Configuring the Adaptable Log Channel object

As with other Venafi application drivers, you should review the Getting started: automating certificate enrollment and provisioning before setting up the Adaptable Log Channel driver.

Creating and configuring an Adaptable Log Channel object is similar to creating any other application object, except that you must specify the PowerShell script you want to use.

NOTE Before you attempt to create CA template, device, or application objects, you must enable the create permission under the folder where you want to create the new object. For more information, see Permissions overview.

To create and configure a new Adaptable Log Channel object

Log in to Policy Tree.
Select the Logging tree in the Tree drop-down menu.
In the Logging tree, click Channels > Add > Adaptable.
In the Adaptable Logging Channel Name field, type a name for the new application object.
Under Adaptable Logging Channel Settings, do the following:
1. In the Service Address field, type the network address (e.g. URL) of the service with which the Adaptable Log Channel driver will interact.
2. Click next to Credential to browse for the credential object that you want to use to authenticate.
  NOTE If you're connecting to the Venafi Web SDK, leave this field empty since you'll be specifying a credential in the WebSDK OAuth Token Configuration settings.
  Credential objects store the credentials Trust Protection Platform uses to authenticate with devices, applications, and CAs. The stored credential may be a password, a user name and password, a certificate, or a private key.
  NOTE The user account you select must have Read and Write access to the Temporary, Private Key, and Certificate directories.
  For more information, see Working with system credentials.
3. (Optional) (Conditional) If you need to select another credential, then from the Secondary Credential field, select a username, certificate, password, or CyberArk credential object.
  TIP Use this option to avoid having to hard code additional credentials in your script or having to utilize other solutions outside of Trust Protection Platform.
4. From the PowerShell Script list, select your custom PowerShell script.
  Your custom scripts must be in the Venafi\Scripts\AdaptableLog folder in order to appear in this list.
  BEST PRACTICE You should consider placing Adaptable scripts on all of your Trust Protection Platform servers so that you don't have to worry about the roles those servers are performing.
  Adaptable Log Channel scripts must be placed on both the server that's hosting the Venafi web-based console, and any other servers where you're running Venafi's Log servers. For both the Adaptable CA and Adaptable Application drivers, PowerShell scripts must be placed on the Venafi server that hosts Policy Tree, as well as on processing engines that are used for enrolling or provisioning work.
  For an explanation of the various Trust Protection Platform administration consoles, see About Venafi Trust Protection Platform administration consoles.
5. (Optional) If you want to enhance troubleshooting capabilities of your Adaptable Log ChannelAdaptable Flow, select the Enable Debug Logging check box.
  For information about how enabling this option works with the PowerShell script, see About debug logging in the Adaptable Log Channel Adaptable Flow PowerShell script reference.

(Optional) If your application will connect to the Venafi Web SDK, then complete the WebSDK OAuth Token Configuration settings:

Setting	Description
OAuth Token Application ID	Enter the application ID of the API application integration you should have created previously, as described in Adaptable Log Channel prerequisites.
OAuth Token Credential	Select the username credential of the service account that has been granted access to the Client ID of the API Application. See Adaptable Log Channel prerequisites. In this context, the username credential identifies the user (identity) for whom the token is being requested. It also verifies whether you have the required permissions within your organization to enable the script to authenticate as the selected user. This security measure prevents users from impersonating another user.
OAuth Token Scope	(Optional) Enter one or more of the scopes assigned to your API application. For example, Certificates: Manage. Leave this field blank if you want to include all defined scopes. To learn more about scopes and restrictions, see Scopes for token.

Setting

Description

OAuth Token Application ID

Enter the application ID of the API application integration you should have created previously, as described in Adaptable Log Channel prerequisites.

OAuth Token Credential

Select the username credential of the service account that has been granted access to the Client ID of the API Application. See Adaptable Log Channel prerequisites.

In this context, the username credential identifies the user (identity) for whom the token is being requested. It also verifies whether you have the required permissions within your organization to enable the script to authenticate as the selected user. This security measure prevents users from impersonating another user.

OAuth Token Scope

(Optional) Enter one or more of the scopes assigned to your API application. For example, Certificates: Manage. Leave this field blank if you want to include all defined scopes.

To learn more about scopes and restrictions, see Scopes for token.

NOTE If your application is not connecting to the Web SDK, leave all of these fields blank.

(Conditional) If your script includes customized fields, enter the desired static text or macro commands.

Refer to the sample in the topic, Example: creating a ServiceNow incident for expiring certificates.

For more information about Venafi's macros, see Macro commands.
When you're finished, click Save.

IMPORTANT If you make changes to the PowerShell script used by an Adaptable Log Channel, you must open the corresponding log channel object and click Save to force the driver to re-read the script. Typically, the updated script becomes active in less than 60 seconds after saving the channel object.