SCCM Service Graph Connector: Using windows Credentials (as opposed to SQL) + CyberArk

stevemac
Tera Guru

‎07-19-2023 05:53 AM

Version: Tokyo

 

Hi,

 

New to Service Graph Connectors and we're trying to get the SCCM one to work.

 

Current State

  • SCCM SQL credentials provisioned and stored in a JDBC credential record on the instance
  • Connection record defined
  • Successfully importing and transforming data from a non-prod SCCM instance (still validating the data)

 

Goals  

  • Use Windows credentials (that have access to execute on the SCCM database)
  • Windows credentials stored in CyberArk
  • if Windows credentials cannot be used - then store SQL creds in CyberArk

Hoping someone can:

  • explain how integrated authentication works
  • confirm if they are able to use Windows Credentials with the SCCM connector and give some advice on how how to configure it
  • if they are using CyberArk to store the creds - what type of ServiceNow credential record is being used (i.e. still JDBC?)

will be doing more testing tomorrow and will update accordingly

 

thanks,

 

Steve

 

0 Helpfuls
  • 883 Views
1 REPLY 1

Prabu Velayutha
Mega Sage
Mega Sage

‎07-19-2023 07:46 AM - edited ‎07-19-2023 07:54 AM

 

  • Explain how integrated authentication works - I have provided some details below about integrated authentication
  • confirm if they are able to use Windows Credentials with the SCCM connector and give some advice on how how to configure it - Yes I'm using a windows credential for SCCM integration
  • if they are using CyberArk to store the creds - what type of ServiceNow credential record is being used (i.e. still JDBC?) No, need to save the credentials in the instance, it should be configured on the Mid server, find the details below. 

 

For Integrated authentication you need to mention the credentials in the Mid Server.

1.Login to the Mid Server used for SCCM integration and then open the Mid Services through Services.MSC

2. In the logon tab enter the cyberark username and password for SCCM DB

PrabuVelayutha_0-1689777871177.png

 

Note: CyberArc password should have 365day expiry, normally the cyberarc rotates password every week that can cause integration to break so make sure to verify and change the password rotation policy, I faced this issue, it was a pain to update the password weekly. You should have access to the Cyberarc password vault safe to checkout the credentials.

4. On the SCCM data source select use integrated authentication

PrabuVelayutha_2-1689778077717.png

 

3. Test the SCCM data source with test load of 20 records in the data source

4. Review the test data load

Please let me know if any errors during test.

 

Mark helpful accept solution if it works.

 

0 Helpfuls