Set up a PrivX connector
Capabilities
Sync user identities from PrivX to ConductorOne
Resources supported:
- Roles
Add a new PrivX connector
This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
In ConductorOne, click Connectors > Add connector.
Search for PrivX and click Add.
Don’t see the PrivX connector? Reach out to support@conductorone.com to add PrivX to your Connectors page.
Choose how to set up the new PrivX connector:
Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren’t yet managed with ConductorOne)
Add the connector to a managed app (select from the list of existing managed apps)
Create a new managed app
Do you SSO into PrivX using your identity, SSO, or federation provider? If so, make sure to add the connector to the unmanaged PrivX app that was created automatically when you integrated your provider with ConductorOne, rather than creating a new managed app.
Set the owner for this connector. You can manage the connector yourself, or choose someone else. Setting multiple owners is allowed.
A PrivX connector owner must have the following permissions:
- Connector Administrator or Super Administrator role in ConductorOne
- Admin role in PrivX
- Click Next.
Next steps
If you are the connector owner, proceed to Configure your PrivX connector.
If someone else is the connector owner, ConductorOne will notify them by email that their help is needed to complete the setup process.
Configure your PrivX connector
A user with the Connector Administrator or Super Administrator role in ConductorOne and the Admin role in PrivX must perform this task.
Step 1: Set up a PrivX role
First, create a PrivX role that will be used to grant permissions to the API client you’ll use to integrate with ConductorOne.
In PrivX, navigate to Administration > Roles and click Add Role.
Create a new role (or locate an existing role) with the following permissions:
- roles-view
- users-view
- role-target-resources-view
Make a note of the name of the role, as you’ll use it in Step 2.
Step 2: Create a PrivX API client
Still in PrivX, navigate to Administration > Deployment and click Integrate with PrivX Using API Clients.
Click Add API Client.
Give the new client a name and assign it the role you created or identified in Step 1.
Click Save.
Scroll down to the Credentials section of the page. Carefully copy and save the OAuth Client ID and Client Secret, and the API Client ID and Client Secret. We’ll use these credentials in Step 3.
Step 3: Add your PrivX credentials to ConductorOne
In ConductorOne, navigate to the PrivX connector by either:
Clicking the Set up connector link in the email you received about configuring the connector.
Navigate to Connectors > PrivX (if there is more than one PrivX listed, click the one with your name listed as owner and the status Not connected).
Find the Settings area of the page and click Edit.
Select your preferred authentication method, OAuth or Client secret:
For OAuth, enter your PrivX base URL and paste in the OAuth credentials generated in Step 2.
For Client secret, enter your PrivX base URL and paste in the API client credentials generated in step 2.
Click Save.
The connector’s label changes to Syncing, followed by Connected. View the logs to ensure that information is syncing.
That’s it! Your PrivX connector is now pulling access data into ConductorOne.
Configure the PrivX integration using Terraform
As an alternative to the integration process described above, you can use Terraform to configure the integration between PrivX and ConductorOne.
See the ConductorOne PrivX integration resource page in the ConductorOne Terraform registry for example usage and the full list of required and optional parameters.