Thycotic Integration
  • 23 Apr 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Thycotic Integration

  • Dark
    Light
  • PDF

Article Summary

The Thycotic integration enables Axonius to securely pull privileged credentials from the Thycotic Secret Server. The integration ensures that privileged credentials are secured in the Thycotic Secret Server, rotated to meet company guidelines, and meet complexity requirements.

NOTE

This integration has only been tested and supported with version 10.7. Please contact Axonius Support if you have a different version and it is not functioning as expected.

Description of Product Integration

Axonius uses the Secret Server REST API 10.7 to fetch credentials from the Thycotic Secret Server, refer to Thycotic Documentation.
Axonius authenticates to Thycotic Secret Server using bearer token authentication.

The integration supports both an on-premise Thycotics Secret Server and a cloud instance of Thycotic Secret Server.

The credentials are only fetched by Axonius when:

  • Creating a new adapter connection
  • Updating an existing adapter connection
  • Running an enforcement set
  • Fetching asset information for adapters during discovery cycles

Axonius does not store the credentials anywhere and deletes any trace of credentials.


To enable fetching credentials from your Thycotic Secret Server, you need to:

  1. Install and configure Thycotic Secret Server version 10.7 or use the Cloud instance of Thycotic Secret Server.
  2. Enable and configure the External Password Managers - Enterprise Password Management Settings in Axonius.
  3. Configure adapter connection credential to fetch passwords from Thycotic Secret Server.

Enable Thycotic Integration

Enable Thycotic integration and allow to Axonius to securely pull privileged credentials from the Thycotic Secret Server.
Following the guidelines in Enterprise Password Management Settings.

Working with Thycotic

Once the Thycotic integration is enabled in Axonius, a new Thycotic Secret Server icon will appear in all password fields when configuring adapters or Enforcement sets, allowing you to enter a password manually or to fetch the secret from Thycotic Secret Server.

image.png

To fetch the password from Thycotic Secret Server:

  1. In a password field, click the Thycotic icon. If you have configured more than one password manager, click the vault icon Vaulticon.png and select Thycotic Secret Server from the drop-down. A Thycotic Secret Server dialog opens.
    image.png
  2. In the dialog, specify the following parameters:
    1. Secret ID (required) - The secret ID for the password. This secret ID represents a unique identified for the secret in Thycotic.
    2. Field Name (required, default: Password) - The field name for the password. This is case sensitive.
  3. Click Fetch.
    • If the fetch is successful, a green indication will be displayed next to the Thycotic icon.
      image.png
    • If the fetch is unsuccessful, a red indication will be displayed next to the Thycotic icon. Hovering over the Thycotic Secret Server icon will show the error.
      image.png
NOTE
Typing or deleting any character in the textbox will change the password field back to a manual password input.

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.