Axonius Documentation
Start typing to search…

Keyfactor

Learn about Keyfactor's PKI as-a-Service, asset types fetched, setup, and advanced settings for Axonius integration.

Keyfactor provides PKI as-a-Service enabling protection of every device, workload, and digital transaction with a unique and trusted identity.

Asset Types Fetched

  • Devices
  • Users
  • Licenses
  • SaaS Applications
  • Certificates

Before You Begin

Ports

  • TCP port 80/443

Authentication Method

User Name and Password or OAuth Authentication

APIs

Axonius uses the Keyfactor Web API.

Permissions

The following permissions are required:

  • Certificates: Read
  • SystemSettings: Read

To use the endpoint 'GET SSH Users' the following permissions are required:

  • SSH: ServerAdmin OR
  • SSH: EnterpriseAdmin

Supported From Version

Supported from Axonius version 4.8


Setting Up Keyfactor to Work with Axonius

When you are using OAuth Authentication:

Connecting the Adapter in Axonius

Navigate to the Adapters page, search for Keyfactor, and click on the adapter tile. Click Add Connection.

To connect the adapter in Axonius, provide the following parameters:

Required Parameters

  1. Host Name or IP Address - The hostname or IP address of the Keyfactor server.

Authentication Methods

  1. User Name and Password - The credentials for a user account that has the Required Permissions to fetch assets.


Keyfactor

Optional Parameters

  1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  2. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  3. HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  4. HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.


  1. Select Gateway – Select the Axonius Gateway to use when connecting adapters whose sources are only accessible by an internal network and not from the primary Axonius instance, which may be an Axonius-hosted (SaaS) instance or Customer-hosted (on-premises / private cloud). To use this option, you need to set up an Axonius Gateway.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note:

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to ​Advanced Configuration for Adapters.

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

  1. Fetch certificates by collections - Toggle on to fetch certificates from all the collections the customer has in Keyfactor.
    • Collection names - If Fetch certificates by collections is enabled, you can enter a comma-separated list of collections to fetch from instead of all the collections.



Updated 18 minutes ago