Delinea Secret Server (Thycotic)
Delinea Secret Server (formerly Thycotic) is a Privileged Access Management (PAM) solution for protecting your privileged accounts, available both on premise or in the cloud.
The Delinea Secret Server adapter enables Axonius to fetch and catalog privileged account assets, including devices, users, groups, and secrets, ensuring comprehensive visibility into privileged access management and security compliance.
Asset Types Fetched
-
Devices
-
Users - Includes details on folder permissions per user, including the folders a user can access, together with their names and IDs.
-
Roles
-
Groups
-
Secrets
-
Application Resources
Before You Begin
Required Ports
- TCP port 443
Authentication Methods
- User Name and Password
Required Permissions
The value supplied in User Name must be a local Delinea user with the following role permissions:
- View Folders
- View Groups
- View Roles
- View Secret
- View Users
- View Devices
For more information, see the Secret Server Role Permissions List.
APIs
- Axonius uses the Secret Server REST API to retrieve asset data.
- Vaults use Secret Server REST API permissions.
- Rules use Get SDK Client Rule.
- Permissions use Secret Server REST API Get Roles for user and Secret Server REST API Get Role Permissions.
- Users use Folder Permissions API.
- Devices use Secret Server REST API Get Server Nodes.
Connection Parameters
To connect the adapter in Axonius, provide the following parameters.
Required Parameters
- Delinea Secret Server URL - Enter the full URL of the Delinea Secret Server:
- For on-premises Delinea Secret Server, needs to be in the following format:
https://<hostname>/SecretServer(for example:https://demo-server/SecretServer) - For cloud-based Delinea Secret Server, needs to be in the following format:
https://<tenant>.secretservercloud.com(for example:https://mycompany.secretservercloud.com)
- For on-premises Delinea Secret Server, needs to be in the following format:
- User Name and Password - Enter the credentials of a local Delinea user that has the Required Permissions to fetch assets.
- Port - Enter the port number that is used for the connection.
Optional Parameters
-
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
-
HTTPS Proxy - Enter an HTTPS proxy address to connect the adapter to a proxy instead of directly connecting it to the domain.
-
HTTPS Proxy User Name - Enter the user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
-
HTTPS Proxy Password - Enter the password to use when connecting to the server using the HTTPS Proxy.
To learn about additional optional/common adapter connection parameters and options, see Adding a New Adapter Connection.
Advanced Settings
Note
- Advanced settings can apply to either all connections of this adapter, or to a specific connection. For more detailed information, see Advanced Configuration for Adapters.
- For more general information about advanced settings, see Adapter Advanced Settings.
- Ignore disabled users - Select to not fetch disabled users.
- Fetch Vaults - Select this option to fetch the secrets the user has access to.
- Fetch Rules - Select this option to fetch the SDK rules affecting the user.
- Fetch Users Roles and Permissions - Select this option to fetch the users roles and permissions the user has.
- Fetch Groups - Select this option to fetch groups.
- Fetch Devices - Select this option to fetch devices.
- Fetch Folder Permissions - Select this option to fetch permissions associated with folders.
- Enable Fetch Lists Items - Select this option to fetch list items from Delinea Secret Server. If selected, the following sub-options are relevant:
- Filter lists by listID - Enter a comma-separated list of List IDs to fetch only specific lists.
- Filter by Category - Enter a category name to filter the fetched lists.
- Filter by Active Lists - Select this option to fetch only active lists.
Related Enforcement Actions
Version Matrix
This adapter has only been tested with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.
| Version | Supported | Notes |
|---|---|---|
| Version 10.7.59 | Yes |
Updated 5 days ago