cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Consolidate/Integrate account and password utilization between modules

Consolidate/Integrate account and password utilization between modules

In reference to Is there a way to integrate or pull creditials from Cyberark to Solarwinds?  (yay circular references), we use a tool similar to cyberark - where there is a managed password for a service account. This means that both a: I cannot have that password and b:it'd be nice if that password as entered into solarwinds can be changed automatically, as well as in the gui.

Via API would be a nice option here.

So the idea is:

say the NCM stored credential, the SAM credential, the NPM polling credential, UDT's AD credential, the credential to poll vsphere, SMTP credential,  all of these would use the same service account and password. Yet say 30 days down the road, we'd need all of those passwords to be changed automatically. I don't want to have to go into each of the modules mentioned and each of the places mentioned just to update the credential for one, and two I'd like that to be able to be done automatically.

An easy way to fix this at least short term would be to let credential selection be universal. Not unlike the custom property checkbox where it says:

you're using this credential for

(checkbox dropdown list of potential places for this credential to be available).

That way we don't have to enter it into 16 places, 3 of which we're going to forget until the related services fail. I'm not exaggerating on the 16 places, either.

Is this even remotely feasible?

Reference: , , ,

13 Comments

FYI tdanner​. troyfred​ uses cyberark (yay on him for not using TPAM which is a product of which I only have unfriendly 4 letter words for), but as a result my current org has a desire to have credentials controlled by third party applications. So naturally API's are the way I would envision that going?

Level 16

We have a similar need, but have privilege separation; the process that runs the reports can't be the same user that sends SMTP mail, and can't be the same process that logs into... well you get the idea.

So, in my case I have lots of accounts that have lots of passwords that need to get updated indifferent places in the product.

There is a report that shows what credentials are assigned to what, but I believe that only applies to the base stuff and doesn't catch like UDT AD or individual SAM templates.

Bump! #bumpsquad

2018 bump

Level 10

is there any progress on this?

is there a way to use the SDK to change NCM connection profiles?

I believe SDK can change credentials now as per tdanner​ for....regular stuff. I don't know that it applies to NCM yet.

Level 19

This page describes the API features around credential management that we have today: Credential Management · solarwinds/OrionSDK Wiki · GitHub. It doesn't cover NCM connection profiles.

Level 10

Is this on the roadmap? Will this be available in the near future?

Level 16

It’s absolutely absurd not to fix that...