisplayname" "exampleapp","defaultreleaseduration" 30,"maximumreleaseduration" 60,"lastchangedate" "2023 01 01t00 00 00z","nextchangedate" "2023 02 01t00 00 00z","ischanging"\ true}} get managed systems retrieve a list of systems managed by beyondtrust password safe, detailing each system's attributes and status endpoint url /managedsystems method get input argument name type required description parameters type string optional the entity type of the managed system parameters name string optional the name of the managed system parameters limit number optional (default 100000) number of records to return parameters offset number optional (default 0) number of records to skip before returning records (can only be used in conjunction with limit) input example {"parameters" {"type" "server","name" "example system","limit" 100000,"offset" 0}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"workgroupid" 1,"hostname" "example host","ipaddress" "192 168 1 1","dnsname" "example com","instancename" "instance1","isdefaultinstance"\ true,"template" "template1","forestname" "forest1","usessl"\ false,"managedsystemid" 123,"entitytypeid" 456,"assetid"\ null,"databaseid"\ null,"directoryid"\ null,"cloudid"\ null}]} update credentials updates the credentials for a specified managed account in beyondtrust password safe, with an option to apply changes system wide endpoint url managedaccounts/{{managedaccountid}}/credentials method put input argument name type required description path parameters managedaccountid string required id of the managed account for which to set the credentials password string optional (optional) the new password to set if not given, generates a new random password publickey string optional (required if privatekey is given and updatesystem = true) the new public key to set on the host privatekey string optional the private key to set (provide passphrase if encrypted) passphrase string optional (optional) the passphrase to use for an encrypted private key updatesystem boolean optional (default true) whether to update the credentials on the referenced system input example {"json body" {"password" "","publickey" "","privatekey" "","passphrase" "","updatesystem"\ true},"path parameters" {"managedaccountid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 204,"response headers" {},"reason" "ok","json body" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt