Procedure to integrate Automation 360 Control Room with Delinea Secret Server.

Prerequisites

Ensure that you have set up the following:

Procedure

  1. When setting up the key vault for On-Premises deployment, you will need to update some values in the keyvault.properties file. To prevent any issues, you must stop the Control Room services:
    1. Automation Anywhere Control Room Messaging service.
    2. Automation Anywhere Control Room service.
  2. Run the key vault utility (crutils.jar) for the Delinea Secret Server key vault configuration:
    1. As a system administrator of the Control Room, you need to access the Automation Anywhere Control Room installation directory. This directory was made when you first installed the Automation 360 product.
      For example: 'C:\Program Files\Automation Anywhere\Automation360'
    2. Download the latest version of the key vault utility (crutils.jar) from the following location:
      1. Open a browser and access the A-People site: A-People Downloads page (Login required).
      2. Click the link to the latest On-Premises build.
      3. Click the Installation Setup folder.
      4. Download the crutils.jar file.
    3. Enter the following command to run the key vault utility: jdk11\bin\java -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Automation360\pki\trust\store.ks" -Djavax.net.ssl.trustStorePassword=changeit --module-path lib -jar crutils.jar -action UPDATE_KEY_VAULT_CONFIGURATION -configPath "C:\Program Files\Automation Anywhere\Automation360\config"
      • The UPDATE_KEY_VAULT_CONFIGURATION command lets you change the Delinea Secret Server key vault settings. Example: Enter Delinea to connect to the Delinea Secret Server key vault.
      • If there are any trust certificate problems while using the key vault tool to connect to the Delina Secret Server, you need to get the server's certificate and add it to Automation 360 trust certificate store. Use this command: C:\Program Files\Automation Anywhere\Automation360\pki\trust\store.ks: > jdk11\bin\java -jar certmgr.jar -appDir . -importTrustCert <Full path of the certificate>
      • The Delinea Secret Server server certificate can be in the .cer, .crt, or .pem format.
      • The certmgr.jar is included in the installation directory for to use.
    4. On the command prompt , enter the following authentication details:
      • Token URL: This is the Delinea Secret Server platform token URL. Example: https://<>.delinea.app/identity/api/oauth2/token/xpmplatform
      • Device Credential URL: This is the URL to get device credentials. Example: https://<>.delinea.app/api/ServicePassword/GetTargetDevicePassKey
      • Grant Type: Enter password. Only password grant type is supported.
      • Authentication username: This is the name of the Delinea Secret Server API user. It is used to get an access token that lets you retrieve device credentials.
      • Authentication password: This is the password of the Delinea Secret Server API user. When you enter it, the password is hidden, and it's encrypted before being saved to the file.

    A configuration success message is displayed:

    Connection configurations valid

    Key Vault configurations successfully updated

  3. To double-check, you can manually look at the entries in keyvault.properties file. This file is found in the C:\Program Files\Automation Anywhere\Automation360\config directory. The directory should have the following entries:
    Example:
    keyvault.type=DELINEA_VAULT
keyvault.delinea.vault.token.url=https://<host>/delineaToken
keyvault.delinea.vault.target.device.cred.url=https://<host>/api/ServicePassword/GetTargetDevicePassKey
keyvault.delinea.vault.auth.grant.type=password
keyvault.delinea.vault.auth.username=<username>
keyvault.delinea.vault.auth.user.password=<encrypted password>
  4. Restart the following Control Room services:
    1. Automation Anywhere Control Room Messaging service.
    2. Automation Anywhere Control Room service.