hydden.docs

#

An Add to Vault provider and workflow supports integration with PAM solutions for automatic vaulting of accounts based on predefined parameters setup in this configuration.

Prerequisites

A PAM integration credential configured in the Hydden platform.

Add to Vault Provider Configuration

  1. In Hydden, navigate to __Configuration Automate__.
  2. On the Providers tab, click + Add New.
  3. On the modal, from the Type drop-down, select Add To Vault.
  4. For Name and Description, provide a use case relevant provider name and description details.
  5. From the Credential drop-down, select the pre-configured vault integration (PAM solution, like CyberArk or BeyondTrust) tenant credential.
  6. Click Save.

Add to Vault Workflow Configuration

For automated vaulting, use a classification to trigger the add to vault action. Available default classification are Add to Vault and Auto Add to CyberArk.

  1. In Hydden, navigate to __Configuration Automate__.
  2. On the Workflows tab, click + Add New.
  3. For Name and Description, provide a use case relevant workflow name and description details.
  4. From the Trigger drop-down, select Classification Added.
  5. From the Classification Rule drop-down, select either Add to Vault or Auto Add to CyberArk, depending on your PAM Solution.
  6. From the Action drop-down, select the Add to {PAM Solution Tenant} option.
  7. From the Select Vault Connection, select your configured PAM Integration.
  8. For Username, use the {Principal.Name} variable.
  9. From the System drop-down, select the OS, for example, Windows.
  10. From the Platform drop-down, select the correct Account option for your solution.
  11. For Safe, enter the {PAM Solution}’s safe or vault as a variable attribute.
  12. Under Address, enter your domain.
  13. Select Allow Automatic Password Managment for auto vaulting.
  14. The password and confirm password fields are optional.
  15. The Account Name field is pre-populated with templated attributes.
  16. For Unix or Linus systems, a Use SUDO on Reconcile and Fetch SSH Keys options are available to be enabled via checkbox.
  17. Click Save.

[!Note] Under Configuration | Identify | Classification Rules, verify that the classification rule has the Allow Workflow Trigger option checked.