# Delinea Secret Server ### Overview The Veza integration for Delinea Secret Server enables the discovery of Users, Groups, Roles, and permissions from the Delinea Secret Server platform. Veza uses Delinea APIs to populate the Access Graph with entities and metadata. This document explains how to enable and create a Delinea Secret Server integration. See **notes and supported entities** for more details. ### Configuring Delinea Secret Server Before adding the integration to Veza, create or select a user account for the connection. To create a single user on the Delinea Secret Server platform, browse to your Delinea instance as an administrator, go to **Admin** -> **User Management**, then select **Create User** Once the user account has been created or identified, record the username and password for the account, then ensure that the account is assigned the following roles: 1. [View Group Roles](https://docs.delinea.com/online-help/secret-server/users-roles/roles/role-permission-list/index.htm#ViewGroupRoles) 2. [View Groups](https://docs.delinea.com/online-help/secret-server/users-roles/roles/role-permission-list/index.htm#ViewGroups) 3. [View Roles](https://docs.delinea.com/online-help/secret-server/users-roles/roles/role-permission-list/index.htm#ViewRoles) 4. [View Teams](https://docs.delinea.com/online-help/secret-server/users-roles/roles/role-permission-list/index.htm#ViewTeams) 5. [View Users](https://docs.delinea.com/online-help/secret-server/users-roles/roles/role-permission-list/index.htm#ViewUsers) ### Configuring Delinea Secret Server on the Veza Platform To enable Veza to gather data from the Delinea Secret Server platform: 1. In Veza, open the Integrations page. 2. Click *Add New* and pick Delinea as the type of integration to add. 3. Select an authentication method and enter the required information. 4. Click *Save* to create the integration. #### Authentication methods Veza supports two authentication methods for Delinea Secret Server: **Password authentication** | Field | Notes | | ------------ | ------------------------------------------------------------------------------------------- | | **Name** | A unique display name for the Delinea Secret Server connection | | **Url** | The URL of the Delinea Secret Server instance (ex. `https://example.secretservercloud.com`) | | **Username** | The username of the account created or selected above | | **Password** | The password of the account created or selected above | **OAuth2 client credentials (Early Access)** {% hint style="info" %} OAuth2 client credentials authentication requires the feature to be enabled for your tenant. Contact your Veza account team to request access. {% endhint %} | Field | Notes | | ----------------- | ------------------------------------------------------------------------------------------- | | **Name** | A unique display name for the Delinea Secret Server connection | | **Url** | The URL of the Delinea Secret Server instance (ex. `https://example.secretservercloud.com`) | | **Client ID** | The client ID of the application account | | **Client Secret** | The client secret of the application account | | **App ID** | The application ID used in the token endpoint path | | **Scope** | (Optional) OAuth2 scope | ### Notes and Supported Entities The connector discovers the following entities and attributes: #### Delinea Secret Server User | Attribute | Notes | | ------------------------ | -------------------------------------------------------------------------------------- | | `created_at` | The timestamp of user account creation | | `email` | The user's email address | | `external_user_source` | The external IdP source that created the user account | | `is_active` | Boolean true if the user account is not disabled | | `is_application_account` | Boolean true if the account is designated an application account used for integrations | | `is_locked_out` | Boolean true if the user account is locked out and unable to log in | | `last_login_at` | The timestamp when the user account last logged on | | `login_failures` | Integer count of failed login attempts after the account's last successful login | | `two_factor_method` | Indicates if the user account has a two-factor method configured | #### Delinea Secret Server Group | Attribute | Notes | | ------------------ | ----------------------------------------------------------------------------------------------------------- | | `can_edit_members` | Boolean true if group membership can be altered | | `created_at` | The timestamp when the group was created | | `has_owners` | Boolean true if the group has one or more assigned owners | | `is_active` | Boolean true if the group is not disabled | | `is_editable` | Boolean true if the group name and details can be changed | | `is_platform` | Boolean true if the group is defined on the Delinea platform (*not* on the Secret Server instance directly) | | `is_system` | Boolean true if the group is predefined by the Secret Server platform | #### Delinea Secret Server Role | Attribute | Notes | | --------- | -------------------------------------------- | | `id` | The ID of the role on the Delinea platform | | `name` | The name of the role on the Delinea platform | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/delinea-secret-server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.