> Commvault SaaS > User Administration and Security > Store Account Information with Credential Vault > Types of Credential Vault > Third-Party Credential Vault > Adding a Credential Vault

Adding a BeyondTrust Credential Vault

You can configure a BeyondTrust Password Safe vault in Commvault to securely store and manage credentials.

Before You Begin

Perform the following setup in BeyondTrust Password Safe before adding the vault in Commvault.

1. Configure a PAM Access Policy

  1. Create a PAM access policy for the Commvault application.
  2. Enable the following options in the schedule configuration of the policy to ensure Commvault can retrieve required credentials without manual intervention:
    • View Password
    • Auto Approve

2. Create an Application User

Create a dedicated application user in BeyondTrust that Commvault will use for credential access.

3. Configure a User Group

  1. Create a new user group for the application user.
  2. In Group Details, enable the following features with Read-Only permission to allow Commvault to use APIs to look up credential accounts:
    • Password Safe Account Management
    • Password Safe Configuration Management

4. Define Smart Rules and Smart Groups

  1. Configure Smart Rules with the action to add specific assets and managed accounts whose credentials Commvault should access to be added to Smart Groups.
  2. Enable these Smart Groups for the Commvault application user group in user group details with Read-only permission.
  3. Set Password Safe role as Requestor to the Managed Account Smart Groups in user group details and assign the previously configured access policy for this role.

5. Enable API Access for Managed Accounts

For every managed account that Commvault will access, enable API access. This setting must be configured at the individual managed account level.

6. Collect Connection Information

Record the following details for use in Commvault when adding the BeyondTrust credential vault:

  • BeyondTrust Password Safe URL
  • Application user credentials (Client ID, Client Secret if applicable)
  • Smart Group names and the access policy assigned to Commvault

Procedure

Follow these steps in Command Center to add a BeyondTrust credential vault:

  1. From the Command Center navigation pane, go to Manage > Security.
    The Security page appears.

  2. Click the Credential vault tile.
    The Manage credentials page appears.

  3. Go to the Vault configuration tab, and then click Add (upper-right corner).
    The Add credential vault dialog box appears.

  4. From the Vendor list, select BeyondTrust, and then provide the following details:

    Field Description
    Name Enter a unique name for the BeyondTrust credential vault.
    Server URL Enter the URL of the BeyondTrust Password Safe server.
    Client ID Enter the client ID created in BeyondTrust.
    Client Secret Enter the client secret corresponding to the client ID.
    Access Nodes Displays the default access node for the vault. You can select other nodes as required.
    Description Enter a short description for the vault.

  5. Click Save to add the vault.

×

Loading...