Delinea Secret Server

  • Updated on Dec 4, 2025
  • Published on Sep 5, 2025
  • 4 minute(s) read
Prev Next

Delinea Secret Server is an enterprise-grade password management solution designed to help organizations securely store, manage, and control access to privileged credentials. For more information check Delinea’s official documentation.

Integration Method: API

Tables: Entity Management (3004), Group Management (3006)

This integration supports the following events.

Event

Description

Folder Audits

List of activities performed by user on folder

Folder Access Groups

List of groups having access to a folder

Folders

List of all the folders in Delinea

Secrets

List of all the secrets stored in Delinea

This integration supports the following versions.

Delinea Secret Server Version

22-07-2025

Delinea Secret Server API version

V2 for Secrets, V1 for other endpoints

Prerequisites

  • Access to Delinea Secret Server dashboard using System Administrator account

  • The user should have access to the DataBee console

Configuration Overview

  1. Generate an API token with the required scopes

  2. Add the Delinea Secret Server data feed in the DataBee console with the below parameters.

    DataBee Parameter

    Delinea Secret Server Parameter

    Client Key

    Username

    Client Secret

    Password

Delinea Secret Server Configuration

  1. Login to Delinea Secret Server Platform.
     

  2. Navigate to Access > Users from the sidebar.
     

  3. Navigate to More > Add service user.
     

  4. Add the ‘Username’ in format username@domain as shown below. Add appropriate ‘Display name’ and set a strong password. Store the username and the password securely as they’ll be used to configure the data source later on.
     

  5. Select the appropriate group if applicable and then click on Add.

    Note:

    Login with these credentials to the UI once to activate the user.

     

  6. Navigate to the Roles > Add Role.
     

  7. Fill out the necessary information then click on Save button.
     

  8. Navigate to Permissions > Add Permissions.
     

  9. Assign the permissions shown below.

    Title

    Name

    Administer Secret Server Folders

    delinea.vault/secretserver/administration/folders/ad

    View Identity settings

    delinea.platform/identity/admin/read

    Administer Secret Server Folder:

  10. Click on Users.
     

  11. Navigate to Users (In Filters) > Service users.
     

  12. Click on the service user created earlier.
     

  13. Navigate to Roles > Assign Roles.
     

  14. Select the role assigned earlier then click on Assign.
     

  15. Now we must give folder permission to the service user for each root level folder. If you have the complex folder structure skip to the Step 20.

  16. Navigate to Secret Server > Your Folder > 3 Dots after the name of the folder > Edit folder.
     

  17. Navigate to Permissions > Edit > Add.
     

  18. Select the service user created earlier. Select View in Folder Permissions and List in Secret Permissions. Then click on Save.
     

  19. Repeat the Step 16-18 for each root level folder. Make sure each sub folder inherited the permissions from parent folder. If any folder is not inherited parent perform the Step 16-18 for those folders as well.
     

  20. In case of multiple root folders with different ownerships or complex folder structures in which giving permission Individually is difficult, Contact Delinea Support Team and raise support case for the same.
     

  21. Navigate to Settings > Secret Server > Secret Server Connection. Here Login and Secret Server URL are in formats https://<instance_name>.delinea.app/identify/ and https://<instance_name>.secretservercloud.com respectively. Take the instance_name from these URLs and store it securely as it will be used to configure the data source.
     

DataBee Configuration: Direct to Delinea SaaS

Note:

This section describes the integration with DataBee directly accessing the Delinea API. If an API gateway is in use, refer to the section DataBee Configuration: API Gateway

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Delinea Secret Server and click it as shown below.
     

  3. Click on the API Ingest option for collection method.
     

  4. Enter feed contact information and click Next.
     

  5. In the configuration page, confirm the following:

    • API Base URL: Replace the <instance> with your instance name.

    • Authorization Method: OAuth2.

    • Client Key: Paste the username created earlier.

    • Client Secret: Paste the password.

    • Token URL: Replace the <instance> with your instance name.

    • Event Types: Preselected for all the event types that integration pulls.
       

  6. Click on Test Connection, then click Submit.

DataBee Configuration: API Gateway

For security reasons, some customers deploy an an API gateway like Apigee or similar in place. There are times where strict access is enforced by allowing only devices within the perimeter to have access. In scenarios such as this, we can deploy a DataBee Data Collector within the network.

Prerequisites: Install a Linux Data Collector. Refer to this article in the documentation.

  1. Login to the DataBee, navigate to Data > Data Feeds, and click the +Add New Data Feed button.

  2. Search for Delinea Secret Server and click on the button

  3. Click on the Data Collector option

  4. Click on API Ingest option

  5. Enter the feed contact information and select the collector deployed from the drop down

  6. In the configuration page, enter the following

    1. Base URL: Enter the Base URL of the API gateway. Enter the full URL including any custom routing paths configured for connection to Delinea.

      Note: Regardless of the gateway path, the final endpoint must end with the following:

      1. Folders Event: https://<base_path>/api/v1/folders

      2. Secrets Event: https://<base_path>/api/v2/secrets

      3. Folder Access Event: https://<base_path>/api/v1/folder-permissions

    2. Request Count: Set a rate limit defined by your gateway

    3. Interval: Set an interval defined by your gateway

    4. Event Types: Preselected for all event types the integration pulls

  7. In the configure authentication page, confirm the following, then click Next.

    1. Authorization Method: OAuth2

    2. Client Key: Enter the client key provided by the identity or middleware platform you are using.

      Example: If authenticated through a third-party provider (such as a cloud identity service), enter the client/application key issued by that provider.

    3. Client Secret: Enter the corresponding client secret for the same platform.

      Example: If using an identity provider, supply the secret associated with the application you registered there.

    4. Token URL: Provide the OAuth2 token endpoint for your identity platform.

      Example: For platforms that use tenant-based URLs, replace the placeholder (such as a tenant ID or organization code) with your actual value before entering it.

    5. Scope: Enter the scope required by your identity provider or middleware to authorize the integration.

      Example: If your provider requires specific API permissions or application scopes, include them here as documented for your setup.

  8. Click Submit

Troubleshooting Tips

  • Ensure that the username and the password are correct. Paste them on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • Ensure that Permissions and Role given to the Service User are correct.