AppRole

Configure AppRole authentication to complete the connection setup.

Note
The linked documents on this page are not maintained by SailPoint and are subject to change without notice.

1. Do the following in the HashiCorp Vault (On-Premise) server to configure the authentication Role:

   1. Enable the AppRole authentication using the following command:

      vault auth enable approle

   2. Create a new Role for AppRole authentication method using the HashiCorp API. Be sure to add the required policies for AppRole to access the secrets. For more information, refer to Create/Update AppRole in the HashiCorp documentation.

   3. Read the Role ID for the new Role using the HashiCorp API. For more information, refer to Read AppRole role ID in the HashiCorp documentation.

   4. Create a Secret ID for the new Role using the HashiCorp API. For more information, refer to Generate new secret ID in the HashiCorp documentation.

      Important
      While creating the Secret ID, keep the values for num_uses and ttl set to 0.

2. In SailPoint, enter the configuration parameters to use the HashiCorp AppRole authentication.

   1. Enter the URL-encoded Authentication Provider Path used to authenticate with the HashiCorp Vault (On-Premise) secret server.

      Important
      Don't encode the last slash (/) in your Authentication Provider path. For example, if your Authentication Provider path is xyz/pqr abcd/, then encode only xyz/pqr abcd.

      Tip
      Use urlencoder.org to encode your URL attributes.

   2. Enter the Role ID and its Secret ID created in the HashiCorp Vault (On-Premise) server.

3. (Optional) Enable credential caching. For more information, refer to Caching Credentials.

4. Select Save.