Action1 has the concept of an Enteprise and Organizations.
Users are managed at Enterprise level, and endpoints are assigned per organization.
You can create service accounts and assign permissions and a scope to each service account. E.g. if you are an MSP and want to only assign access to a specific orgnaization, then you can create a service account and associated scoped role, and Trelica will just read endpoints for the nominated organization.
If multiple organizations are in scope, Trelica will request that you select one when connecting.
Create a new role
Go to Roles and click New Role:
Enter a Role name and click Add Permission:
Choose a permission from the list, e.g. View Endpoints
In the dialog that appears, select the scope to include, e.g. Organization:
Pick the specific organization to restrict the scope to:
Assign the following permissions, based on the features you require:
| Feature | Permissions | Scope |
|---|---|---|
| Endpoints | View Endpoints, View Installed Software | Organization |
| Users | Manage Users, Manage Roles, View Audit Trail | Enterprise |
| Provisioning | Manage Users, Manage Roles | Enterprise |
| Deprovisioning | Manage Users, Manage Roles | Enterprise |
When you're done, click Create role
Now choose Users & API Credentials and click New API Credentials:
Enter a name for the credential and select the role you created earlier:
Click Proceed.
Copy and paste the Client id and Client Secret to Trelica.
Trelica also needs to know the base URL for your Action1 instance. This is shown in the Authenticate request or in the browser address bar, e.g. https://app.eu.action1.com.
Comments
0 comments
Please sign in to leave a comment.