Overview - Authentication
The main purpose of an adapter is to communicate with an external system to perform actions and then return the results of those actions back to Itential Automation Platform (IAP). In order to communicate with these external systems, adapters need to be able to authenticate with the external system.
While there are some common ways to authenticate, there is not one way, and systems can undergo changes to the norms (e.g. place the token in a different header).
Authentication With External Systems
Prior to configuring an adapter to “talk” to an external system, determine the following:
- Is a username and password required?
- Is it required on every call or just to retrieve a token?
- Are you authenticating based on system or user credentials?
- Do you need to dynamically log in based on different user credentials?
- Does the system or user associated with the credentials have proper permissions in the system to do what you are trying to do?
- How often do these credentials change? What are the implications to the adapter when they change?
- Is a token required to make calls?
- Are you able to use a static token that has a long or indefinite life?
- How many steps does it take to acquire a token?
- If the token expires, how long is the token valid for?
- If you are requesting a token, what is required (headers, body, etc.)?
- Is there any additional information that needs to be provided?
- Do you need to dynamically log in to environments/domains based on some criteria?
It is a good practice to authenticate through an API tool, like
Postman, because this tool provides information that makes it easier to configure the adapter to communicate with other systems. The information gathered from this effort can be utilized as a comparison with the adapter debug level logs with auth logging enabled. This determines what changes need to be made to the IAP Service Instance Configuration for the adapter or Endpoint Configurations within the adapter.
Vendors often support multiple ways to authenticate and will periodically change how system-to-system authentication should work. So, how to authentication with a system can change over time.