Credential Manager

Credential Manager is a secure repository wherein the details used while logging into the applications are stored. These details are encrypted in the AssistEdge Database and are accessible to only the authorized users.

Credentials Manager determines which profile, processes, users and roles have permission to access the information. Additionally, you can store the data in a  third party application (CyberArk or BeyondTrust) which  is integrated with RPA Database.

As Super Admin, you can manage the credentials for profiles through the credential vault. A credential vault is a repository that holds the credentials, such as user Ids and passwords, for the profiles. Only, Robot Creator, Super User, Manager or Robot Owner are allowed to access the Credential Manager.

 

Configuring Credential Manager

Credential Manager tab is accessible only to the users with relevant access.

 

To configure the credential manager:

  • Ensure that logged-in user role has page access to the Control Tower.
  • Logged-in user should be mapped to <RPA_Trigger Management> access in Specify Role access. For more information about user role mapping, see Managing Roles section in the AE-RPA-Administrator Guide.

 

 

Starting with Credential Manager

Credential Manager provide following option in vault type, which includes:

   

To start with credential manager:

  1. From the Navigation panel, click the   (Credential Manager) icon or click Credential Manager.
     

NOTE: 

Update and save the credentials for applications mapped to the profiles assigned to a particular User ID, using the Credential Manager.


 

 The CREDENTIAL MANAGER page is displayed.

  1. In the Vault list, select the Vault from the available options. 

 

NOTE: 

In case, you have configured the third-party external credential vault then, the particular vault appears in the Vault list. For more information about integration of  third-party external credential vault, see Third Party External Vault in AE-RPA-Customization Guide.

 

  • Default: In case, you select default option from the list then, you are required to enter the username and password and click Login.

OR

You can also click Login as Current User directly in order to log into credential manager with the default vault type  and current logged in user credentials details.

 

  • CyberArkCyberArk Enterprise Password Vault is independent application which maintains application credentials. For more details about CyberArk, see https://www.cyberark.com/.   

    In case, you select the CyberArk option from the list then, you must configure the CyberArk Vault details in configuration file. For more information about the configuration of CyberArk vault, see Configuration Vault type – CyberArk section. You are also required to specify the other field details such as AppID, Safe, Folder, and Object. For more information about the details of CyberArk fields, see CyberArk section.

 

 

NOTE:  

Additionally, click  RESET to reset the login details of an application.

 

A message as Authentication Successful appears. Then, logged in user is logged in to the Credential Manager page. 

  • BeyondTrust: BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. For more details about BeyondTrust, see https://www.beyondtrust.com/.  

    BeyondTrust PasswordSafe has two methods for storing credentials:
    • BeyondTrust – Managed Accounts: BeyondTrust – Managed Accounts are user accounts that are local accounts or active directory accounts on the managed system.
    • BeyondTrust – Team Passwords:  BeyondTrust – Team Passwords enables teams to easily store and manage shared credentials for accounts that are commonly held and managed within specific teams in a fully auditable and controlled environment. 
    • In case, you select the BeyondTrust – Managed Accounts or BeyondTrust – Team Passwords option from the list then, you must configure the BeyondTrust Vault details in configuration file. For more information about the configuration of BeyondTrust vault, see Configuration Vault type – BeyondTrust. You are also required to specify the other field details such as SystemName, and AccountName for BeyondTrust – Managed Accounts and  FolderName, and CredentialTitle for BeyondTrust – Team Passwords.  For more details on BeyondTrust fields, see BeyondTrust section. 

                                               

NOTE:  

Additionally, click  RESET to reset the login details of an application.

  1. The Authentication Successful message appears, and the user is logged in to the Credential Manager page. 
     

  1. You can update the credentials for all the applications under different profiles.
    Credential Manager comprises of  two tabs, which includes:

Configuration Vault type – CyberArk

You can configure the CyberArk Vault type globally. To enable this CyberArk integration, you are required to perform certain configuration. Before proceeding, ensure that Control Tower is stopped. 

 

To configure vault type -CyberArk as per requirement:

  1. Navigate to build location - $\app\admin\config\ and open the config.yml file in edit mode.


  2. Edit the vault details such as url, key, cert, and ca in the configuration file as per your requirement.
  3. Save the file and then, restart the Control Tower. 

Configuration Vault type – BeyondTrust

You can configure the BeyondTrust - Vault type globally. To enable this BeyondTrust integration, you must perform certain configurations. Before proceeding, ensure that Control Tower is stopped. 

 

To configure vault type -BeyondTrust:

  1. Navigate to build location - $\app\admin\config\ and open the config.yml file in edit mode. 
  2. Edit the vault details such as url, apikey, and runas in the configuration file. 
    1. url: The URL of the BeyondTrust cloud server instance that stores credentials. 

    2. apikey: The API key configured while setting up API registrations on the BeyondTrust server.2

    3. runas: A user created on the BeyondTrust portal with access to the API registration. 

  3. Save the file and then, restart the Control Tower.

Credential Manager

Credential Manager enables you to update the credentials depending upon the Vault Type. This tab displays all the linked profile with the applications. You can select vault from the available vault.

Default (LDAP)

If the credentials are already saved in the vault manager, you can select default type.

   

To start with default vault type in credential manager:

  1. Click Credential Manager.
  2. Click the Application profile for which the sign-in to application is required.

 

NOTE:  

Under the Non Sign In Applications, applications for which the sign-in process is not required is displayed.

 

  1. In the Vault list, select the Default vault type.
  2. In the Username field, enter the username required to log into the application.
  3. In the Password field, enter the password required to log into the application.
  4. In the Expiry Date, select the expiry date for the default vault type. This field is optional and is relevant in case the e-mail alerts are to be sent days before password expiry.
  5. E-mail notifications are managed from the: <build folder path>\app\Vanguard\Monitor\PeriodicXml\MonitorAlerts.xml
  6. Click UPDATE to update the credentials of the applications.


CyberArk

If you are using CyberArk Enterprise Password Vault to save the credentials, you can select the CyberArk type.

   

To integrate application, sign-in with CyberArk:

  1. In the Vault list, select the CyberArk Vault type.
  2. In the AppID field, enter the AppID that is authorized to provide access to CyberArk and retrieve credentials.
  3. In the Safe field, enter the CyberArk safe ID that contains the credentials for the assets required to be scanned.
  4. In the Folder field, enter the CyberArk folder ID that contains the credentials for the assets required to be scanned. The default folder is Root.
  5. In the Object field, enter the name of the object that stores the credentials.
  6. Click UPDATE.


 

NOTE:  

These values are provided by the Integration partner and required to be filled in Credential Manager to fetch credential from CyberArk.

BeyondTrust

If you are using BeyondTrust Vault to store the credentials securely, you can either select the BeyondTrust – Managed Accounts or the BeyondTrust – Team Passwords.


To integrate application, sign-in with BeyondTrust – Managed Accounts:

  1. In the Vault list, select the BeyondTrust – Managed Accounts type.
  2. In the SystemName field, enter the SystemName (Managed System) for which BeyondTrust credentials are to be retrieved.
  3. In the AccountName field, enter the authorized AccountName (Managed Account) for which BeyondTrust credentials are to be retrieved.
  4. Click Update.


To integrate application, sign-in with BeyondTrust – Team Passwords: 

 

  1. In the Vault list, select the BeyondTrust – Team Passwords type.
  2. In the FolderName field, enter the FolderName of the teams folder used to organize and store the credentials.
  3. In the CredentialTitle field, enter the authorized CredentialTitle to allow a set of specified users to authenticate using credentials retrieved from BeyondTrust.
  4. Click Update.  

NOTE:  

The field values for both BeyondTrust – Managed Accounts and BeyondTrust – Team Passwords are configured on the BeyondTrust portal by security administrator.


Use Common Credentials

Use Common Credentials enables you to store the credentials for multiple profiles at a time.

   

To use common credentials:

  1. Select the Application profile for which the sign-in to application is required.
  2. Click Use Common Credentials.


           The Common Credentials window is displayed.

  1. In the Select Default Vault Configuration list, select the  preferred vault option.
  2. In the Username field, enter the username required to log into the application.
  3. In the Password field, enter the password required to log into the application.
  4. In the Expiry Date, select the expiry date for the default vault type. This field is optional and is relevant in case the e-mail alerts are to be sent days before password expiry.
  5. Select Apply to other profiles check box, to apply the same credentials for all the other profiles.
  6. Click APPLY to apply all the changes to the profiles or else click CANCEL to discard the changes.

 

Vault Manager

Vault Manager enables you to set the default values of the particular Vault. When the values are set in the credential manager, they directly populate in all the configured application which configured for the first time or are using Default as Vault Type.

 

To set value in CyberArk Vault Manager

  1. In the Select Default Vault Configuration list, select the vault type.
  2. In the AppID field, enter the AppID that is authorized to provide access to CyberArk and retrieve credentials.
  3. In the Safe field, enter the CyberArk safe ID that contains the credentials for the assets required to be scanned.
  4. In the Folder field, enter the CyberArk folder ID that contains the credentials for the assets required to be scanned. The default folder is Root.
  5. Click SET DEFAULT, to save the credentials as default for CyberArk. The default credentials saved are prompted in the credentials manager.

    A message appears as Default Vault Values Set Successfully.

 

To set value in BeyondTrust – Managed Accounts Vault Manager

  1. In the Select Default Vault Configuration list, select the Vault type as BeyondTrust – Managed Accounts.
  2. In the SystemName field, enter the SystemName (Managed System) for which BeyondTrust credentials are to be retrieved.
  3. Click SET DEFAULT, to save the credentials as default for BeyondTrust – Managed Accounts. The default credentials saved are prompted in the credentials manager.  


To set value in BeyondTrust – Team Passwords Vault Manager

  1. In the Select Default Vault Configuration list, select the Vault type as BeyondTrust – Team Passwords.
  2. In the FolderName field, enter the FolderName of the teams folder that is permitted to give BeyondTrust access to certain applications.
  3. Click SET DEFAULT, to save the credentials as default for BeyondTrust – Team Passwords. The default credentials saved are prompted in the credentials manager. 


What's Next?

  • In case, you want to create robot with updated credentials, see Robot View.
  • If you want to view the summarized view of all the transactions running, you can see Process View. 
  • If you want to apply new patched to robot and its robot agent, you can see Update Management.
  • If you want to monitor the performance metrics of business-critical servers and applications, you can see APM Dashboard.
  1.