Skip to main content
Skip table of contents

Sectona Vault Credential Resolver for ServiceNow

The Sectona Vault Credential Resolver enables sharing data between the Sectona Vault and the ServiceNow instance. It uses a unique identifier for each credential along with the IP Address parameter. The aforementioned details are used by a ServiceNow application component called the MID Server that enables the Credential Resolver to use the identifier to obtain the credentials from the Sectona Vault Repository.

Pre-requisites

  • Update System Default Settings

Configuration of SystemEvent AppService will be required. To modify default system settings, login to Sectona and change the Current Configured Value as listed below by following these steps.

  1. AutoStart AppService - SystemEvent to 1.

  2. TriggerInterval AppService - SystemEvent (Minutes) to 5.

  • Vault API Registration

The steps to register the API in order to interact with the Sectona Security Platform can be found here.

  • MID Server

The Management, Instrumentation, and Discovery (MID) Server required external storage plugin enabled, click here to enable and configure external storage plugin.

  • Sectona Vault Password SDK

Copy Sectona Vault Password SDK (sectona-vault-passwordsdk.jar) file on MID Server <MID Server Agent Directory>\agent\extlib directory.

  • Sectona Vault Credential Resolver

Upload and configure sectona-vault-cedential-resolver.jar file to MID server as external credential resolver.

  1. In ServiceNow, navigate to "MID server JAR files" option → New.

  2. Manage Attachments -> Select and Upload the Sectona Vault Credential Resolver JAR file.

  3. Fill required details.

  4. Click Submit.

Procedure

Procedure to configure parameters in config.xml file of MID server:

  1. Open the config.xml file in a text editor, this file is located in the /agent folder in your MID server installation path.

  2. Configure parameter and corresponding value.

    1. <parameter name="ext.cred.sectona.vault.address" value="{PAM server URL}"/>

    2. <parameter name="ext.cred.sectona.vault.instance" value="{Name of instance in Sectona PAM}"/>

    3. <parameter name=" ext.cred.sectona.vault.access.username " value="AccessKey"/>

    4. <parameter name=" ext.cred.sectona.vault.access.password " value="{Access Key value configured in PAM API Registration}"/>

    5. <parameter name=" ext.cred.sectona.vault.apitimeout " value="5000"/>

  3. Save the configuration file.

  4. Restart the MID Server.

Or above parameters can be configured from MID Server web interface, for more information click here.

Procedure to configure credentials in MID server:

  1. ServiceNow to pass 2 parameters

    1. IP Address : This IP address need to be part of PAM asset, otherwise PAM will not be able to provide credential.

    2. Credential ID : Unique identifier of privileged account (account name) in PAM with respect to IP Address.

  2. Format for Credential ID is “Asset Type|Account Name” or “Asset Type|Account Name1, Account Name2”

    1. Asset type is required for PAM to understand which type of credential is required by ServiceNow. e,g, Windows Server, Unix Based and etc

    2. Account Name is required for PAM to understand credential requested for which privileged account.

    3. After “|”in Credential ID, multiple account names can be specified. Multiple account names can be password in case having different management accounts across multiple assets of same asset type.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close