Configuring BMS API credentials for RocketCyber integration

It is important to ensure that the BMS API user credentials that are used in RocketCyber have the correct permissions to create and modify tickets, as well as the ability to retrieve organization information (for mapping purposes). 


There are two ways to ensure your user has the correct permssions: 

  1. Ensure you use a user that has Administrator level Security Role, as well as the API Access permission (less secure).
  2. Create an API-Employee user that has the specific permissions needed (most secure). 

Create an API-Employee with the correct permissions in Kaseya BMS 


You can create an API-Employee type in Kaseya BMS to use with your RocketCyber integration. This user type will not consume a license in BMS. 

While granting them the Administrator role will allow this user to create and update tickets, it is recommended to create a new Security role following the “least privilege” principle to only allow the API user to read account information and create and update tickets.  


In BMS, create a new security role under Admin > Security > Roles 



Click Save and the Permissions Screen will load (If you are editing an existing user, select the user and Edit). Expand the corresponding sections in the below table and assign permissions to the user 


Section Module Name View Modify Delete
Home My tickets x x  
Service Desk Tickets x x  
CRM Accounts x    
Admin Service Desk x x  
Admin(Special Features) Has API Access Check the box    


Save the role permissions.  Now, you can either assign this role to an existing API user that you wish to use, or you can create a new API-Employee User and assign the newly created role.


Creating an API-Employee with the created role


Once the role has been created, now you can add an API-Employee user and assign them the Role you just created. 


Navigate to the HR tab and select Employees on the left nav menu



Create New employee 


 Select User Type: API-Employee 

Security roles: Assign the Security Role you created in the first steps


Note: You must use a valid email address when creating the API user, and it must be unique, as an invite email will be sent to create a password. Alternatively, you can also click the Reset and Send Instructions button to send the password reset email. 


Once this is done, you are now ready to configure your integration in RocketCyber. 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section