Skip to main content

Hi community,

we have in our environment for each Windows Server a separated workgroup in active directory.

I’ve seen there is no convenient way with SMART Rules to onboard the System as a Managed System with Linked Account and to make it available for each Workgroup. 

So I’m now thinking about to onboard the system via API Calls. What REST Calls are necessary to onboard the Windows Systems like in the documentation of the API Doc

Does somebody has some experiences to onboard like this way? 

And How can I put the the rights to the User groups over API to Quick Rules? 

An example in PowerShell would be really great, but other script are also welcome. 

 

Regards

Arno

Hello ​@Arno 

If the Windows Servers are in Active Directory you can create an Asset smart rule based on a directory query to scan and onboard the Assets. The “Manage Assets using Password Safe” action will onboard the asset as a managed system.
To link the accounts to managed systems use a Managed Account smart rule with the "Link domain accounts to Managed Systems" action.


You can also onboard using API Calls. Please have a look at the workflow in our guide.
https://docs.beyondtrust.com/bips/docs/api#workflow

To Create and manage an asset, create a managed account, create a managed account quick rule, create/provision an LDAP/AD/BeyondInsight user group, grant Read access to new Smart Rule with requester role and access policy.
You can use this workflow.
POST /Auth/SignAppin
POST /Workgroups/{ID}/Assets
POST /Assets/{assetId}/ManagedSystems
POST /ManagedSystems/{managedSystemId}/ManagedAccounts
POST /QuickRules
POST /UserGroups
POST /UserGroups/{userGroupId}/SmartRules/{smartRuleId}/Roles
POST /Auth/Signout

For details on the individual API call please have a look at our API Guide.
https://docs.beyondtrust.com/bips/docs/api


Reply