Configuring the Key Manager Zero Trust Connectivity

To set up Key Manager to connect to your PrivX installation:

1. Configure an API-client entry in PrivX, following the instructions for defining the permissions of the API client provided in the PrivX documentation: https://privx.docs.ssh.com/docs/api-client-integration

   The permissions the API client needs are:

   • roles-view

   • roles-manage

   • users-view

   • users-manage

   • hosts-view

   • hosts-manage

   • settings-view

   • authorized-keys-manage

2. In Key Manager, navigate to Settings→General→SSH Product Integrations page, and add the credentials generated by following the API-client creation in PrivX:

   • PrivX server URL: insert the base URL of the PrivX installation here.

   • PrivX landing page path: insert the URL path of the page that users will see when they switch to PrivX. The default value, /, takes the user to the home page.

   • PrivX oauth client id: copy the OAuth client ID found by viewing the PrivX API client Credentials in PrivX GUI in Administration→Deployment→Integrate with PrivX using API clients, where you view them by expanding the Credentials section of your API client.

   • PrivX oauth client secret: copy the OAuth client secret found by viewing the PrivX API client Credentials.

   • PrivX api client id: copy the API client ID found by viewing the PrivX API client Credentials.

   • PrivX api client secret: copy the API client secret found by viewing the PrivX API client Credentials.

   • PrivX CA certificate: copy the TLS Trust Anchor from PrivX. You can find the TLS Trust Anchor from the PrivX GUI when navigating to Administration→Deployment→Integrate with PrivX using API clients, and scrolling to the bottom of the page.