Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

[How To] - Automate Privilege Management via Centrify REST API

11 June,19 at 08:39 AM

 

Background

 

This technical blog post [with Videos] is intended to highlight the Centrify Identity Platform REST API Framework and its capabilities, specifically as it relates to automating the management of privileged accounts. The Centrify Privilege Service allows authorized IT personnel or applications, to checkout privileged account passwords for a limited amount of time. Options to fully manage the control of privileged account passwords can automatically change or update the password after a checkout event has ended, or depending on the policy use-case, simply store the password unchanged for future authorized access.

 

Intended Objective

 

The API examples explored in this post demonstrate the ability to programmatically perform the following Centrify Privilege Service functions:

 

  1. Retrieve a list of Privileged Resources (machines/computers) for a given cloud tenant
  2. Retrieve a list of Privileged Accounts for a specified Privilege Resource
  3. Initiate a password check-out event for a specified Privileged Account
  4. Execute a password rotation event for a specified Privileged Account
  5. Perform a password check-in event for a specified Privileged Account

 

Additionally, we demonstrate the ability to leverage REST API calls to enhance compliance relating to Shared Account Password Management (SAPM) using the following as examples:

 

  1. JIRA Integration for additional oversight of Privileged Account Management
  2. ServiceNow Integration for additional oversight of Privileged Account Management

 

Considerations

 

  1. Code samples are written in Python
  2. RESTful API calls to the Centrify Cloud Service are programming language agnostic, same objective can be achieved using cURL, Ruby, JavaScript, Perl among many others.
  3. Code samples are just that, basic samples. They are meant to be expanded on and refined as needed by your project. They are not a substitute for development best practices, defined software development lifecycle protocols or specific standardized conventions.
  4. The intent of these code samples is to expose and educate on what is possible, relating to the specific API calls themselves. These are building blocks that are meant to be built upon, refined and enhanced.
  5. Always implement the necessary quality/regression/performance testing before introducing into a production environment.
  6. You can find this Centrify API Guide to guide you through the framework
  7. You can find the code samples themselves here on Centrify GitHub
  8. You can find this Python library to work with JIRA APIs
  9. ServiceNow provides this useful API Explorer
  10. These are powerful APIs, get creative!   Smiley Happy

 

[Videos]

 

1) How to Automate Privilege Management via Centrify REST API

 

[JIRA Version] 

 

 

 

2) How to Automate Privilege Management via Centrify REST API

 

[ServiceNow Version]

 

 

 

 

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.