Delinea Secret Server (Thycotic)
Delinea Secret Server (formerly Thycotic) is a Privileged Access Management (PAM) solution for protecting your privileged accounts, available both on premise or in the cloud. It provides secure storage, rotation, and auditing of credentials and secrets across enterprise environments.
Asset Types Fetched
-
Devices
-
Users - Includes details on Folder permissions per user, i.e., the folders a user can access, along with their names and IDs.
-
Roles
-
Groups
-
Secrets
-
Application Resources
Before You Begin
Ports
- TCP port 443
Authentication Method
- User Name/Password
APIs
- Axonius uses the Secret Server REST API.
- Vaults use Secret Server REST API permissions.
- Rules use Get SDK Client Rule.
- Permissions use Secret Server REST API Get Roles for user and Secret Server REST API Get Role Permissions.
- Users use Folder Permissions API.
- Devices use Secret Server REST API Get Server Nodes.
Permissions
The value supplied in User Name must be a local Delinea user with the following role permissions:
- View Folders
- View Groups
- View Roles
- View Secret
- View Users
- View Devices
For more information, see the Secret Server Role Permissions List.
Connecting the Adapter in Axonius
To connect the adapter in Axonius, provide the following parameters:
Required Parameters
- Delinea Secret Server URL - The full URL of the Delinea Secret Server.
- For on-prem Delinea Secret Server, needs to be in the following format:
https://<hostname>/SecretServer(e.g. https://demo-server/SecretServer) - For cloud Delinea Secret Server, needs to be in the following format:
https://<tenant>.secretservercloud.com(e.g https://mycompany.secretservercloud.com)
- For on-prem Delinea Secret Server, needs to be in the following format:
- User Name and Password - The credentials of a local Delinea user that has the Required Permissions to fetch assets.
- Port - The port used for the connection.
Optional Parameters
-
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
-
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
-
HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
-
HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Note
Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.
- Ignore disabled users - Select to not fetch disabled users.
- Fetch Vaults - Select this option to fetch the secrets the user has access to.
- Fetch Rules - Select this option to fetch the SDK rules affecting the user.
- Fetch Users Roles and Permissions - Select this option to fetch the users roles and permissions the user has.
- Fetch Groups - Select this option to fetch groups.
- Fetch Devices - Select this option to fetch devices.
Note
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Related Enforcement Actions:
Version Matrix
This adapter has only been tested with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.
| Version | Supported | Notes |
|---|---|---|
| Version 10.7.59 | Yes |
Updated 5 days ago