Configuring the Adaptable Log Channel object

As with other Venafi application drivers, you should review the Getting started: automating certificate enrollment and provisioning before setting up the Adaptable Log Channel driver.

Creating and configuring an Adaptable Log Channel object is similar to creating any other application object, except that you must specify the PowerShell script you want to use.

NOTE  Before you attempt to create CA template, device, or application objects, you must enable the create permission under the folder where you want to create the new object. For more information, see Permissions overview.

To create and configure a new Adaptable Log Channel object

  1. Log in to Policy Tree.
  2. Select the Logging tree in the Tree drop-down menu.
  3. In the Logging tree, click Channels > Add > Adaptable.

  4. In the Adaptable Logging Channel Name field, type a name for the new application object.
  5. Under Adaptable Logging Channel Settings, do the following:
    1. In the Service Address field, type the network address (e.g. URL) of the service with which the Adaptable Log Channel driver will interact.
    2. Click next to Credential to browse for the credential object that you want to use to authenticate.

      NOTE  If you're connecting to the Venafi Web SDK, leave this field empty since you'll be specifying a credential in the WebSDK OAuth Token Configuration settings.

      Credential objects store the credentials Trust Protection Platform uses to authenticate with devices, applications, and CAs. The stored credential may be a password, a user name and password, a certificate, or a private key.

      NOTE  The user account you select must have Read and Write access to the Temporary, Private Key, and Certificate directories.

      For more information, see Working with system credentials.

    3. (Optional) (Conditional) If you need to select another credential, then from the Secondary Credential field, select a username, certificate, password, or CyberArk credential object.

      TIP  Use this option to avoid having to hard code additional credentials in your script or having to utilize other solutions outside of Trust Protection Platform.

    4. From the PowerShell Script list, select your custom PowerShell script.

      Your custom scripts must be in the Venafi\Scripts\AdaptableLog folder in order to appear in this list.

      BEST PRACTICE  You should consider placing Adaptable scripts on all of your Trust Protection Platform servers so that you don't have to worry about the roles those servers are performing.

      Adaptable Log Channel scripts must be placed on both the server that's hosting the Venafi web-based console, and any other servers where you're running Venafi's Log servers. For both the Adaptable CA and Adaptable Application drivers, PowerShell scripts must be placed on the Venafi server that hosts Policy Tree, as well as on processing engines that are used for enrolling or provisioning work.

      For an explanation of the various Trust Protection Platform administration consoles, see About Venafi Trust Protection Platform administration consoles.

    5. (Optional) If you want to enhance troubleshooting capabilities of your Adaptable Log ChannelAdaptable Flow, select the Enable Debug Logging check box.

      For information about how enabling this option works with the PowerShell script, see About debug logging in the Adaptable Log Channel Adaptable Flow PowerShell script reference.

  6. (Optional) If your application will connect to the Venafi Web SDK, then complete the WebSDK OAuth Token Configuration settings:

    Setting

    Description

    OAuth Token Application ID Enter the application ID of the API application integration you should have created previously, as described in Adaptable Log Channel prerequisites.
    OAuth Token Credential

    Select the username credential of the service account that has been granted access to the Client ID of the API Application. See Adaptable Log Channel prerequisites.

    In this context, the username credential identifies the user (identity) for whom the token is being requested. It also verifies whether you have the required permissions within your organization to enable the script to authenticate as the selected user. This security measure prevents users from impersonating another user.

    OAuth Token Scope

    (Optional) Enter one or more of the scopes assigned to your API application. For example, Certificates: Manage. Leave this field blank if you want to include all defined scopes.

    To learn more about scopes and restrictions, see Scopes for token.

    NOTE  If your application is not connecting to the Web SDK, leave all of these fields blank.

  7. (Conditional) If your script includes customized fields, enter the desired static text or macro commands.

    Refer to the sample in the topic, Example: creating a ServiceNow incident for expiring certificates.

    For more information about Venafi's macros, see Macro commands.

  8. When you're finished, click Save.

IMPORTANT  If you make changes to the PowerShell script used by an Adaptable Log Channel, you must open the corresponding log channel object and click Save to force the driver to re-read the script. Typically, the updated script becomes active in less than 60 seconds after saving the channel object.

Related Topics Link IconRelated Topics