Introducing Delinea Identity Services for HashiCorp Vault | Delinea

Today, Delinea is proud to announce the integration of the Delinea Identity Service with HashiCorp Vault for role-based user authentication and access to the Vault.

The Delinea Next-Gen Access Management platform now provides an additional Auth Method called “Delinea” for HashiCorp Vault. This Auth Method allows you to authenticate users to HashiCorp Vault, leverage any connected directory source for authentication, and enable role-based authorizations to Vault resources using Delinea Roles.

Figure 1: HashiCorp Vault integration with Delinea Identity Services

Integration, authentication, access

There are several benefits to using Delinea for user authentication to HashiCorp Vault:

• Delinea brokers authentication to any connected directory source, including Active Directory, LDAP, Google Directory, or the Delinea Cloud Directory for user or service accounts.
• User access to the Vault is time-bound and is based on authentication to the Delinea Identity Service. This allows you to avoid long-lived credentials left behind on user’s machines and protects against potential malware attacks.
• Delinea’s integration enables workflow-based access control, allowing users to request and receive access to the Vault only when needed. This enables you to grant access to the Vault without assigning permanent access rights within the Delinea Identity Service.
• Delinea integration centralizes access management for new users and temporary workers. You can simplify account creation during the on-boarding process and automatically disable user access upon termination.
• Delinea captures an audit log of all user login events to the HashiCorp Vault and sends these logs to your security information and event management (SIEM) solution for analysis.
• With Delinea, you can authenticate your on-premises users to the Vault deployed on-premises, in a DMZ, within one or more VPCs on Amazon AWS, or in other IaaS hosting services.

Simplified integration with Active Directory

Delinea can also simplify the integration with Active Directory for those deployments where Vault runs on Linux and has direct Active Directory access.

In this model, Delinea extends Vault’s current LDAP Auth Method to support proper operations within complex multi-domain or one-way trust Active Directory (AD) environments through the Delinea LDAP Proxy.

Additionally, Delinea Agent for Linux provides centralized public key infrastructure (PKI) certificate management for Linux within environments which use Microsoft Certificate Authority for automated certificate issuance and renewal.

Figure 2: HashiCorp Vault integration with Delinea Agent for Active Directory

Regardless of how you would like to centralize user authentication to Vault, Delinea provides a solution to integrate Vault into Active Directory, LDAP, Google Directory, or Delinea Cloud Directory as well as provide role-based authorization to Vault resources.