ASG remote desktop integration with KeyHub

ASG remote desktop can read vault records from KeyHub. This includes the rotating password. The following steps will guide you through the process of configuring ASG remote desktop and KeyHub.

Prerequisite

  • A KeyHub group for the application.

You can either use an existing group or create a new one. The members of this group will be able to read their vaults using ASG remote desktop.

In the KeyHub console

Step 1

Create a new OIDC app

  • Select MANAGE ACCESS.

  • Click ADD.

  • Select OAuth2/OIDC from the Type dropdown.

add oidc001

Step 2

  • Choose an appropriate name (eg. ASG remote desktop).

  • Choose the technical administration group (can be the group you chose earlier).

  • Choose the ownership group (can be the same group).

  • In the Application URIs you need to add "http://localhost:3017".

  • In scope you need to select Profile and Access your vaults.

  • Click SAVE.

  You need to copy the Secret to add to ASG remote desktop now. It will not be visible again.

You can also make note of the Client identifier. You will need it later.

group001

Step 3

  • Select the group tab.

  • Add the KeyHub group you want to use.

 group004

  • Done!

In ASG Remote desktop manager

Step 1

  • Select Tools.

  • Select Settings.

asg guide002

Step 2

  • Under Environment choose Extensions.

  • Select Topicus KeyHub integration.

  • Click OK.

  • A popup will notify you that ASG needs to restart. Click Yes.

 asg guide003

Step 3

  • Navigate back to Tools, Settings and select Topicus KeyHub.

  • Fill in your KeyHub host URL (in our case "https://test.topicus-keyhub.com").

  • Fill in the Client ID noted earlier.

  • Fill in the Client secret noted earlier.

  • Click OK.

asg guide005

Step 4

  • Create a new private folder.

asg guide011

asg guide012

  • Right click the created folder and select Properties.

asg guide014

  • Select Topicus KeyHub.

  • Click Synchronize now.

asg guide017

A browser tab will open.

  • Log in to KeyHub.

  • Approve the access.

asg screens dl2006

  You can ignore the unreachable webpage that pops up.

ASG will show a popup that the synchronization has finished.

  • Click OK twice.

You will see that the vaults you are allowed to access in KeyHub now show up in the created folder.

Step 5

create a credential for your KeyHub rotating password.

  • Right click the created folder and select New, Credential.

  • In General you only need to fill in a name.

asg guide007

  • In Options you will need to fill in your KeyHub username.

  • You will also need to fill in a password. This can be anything as it will be overwritten by the rotating password on synchronization.

  • For domain accounts you will also need to fill in the domain name.

asg guide008

  • In Topicus KeyHub you need to select Use rotating password option. 

asg guide009

  • Click OK.

  • Rightclick the folder containing this credential and select Get Rotating Password.

 get rotating

ASG will show a popup that the synchronization has finished.

  • Done!