Configuring the Adaptable Log Channel object

Creating and configuring an Adaptable Log Channel object is similar to creating any other application object, except that you must specify the PowerShell script you want to use. However, in the case of Adaptable Log you can also make these configuration settings in Venafi Configuration Console or in the Tools MMC snap-in.

NOTE  Before you attempt to create CA template, device, or application objects, you must enable the create permission under the folder where you want to create the new object. For more information, see Permissions overview.

To create and configure a new Adaptable Log Channel object

  1. In Venafi Configuration Console (VCC) browse to the Tools Logging Channels node.
  2. In the Add Channels section of the Actions panel, click Adaptable.
  3. Provide the name you want to use for the new Adaptable Log channel, then click Add.
  4. In the channel settings, configure the following:

    1. In the Service Address field, type the network address (e.g. URL) of the service with which the Adaptable Log Channel driver will interact.
    2. Click Credential to browse for the location of the credential object that you want to use to authenticate.

      NOTE  If you're connecting to the Venafi Web SDK, leave this field empty since you'll be specifying a credential in the WebSDK OAuth Token Configuration settings.

      Credential objects store the credentials Trust Protection Platform uses to authenticate with devices, applications, and CAs. The stored credential may be a password, a user name and password, a certificate, or a private key.

      NOTE  The user account you select must have Read and Write access to the Temporary, Private Key, and Certificate directories.

      If you need help with this, see your System Administrator.

      For more information, see Working with system credentials.

    3. (Optional) (Conditional) If you need to select another credential, then from the Secondary Credential field, select a username, certificate, password, or CyberArk credential object.

      TIP  Use this option to avoid having to hard code additional credentials in your script or having to utilize other solutions outside of Trust Protection Platform.

    4. From the PowerShell Script list, select your custom PowerShell script.

      Your custom scripts must be in the\Venafi\Scripts\AdaptableLog\ folder in order to appear in this list.

      BEST PRACTICE  You should consider placing Adaptable scripts on all of your Trust Protection Platform servers so that you don't have to worry about the roles those servers are performing.

      Adaptable Log Channel scripts must be placed on both the server that's hosting the Venafi web-based console, and any other servers where you're running Venafi's Log servers. For both the Adaptable CA and Adaptable Application drivers, PowerShell scripts must be placed on the Venafi server that hosts Policy Tree, as well as on processing engines that are used for enrolling or provisioning work.

      For an explanation of the various Trust Protection Platform administration consoles, see About Venafi Trust Protection Platform administration consoles.

    5. (Optional) If you want to enhance troubleshooting capabilities of your Adaptable Log ChannelAdaptable Flow, select the Enable Debug Logging check box.

      For information about how enabling this option works with the PowerShell script, see About debug logging in the Adaptable Log Channel Adaptable Flow PowerShell script reference.

  5. (Optional) If your application will connect to the Venafi Web SDK, then complete the WebSDK OAuth Token Configuration settings:

    Setting

    Description

    OAuth Token Application ID Enter the application ID of the API application integration you should have created previously, as described in Adaptable Log Channel prerequisites.
    OAuth Token Credential

    Select the username credential of the service account that has been granted access to the Client ID of the API Application. See Adaptable Log Channel prerequisites.

    In this context, the username credential identifies the user (identity) for whom the token is being requested. It also verifies whether you have the required permissions within your organization to enable the script to authenticate as the selected user. This security measure prevents users from impersonating another user.

    OAuth Token Scope

    (Optional) Enter one or more of the scopes assigned to your API application. For example, Certificates: Manage. Leave this field blank if you want to include all defined scopes.

    To learn more about scopes and restrictions, see Scopes for token.

    NOTE  If your application is not connecting to the Web SDK, leave all of these fields blank.

  6. (Conditional) If your script includes customized fields, enter the desired static text or macro commands.

    Refer to the sample in the topic, Example: creating a ServiceNow incident for expiring certificates.

    For more information about Venafi's macros, see Macro commands.

  7. When you're finished, click OK.

IMPORTANT  If you make changes to the PowerShell script used by an Adaptable Log Channel, you must open the corresponding log channel object and click Save to force the driver to re-read the script, which will happen almost instantly.

Related Topics Link IconRelated Topics