Provide a new application

For access by applications, separately from common users, senhasegura has the A2A module where each application will have its access group. Also, implementing the single privilege principle where an application will not have access to the same information as another application.

Create and edit an application

To create a new authorization, go to A2A ➔ Application Authorizations.

1. Click on the ⁝ icon
2. Click on the + New application option
3. Add the following information:

• Application name
• Using OAuth signing
  • OAuth 1.0
  • OAuth 2.0
  • AWS
• Active: Add to know if the application can be used or not.
• Tags: Add identification tags
• Description: Add the information you want about the application
• Amazon AWS ARNs: Only if AWS Authentication Method

Authorizations

To create a new authorization, go to A2A ➔ Applications

1. Click on the ⁝ icon
2. Click on the Authorizations option
3. Click on the ⁝ icon
4. Click on the + New option
5. To edit the desired authorization, click Click the authorization icon ⁝ and select change
6. Add the information needed

Settings

• Expiration date: Period the authorization will be active
• Active: Add to know if the application can be used or not.
• Environment: Environment in which authorization will be active
• System: System in which authorization will be active

Safety

• Authorized Resources: Use to limit which resources and products the user will have access to
  • PAM Core: Provisioning and querying credentials, SSH keys, and other protected information from the PAM module.
  • Certificate Manager: Requests, consultation, signature, and other activities of the Certificate Manager module
  • Task Manager: Creating and Changing Task Manager Module Activities
  • Dashboard: Knowledge and consumption of data printed on dashboards.
  • Web Proxy Session: Authenticated URL for starting a web session on devices previously registered in the Web Proxy.
  • A2A: Consultation and registration of A2A applications.
• PAM resource permissions
  • Read-only: The user will have view-only access
  • Read and Write: the user will have access to view, edit and delete any data

• Enable encryption of sensitive information: When enabling this option, sensitive information such as passwords and secrets will be returned in encrypted API calls. To decrypt the information, just use the private key available in the authorization settings.
• Authorized IPs: Use it to limit which IPs the user will have access to.

• Authorized HTTP referrers: To define from which previous web address requests will be allowed. Learn more about HTTP refers here.
• Certificate Validation: Allows you to add a certificate as an additional security layer from fingerprint validation. When enabling, in addition to the OAuth authentication data, for example, the certificate sent in the request will also be validated.

Credentials

• Access Credential: Use an IP, hostname, or Username to add a credential registered in PAM CORE
• Create a new credential: Create a credential if you don't have one active.

• Device: Enter the Device
• Username: Enter the username
• Password: Add a password

Devices

• Devices: Add the desired devices that are registered in Devices

Protected information

• Protected Information: Add the desired Personal Vault information

Authorization by application

To see a complete list of all authorizations by application, access menu A2A ➔ Authorizations by application. On this screen, in addition to viewing the details of each authorization by application, it is possible to edit an existing authorization and create a new one.

Export Logs

To export log data, just access the menu A2A ➔ Logs

1. Click the ⁝ icon
2. Select the Export CSV option

3.