> Software > CommCell Configuration > Security > Store Account Information with Credential Vault > Types of Credential Vault > Third-Party Credential Vault > Adding a Credential Vault

Adding a BeyondTrust Credential Vault

Before You Begin

Perform the following steps in BeyondTrust Password Safe:

Create an Application User

  • Create a dedicated application user in BeyondTrust to be used by Commvault.

Configure a User Group

  1. Create a new user group for the application user.

  2. In Group Details, enable the following features with Read-Only permissions:

    • Password Safe Account Management
    • Password Safe Configuration Management

    Note

    These permissions allow Commvault to use APIs to look up credential accounts.

Define Smart Rules and Smart Groups

  1. Configure Smart Rules for the specific assets and managed accounts whose credentials Commvault should access.

  2. Add these assets/accounts into Smart Groups.

  3. Associate these Smart Groups with the Commvault application user group.

Configure PAM access Policy

  1. Create a PAM access policy for the Commvault application.

  2. Enable the View Password and Auto Approve options.

    Note

    These options are set at the PAM access policy configuration level.

  3. Assign the application user group to the Requestor role.

  4. Link the access policy to the Requestor role.

Enable API access for managed accounts

  • For every managed account that Commvault will access, make sure API access is enabled. This setting must be turned on at the individual managed account level.

Collect connection information

  • Note down the following details to be used in Commvault while adding the BeyondTrust credential vault:

    • BeyondTrust Password Safe URL
    • Application User credentials (Client ID, Client Secret if applicable)
    • Name of Smart Groups and access policy created for Commvault.

Procedure

  1. From the navigation pane, go to Manage > Security.

    The Security page appears.

  2. Click the Credential vault tile.

    The Manage credentials page appears.

  3. Click the Vault configuration tab, and then click Add from the upper-right corner of the page.

    The Add credential vault dialog box appears.

  4. From the Vendor list, select BeyondTrust, and then enter the following information:

    1. Name: Enter a unique name for the BeyondTrust credential vault.

    2. Server URL: Enter the URL of the BeyondTrust Password Safe server.

    3. Client ID: Enter the client ID created in BeyondTrust.

    4. Client secret: Enter the client secret corresponding to the client ID.

    5. Access nodes: Displays the default node that can access the BeyondTrust vault. You can select other nodes from the list.

    6. Description: Enter a short description for the BeyondTrust credential vault.

  5. Click Save.

×

Loading...