Introduction

• JS7 offers integration with HashiCorp® Vault authentication server.
• The Vault Identity Service integration available from JOC Cockpit:
  • This requires HashiCorp® Vault to be downloaded, installed and operated by the user. Vault is not a built-in identity service and does not ship with JS7.
  • JS7 implements a REST client for use with HashiCorp® Vault 1.7.0 and newer.

Identity Service Types

The following integration levels are available from identity service types that can be used with Vault:

Explanation:

• Service Type: VAULT
  • Management of user accounts and passwords is performed with the Vault Server.
  • In addition, an automated mapping of policies - assigned a user account in Vault - to JOC Cockpit roles takes place.
  • JOC Cockpit does not know any user accounts, passwords an role assignments as this information is managed with Vault only.
• Service Type: VAULT-JOC
  • Management of user accounts and passwords is performed with the Vault Server.
  • The assignment of roles to user accounts is performed with JOC Cockpit and is stored with the JS7 database.
  • JOC Cockpit knows user accounts and role assignments. JOC Cockpit does not know passwords as this information is managed with Vault only
• Service Type: VAULT-JOC-ACTIVE
  • Management of user accounts and passwords is performed with JOC Cockpit. JOC Cockpit forwards user accounts and passwords to the Vault Server. JOC Cockpit stores users accounts (not: passwords) in the JS7 database.
  • The assignment of roles to user accounts is performed with JOC Cockpit and is stored with the JS7 database.
  • JOC Cockpit knows user accounts and role assignments. JOC Cockpit temporarily knows passwords until this information is forwarded to Vault.

Identity Service Configuration

JOC Cockpit offers the Manage Identity Services view for configuration: