This technical blog post [with Videos] is intended to highlight the Centrify Identity Platform REST API Framework and its capabilities, specifically as it relates to automating the management of privileged accounts. The Centrify Privilege Service allows authorized IT personnel or applications, to checkout privileged account passwords for a limited amount of time. Options to fully manage the control of privileged account passwords can automatically change or update the password after a checkout event has ended, or depending on the policy use-case, simply store the password unchanged for future authorized access.
The API examples explored in this post demonstrate the ability to programmatically perform the following Centrify Privilege Service functions:
- Retrieve a list of Privileged Resources (machines/computers) for a given cloud tenant
- Retrieve a list of Privileged Accounts for a specified Privilege Resource
- Initiate a password check-out event for a specified Privileged Account
- Execute a password rotation event for a specified Privileged Account
- Perform a password check-in event for a specified Privileged Account
Additionally, we demonstrate the ability to leverage REST API calls to enhance compliance relating to Shared Account Password Management (SAPM) using the following as examples:
- JIRA Integration for additional oversight of Privileged Account Management
- ServiceNow Integration for additional oversight of Privileged Account Management
- Code samples are written in Python
- Code samples are just that, basic samples. They are meant to be expanded on and refined as needed by your project. They are not a substitute for development best practices, defined software development lifecycle protocols or specific standardized conventions.
- The intent of these code samples is to expose and educate on what is possible, relating to the specific API calls themselves. These are building blocks that are meant to be built upon, refined and enhanced.
- Always implement the necessary quality/regression/performance testing before introducing into a production environment.
- You can find this Centrify API Guide to guide you through the framework
- You can find the code samples themselves here on Centrify GitHub
- You can find this Python library to work with JIRA APIs
- ServiceNow provides this useful API Explorer
- These are powerful APIs, get creative!
1) How to Automate Privilege Management via Centrify REST API
2) How to Automate Privilege Management via Centrify REST API