Cloud integration using ARCON key vault

As a privileged user, you can configure the ARCON key vault integration in the Control Room.

Prerequisites

  • Ensure you have Manage settings and Manage connections permission to configure these settings.
  • Ensure that your network is configured to allow communication from Automation 360 Cloud servers by adding the regional IP addresses to your network’s allowed list. See Control Room IP-Adressen für externe Integrationen.

ARCON key vault configuration

This procedure helps you configure integration with ARCON key vault.
  • First, set up the OAuth connection.
  • Then, configure the vault integration.

Set up OAuth Connection

Complete the following steps from the Herstellung der OAuth-Verbindung procedure.

  1. To set up the OAuth connection, navigate to Manage > OAuth Connections .
  2. Click Create Connection.
  3. On the Connection settings screen, do the following:
    • Provider type: Custom
    • Connection name: Provide any unique name to identify connection and click Next.
    • Grant type: Select the Resource Owner Password Flow grant type.
    • Client authentication method: Choose Client Authentication Secret Post.
    • Token URL: Provide the token URL to get access tokens from ARCON key vault.

      Set up OAuth for ARCON

    • Scope: This is an optional field. You can configure the scope as needed.
    • Username and Password are the user details used to authenticate with ARCON system.
      Note: If ARCON vault is configured to accept username and password in base64 encoded format, then enter the base64 encoded username and password.
  4. Click Next and then click Save changes and test connection.
  5. Click Close.

Once successful, configure the ARCON key vault and select the OAuth connection you created.

Configure ARCON key vault

  1. From the Control Room, navigate to Administration > Settings > External key vault .
  2. In the Configuration Settings section, click Edit.
  3. Scroll to the bottom and select the Arcon Key Vault.
  4. Enter the Vault URL (for example: https://pamapi-poc.arconnet.com/api/ServicePassword/GetTargetDevicePassKey).
  5. Select the OAuth connection you previously created from drop-down list.
  6. HTTP header name will contain the OAuth token set by Automation 360. By default, the header name is set to Authorization.

    Configure ARCON Key Vault

  7. Server certificate - PEM format is an optional field. Enter a value here to enable secure (TLS) communication between Automation 360 and ARCON.
  8. Click Save changes to save the vault configuration.
Next steps