Connector credentials
Before Nexthink can export data to any third-party supported tools, you must create and define new credentials to connect and enable such communication and then apply the credentials when configuring an outbound connector such as a webhook or data exporter.
Configuring credentials for the first time
Follow these steps to access the Connector credentials page:
Click on the Administration icon in the main menu.
Click on Connector credentials.
If the Connector credentials is not displayed in the menu, reach out to Nexthink Support to enable this functionality as it might be hidden.
When the Connector credentials page is accessed for the first time, it displays an empty list. As soon as a credential is created, it is listed on this page, and a total number of existing credentials is also displayed.
Creating a new credential
The following steps will take you through the process of creating a new credential:
Click on the New credential button located in the upper-right corner of the screen to create a new entry.
Fill out the Edit credential form.
The following points describe the items in the form:
Name: the unique name of the credential.
Protocol:
Hypertext Transfer Protocol Secure (HTTPS). Refer to the Connector credentials for HTTPS section below.
Secure File Transfer Protocol (SFTP). Refer to the Exporter for Secure File Transfer Protocol (SFTP) server documentation for more information.
Refer to the in-product documentation for more information. You can find it in the right-side menu.
Connector credentials for HTTPS
Choose Hypertext Transfer Protocol Secure (HTTPS) from the protocol drop-down menu. Configure the URL address using the URL of the third-party tool. Ensure it follows the https://{host}:{port}/ format. Finally pick the appropriate authorization type.
Examples of URLs
Third-party Tool | Full URL | Instance URL (credential field) |
ServiceNow | https://<instancename>.service-now.com/api/now/table/{tableName} | https://ven01063.service-now.com/ |
BMC | https://serverName:port/api/arsys/v1/entry/{formName} | https://serverName:port/ |
Cherwell | https://host.domain/CherwellAPI/api/V1/savebusinessobject | https://host.domain/ |
Ivanti | https://{tenant url}/api/rest/ServiceRequest/new | https://{tenant url}/ |
Freshservice | https://api.freshservice.com/v1/#update_ticket_priority | https://api.freshservice.com/ |
4me | https://api.4me.com/v1/requests | https://api.4me.com/ |
Jira service desk | https://<instancename>.atlassian.net/rest/servicedeskapi/request | https://<instancename>.atlassian.net/ |
Each third-party tool construct the instance URL in a different way. Please refer to the third-party software documentation to ensure that the values you insert are correct.
Supported authorization mechanisms
There are different types of authorization mechanisms supported by the credentials feature, which you can choose with the Authorization type drop-down list.
No Auth (None)
Enter the URL to connect to the third-party tool. This is typically used for Incoming webhook URLs.
Basic
Enter a username and password to connect to the third-party tool.
Bearer token
The Header prefix can be configured manually, but if it is not defined, the system enters Bearer as the default value.
Enter an API token in the Token field, typically generated by the third-party tool. It is added automatically into the header when the request is launched.
OAuth 2.0 - Client credentials
Use the client ID and client secret to obtain a token instead of the typical username and password. Both values are required.
The token has an expiration period and needs to be renewed. You must configure the Access Token URL field to automatically request a new token when the current one has expired.
Scope is an optional field. It details the operations that the system using the client ID and client secret can execute on the target machine.
OAuth 2.0 - Authorization code
Use the client ID and client secret to obtain a token instead of a username and password. Both values are required.
The third-party tool uses a redirect URL to send the authorization code to Nexthink. Use the copy button to copy and add the redirect URL to the third-party tool.
The token has an expiration period after which it must be renewed. You must configure the Authorization code URL and Access token URL fields to automatically request a new token when the current one has expired.
Scope is an optional field that lists the operations that the system using the client ID and client secret can execute on the target machine.
Connector credentials for SFTP
Choose the Secure File Transfer Protocol (SFTP) from the Protocol drop-down menu.
Hostname: the hostname of the SFTP server to connect to in the following format
sftp://{hostname}:{port}/. The protocolsftpand theportneed to be included.SFTP server fingerprint: Key fingerprints are an important security feature that helps users and client applications authenticate an SSH or SFTP server. Also, it helps the client application determine whether it's really connecting to the server it was intended to connect to. The values supported can start either with
ecdsa-sha2orssh-rsa.
Values such as, da:47:93:b4:3a:90:5b:50:1f:20:a8:f9:b7:a1:d0:e1 are not valid for this field.
Authorization: BASIC is the default value
Username: username to connect to the SFTP server
Password: password to connect to the SFTP server
Saving a new credential
Once the form has been completed, click on the Save button to save it. If all goes smoothly, you will be redirected to the Credentials page with the list of existing credentials. The new credential should be part of the list.
If there is a configuration mistake, the user interface displays an error message box at the top of the page, reporting the problematic fields.
Click on Cancel to stop the process of creating a new credential and return to the list of Credentials without saving the information in the form.
Editing a credential
You can update a credential by selecting the pencil icon located on the right side of the credential entry on the Credentials list.
Once clicked, you are redirected to the credentials form with pre-filled values for the credential.
The values that appear hidden in the Token or Password fields cannot be copied as they don’t represent the real values for these fields. This has been done for security purposes.
By clicking the Save button, the current values of the credential are updated, and you are redirected back to the Credentials page.
By clicking the Cancel button, you return to the list of credentials without changing the values.
Deleting a credential
If a credential is no longer needed or valid, it can be removed using the trash bin icon on the right side of each credential in the list.
When the trash icon is clicked, a pop-up opens to confirm the delete action.
To confirm, click on the Ok button. The credential will be removed regardless of having a connector linked to it.
Click Cancel if you wish to abort the operation.
RELATED LINKS