PO Box Configuration In Zilla
This article outlines how we manage your credentials for systems connected to PO Box.
Scope: Admins
This article covers the following topics:
Prerequisites
Admin permissions in Zilla
How We Pull Credentials
PO Box frequently calls home via an outbound API call to the Zilla AWS infrastructure. If a sync needs to be made, PO Box pulls configurations from AWS secrets manager where credentials are securely stored.
Store the Credentials Securely Within Zilla’s infrastructure
If there are brackets inside of a code snippet listed in the steps below, replace the bracket contents with a value. For example, if a code snippet requires you to enter CREATE USER {username}, replace {username} with the relevant value for your organization.
We recommend storing config information by creating applications in Zilla and placing the necessary information in Zilla. We recommend this for on-prem deployment of PO Box connecting to a MySQL Database, PostGREs Database, or an On-Prem Active Directory.
Active Directory
Log in to Zilla with administrator permissions.
On the
Applicationstab, clickAdd Application.
Search for
On Premise ADand clickAdd to Applications/Add Another Instance.
Add a
Business Ownerto review access for the app, add aTechnical Ownerto set up the syncs and revoke access, and clickAdd to Applications.
Click the
gearat the top right corner of the page.
To connect to AD and pull user information, fill out the fields listed below:
Frequency: Indicate how often users are pulled.
Name of the configured PO Box: Enter the name of the configured PO Box. For additional information on configuring PO Box, see https://zilla.atlassian.net/wiki/spaces/ZILLA/pages/3651141644. If you haven’t configured a PO Box, the value for this field is the name of the service account the Support team has used to generate tokens.
Server URI: Enter the URI of the server hosting your Active Directory using the value
ldap://{Server IP}. Replace the bracketed part with the IP of the server that’s hosting your Domain Controller and Active Directory.Search Base: This is the tree that you would like to pull users from on AD. We generally recommend selecting the highest level tree in your AD so that all of your AD users are pulled into Zilla. For example, if an OU is zsec.io, the value of the config would be
dc=zsec,dc=ioLogin User: Enter the username of the service account you created in Active Directory. For more info on how to do this, see Creating Service Accounts for PO Box. Include the full email address of the account. For example, if an account is called zilla-svc, and the domain is access-ventures.com, then the value of the config would be zilla-svc@access-ventures.com.
Login Password: Enter the password for the service account you created in AD.
Note: Usernames and passwords are always encrypted using AWS Secrets Manager when stored in your Zilla config.
MySQL Database
Log in to Zilla with administrator permissions.
On the
Applicationstab, clickAdd Application.
Search for
MySQLand clickAdd to Applications/Add Another Instance.
Add a
Business Ownerto review access for the app, add aTechnical Ownerto set up the syncs and revoke access, and clickAdd to Applications.
Click the
gearat the top right corner of the page.
Fill out the config we need to connect to the database and pull users. These are outlined below:
Frequency: Indicate how often users are pulled.
Name of the configured PO Box: Enter the name of the configured PO Box. For additional information on configuring PO Box, see https://zilla.atlassian.net/wiki/spaces/ZILLA/pages/3651141644. If you haven’t configured a PO Box, the value for this field is the name of the service account the Support team has used to generate tokens.
Database Server Host: Enter the hostname or IP of the database.
Database Server Port: Enter the port over which PO Box will send the query request. By default, MySQL uses port 3306.
Database Name (optional): By default, Zilla pulls users from the system level. If you also want to pull from a specific database, enter the name of the database and database-level users will be pull. You need to grant SELECT access to the service account you have created for this to work.
Database User: Enter the username of the service account you created. See Creating Service Accounts for PO Box for more details.
Database Password: Enter the password for the service account you created.
PostGREs Database
Log in to Zilla with administrator permissions.
On the
Applicationstab, clickAdd Application.
Search for
PostgreSQLand clickAdd to Applications/Add Another Instance.
Add a
Business Ownerto review access for the app, add aTechnical Ownerto set up the syncs and revoke access, and clickAdd to Applications.
Click the
gearat the top right corner of the page.
Fill out the config we need to connect to the database and pull users. These are outlined below:
Frequency: Indicate how often users are pulled.
Name of the configured PO Box: Enter the name of the configured PO Box. For additional information on configuring PO Box, see https://zilla.atlassian.net/wiki/spaces/ZILLA/pages/3651141644. If you haven’t configured a PO Box, the value for this field is the name of the service account the Support team has used to generate tokens.
Database Server Host: Enter the hostname or IP of the database.
Database Server Port: Enter the port over which PO Box will send the query request. By default, PostGREs uses port 5432.
Database Name: Enter the name of the database from which you want to pull users.
Database User: Enter the username of the service account you created. See Creating Service Accounts for PO Box for more details.
Database Password: Enter the password for the service account you created.
If you have multiple databases that need to be included in access reviews, add additional applications for each database by repeating steps 1-6. The same service account can be used if it has been granted SELECT access to each database.