Setting up the SIEM User and the OAuth App on the Tenant

To set up the SIEM user and OAuth app:

  1. On the Admin Portal, Select Apps > Web Apps.
  2. Click Add Web Apps. Once it opens a page, click the Custom tab.

  3. Locate the OAuth2 Client and click Add.

  4. When prompted to add the Web App, OAuth2 Client, click Yes.

  5. On the Settings tab, in the Application ID field, enter oauthsiem.

  6. On the General Usage tab, leave the defaults as shown.

  7. On the Tokens tab, for Auth methods, check Client Creds and click Save.

  8. On the Scope tab, under Scope definitions, click Add to add a new scope.

  9. On the Scope definitions dialog:

    1. In the Name field, enter siem.

      Note:   The name of the scope siem must be lowercase, or an invalid scope error will be thrown.

    2. In the Allowed REST APIs section, click Add and enter Redrock/query.

    3. Click Save.

  1. On the Admin Portal, select Access > Users > Add User.
  2. On the Create Centrify Directory User page:
    1. For the Login Name, enter siemuser.

    2. For the Suffix, enter Admin (or leave as is).

    3. For the Password and Confirm Password, enter the password of your choice.

  3. For Status:
    1. Check Password never expires.

    2. Select Is OAuth confidential client. This automatically also selects the options Password never expires and Is Service User

  4. On the Admin Portal, Select Access > Roles > Add Role.
  5. Once page opens, in Description tab:

    For the Name, enter service account and click Save.

    This entry serves as the role name.

  6. Open the newly created role, and select the Members tab:
    1. Click Add and search the siemuser that you created earlier.

      Click Save.

  7. Open the Administrative Rights tab:
    1. Click Add.

    2. In the Add Rights list, check Read Only System Administration

    3. Click Add.

    4. Click Save.

  8. Navigate to Apps > Web Apps > Permissions. Click Add and add the role you created above: service account.
  9. Perform final checks to make sure that:
    • On the Admin Portal, on the Access > Users tab:

      • The siemuser created earlier, is shown as the Centrify Directory User. Click it to open the user’s page.

      • In Roles section for this user, the role named service account must be listed, with Read Only System Administration in Administrative Rights.

    • On the Admin Portal, on the Apps > Web Apps tab:

      • Select OAuth2 Client

      • In the Permissions tab > Name column shows the earlier created role service account with the View and Run permissions checked

    • On the Apps tab, the Tokens section shows under Auth methods that Client Creds is checked.