Check Out a Password
Centrify supports password checkout/checkin as a way to recycle and reuse passwords amongst your tenant's users.
The following steps describe how to check out passwords from CPS using Centrify's API.
Note: before you begin ensure you are familiar with the requirements and procedures for invoking Centrify endpoints as described here.
Authenticate with your Service Account User
Start by authenticating your service account user to obtain an authorization token.
Check out the Password
Now that you have an authentication token, you can checkout a password:
- Obtain the ID of the account that you wish to check out a password for using one of the following options:
a. Via the Admin Portal: access your Admin Portal, navigate to Reports > New Report > Script and enter the following query:
Select ID from VaultAccount where User = "Administrator"
b. Programmatically: invoke the /RedRock/query endpoint and specify the following query in the JSON body of the request:
POST /RedRock/Query
{
"Script":"Select ID from VaultAccount where User = \"Administrator\""
}
The response contains one or more account ID’s in the Results
element:
{
"success": true,
"Result": {
"IsAggregate": false,
"Count": 1,
"Columns": [
{
"Name": "ID",
"IsHidden": false,
"DDName": "_ID",
"Title": "ID",
"DDTitle": "ID",
"Description": "Row Identifier (primary key)",
"Type": 12,
"Format": null,
"Width": 0,
"TableKey": "Primary",
"ForeignKey": null,
"TableName": "VaultAccount"
}
],
"FullCount": 1,
"Results": [
{
"Entities": [
{
"Type": "VaultAccount",
"Key": "1234512-1234-1234-87c2-12345aa198b9",
"IsForeignKey": false
}
],
"Row": {
"ID": "1234512-1234-1234-87c2-12345aa198b9"
}
}
],
"ReturnID": ""
},
"Message": null,
"MessageID": null,
"Exception": null,
"ErrorID": null,
"ErrorCode": null,
"InnerExceptions": null
}
Note: sample projects such as the PowerShell sample project all have examples on making Redrock queries.
- Invoke /ServerManage/CheckoutPassword to checkout a password, passing the ID in the JSON body of the request. For example:
POST /ServerManage/CheckoutPassword
{
"ID":"1234512-1234-1234-87c2-12345aa198b9",
"Lifetime": 1000,
"Description":"Checkout for testing"
}
The response contains the password for the account:
{
"success": true,
"Result": {
"COID": "9082477",
"Password": "abc1234"
},
"Message": null,
"ErrorID": null
}
Check in the Password
To check in the password:
- Invoke /ServerManage/CheckinPassword passing the
COID
value received when the password was checked out. For example:
POST /ServerManage/CheckinPassword
{
"ID":"9082477"
}
{
"success": true,
"Result": null,
"Message": null,
"ErrorID": null
}
Updated about 5 years ago