Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?
App Creation in SecurEnds Tool #
  • Log into the SecurEnds application as the Admin. Go to Applications
  • Click the Add button next to it to begin configuration.
Setup Application #
  1. Select Data Ingestion method (radio button) for Flex Connector
  2. Provide an application Name
  3. Select an Agent option. The Agent is software is required to be installed on the clients on premise environment in order to pull data from applications such as Active Directory, Databases and Custom Applications.
    • Select Remote if you have an Agent Software already installed
      • The server where the agent is installed needs to have connectivity to the database.
      • If an agent is required, contact your implementation consultant or submit a ticket via the SecurEnds Help Desk using the Report Issue link in the upper right corner of the application.
    • Select Local if the client has a SaaS database. No agent install is required.
      • You will need to whitelist the SecurEnds IP’s. Your Implementation Consultant can provide these.
  4. Select Match By logic as Default(Email or FirstName and LastName) or Employee Id
    • Default(Email or FirstName and LastName)
      • The system will match the user using an Email Address available from the application; OR by First Name and Last Name when a sync is performed. This OR for the matching is done for each row. For example, if an email address is present, that will be used to match the user to an email address found in the System of Record. If the email address is not present, then the first and last name will be used to match the user to a correct identity from the System of Record.
    • Employee Id
      • The system will only match the Employee ID while syncing. This “ID” for the user in the application must be present within the System of Record data in order to be matched. First name, last name or email address is no longer a required data point.
  5. Select Include Inactive Users to fetch all users while sync
    • Yes
      • All the Active status users along with all Inactive/Disabled status users within the application data will attempted to be matched to an identity within the System of Record and if a match is found, these users will be included in any campaigns against this application.
    • No
      • Only Active status user users within the application data will attempted to be matched to an identity within the System of Record and if a match is found, these users will be included in any campaigns for against the application.
  6. Include Entitlements
    • Yes
      • Will load the entitlement data from the application data when synced.
    • No
      • Use if the client only want the user credentials from this application data (for credential access reviews).

Configure Application #

To Configure the Application follow the below instructions

  1. Select/highlight the Application Connection Type as DB Extract
  1. Provide the details below to connect with Applications using Flex connector
    • DB UserName to login into the domain.
      • Windows authentication is not supported. The service account must be created on the database server.
      • For example: SecurEndsUser
    • Provide the DB Password
      • For example: dkjsde7y7hu3#%
    • Provide the DB Url
      • For example: jdbc:mysql://ipaddress:3306/
      • For example: jdbc:mysql://DataHub.domainname.com:1433;DatabaseName=DBHB_DataHub
    • Provide the DB Driver Name
      • For example: com.microsoft.sqlserver.jdbc.SQLServerDriver
  1. Select the DB Details radio button as below if the application data exists in a single table
  1. Select SQL Query to extract data if the application data exists across several tables

  1. When selecting the SQL option. The SQL statement needs to have specific SecurEnds alias’ referenced. Each alias mentioned below are SecurEnds data fields and the data from the client database table(s) needs to map to these using a SQL statement. This is also applicable when mapping to columns in a clients table using the DB Detail option (item 3 above).
  • commonNameColumn (mandatory) – this is the username or login credential to the application. i.e. userid, employeed id, email address
  • iamUserColumn (optional) – can be the same as the data you map to commonNameColumn
  • distiguishedNameColumn (mandatory) – can be username, email address, full name. Any data point which is unique.
  • firstNameColumn – Depends on matching option selected. See item 4 in the Setup Application above.
    • Default(Email or FirstName and LastName) option selected in item 4 of Setup Application.
      • Optional – If an email address is present in the data for a particular record.
      • Mandatory – If an email address is NOT present in the data for a particular record.
    • Employee Id matching option selected in item 4 of Setup Application.
      • Optional
  • lastNameColumn – Depends on matching option selected. See item 5 in the Setup Application above.
    • Default(Email or FirstName and LastName) option selected in item 5 of Setup Application.
      • Optional – If an email address is present in the data for a particular record.
      • Mandatory – If an email address is NOT present in the data for a particular record.
    • Employee Id matching option selected in item 5 of Setup Application.
      • Optional
  • middleNameColumn (optional) – can be a name or initial
  • emailColumn – Depends on matching option selected. See item 4 in the Setup Application above.
    • Default(Email or FirstName and LastName) option selected in item 4 of Setup Application.
      • Optional – If the First and Last name of the user are present in the data for a particular record.
      • Mandatory – If the First and Last name are NOT present in the data for a particular record.
    • Employee Id matching option selected in item 4 of Setup Application.
      • Optional
  • managerColumn (optional)
  • entitlementCNColumn – This column will have the data which represents the user permissions or roles.
    • Depends on Entitlement option selected. See item 6 in the Setup Application above.
      • If selected Entitlement = YES, alias is mandatory
      • If selected Entitlement = NO, alias is optional.
  • entitlementDNColumn – Same as entitlmentDNColumn alias. Data needs to map to the same field that was mapped to the entitlmentCNColumn alias.
  • user_role (optional) – use same entitlementDNColumn mapping
  • entitlementDescriptionColumn (optional) – Client can provide a business friendly description of the entitlement or permission that was mapped to the entitlmentCNColumn alias.
  • accessStatusColumn (optional) – represents the status if the users credntial within the application. If data is mapped to this alias, the values need to be on of Active, Inactive or Terminated.
  • location (optional) – geographic location of the user
  • department (optional) – department that the user is a member of
  • userid – this is the username or login credential to the application. Place Employee ID here if matching by Employee ID.
    • optional – if matching using the Default(Email or FirstName and LastName) option.
    • mandatory – if matching using the Employee Id matching option
  1. Sample SQL statement – replace with the client data attribute within the [ ]
SELECT
[app credential attribute] as commonNameColumn,
[app credential attribute] as iamUserColumn,
[email address or app credential or user full name attribute] as distiguishedNameColumn,
[user first name attribute if email address not present] as firstNameColumn,
[user last name attribute if email address not present] as lastNameColumn,
[user middle name or initial attribute - Optional] as middleNameColumn,
[email address attribute if present] as emailColumn,
[manage name attribute - Optional] as managerColumn,
[entitlement, permission or role attribute] as entitlementCNColumn,
[entitlement, permission or role attribute] as entitlementDNColumn,
[business description of the entitlement/permission/role attribute] as entitlementDescriptionColumn,
[user status attribute: Active, Inactive or Terminated] as accessStatusColumn,
[Location attribute - Optional] as location,
[Department attribute - Optional] as department,
[app credential or employee id attribute if matching by this attribute] as userid
FROM [name of client table or SQL view]
  1. You can also invoke Stored Procedure
Ticketing System Configuration #

For more information on Ticketing System Configuration, Click here.

Click Save once finished to add the connector.

Powered by BetterDocs