It is important to ensure that the BMS API user credentials that are used in RocketCyber have the correct permissions to create and modify tickets, as well as the ability to retrieve organization information (for mapping purposes).
There are two ways to ensure your user has the correct permssions:
- Ensure you use a user that has Administrator level Security Role, as well as the API Access permission (less secure).
- Create an API-Employee user that has the specific permissions needed (most secure).
Create an API-Employee with the correct permissions in Kaseya BMS
You can create an API-Employee type in Kaseya BMS to use with your RocketCyber integration. This user type will not consume a license in BMS.
While granting them the Administrator role will allow this user to create and update tickets, it is recommended to create a new Security role following the “least privilege” principle to only allow the API user to read account information and create and update tickets.
In BMS, create a new security role under Admin > Security > Roles
Click Save and the Permissions Screen will load (If you are editing an existing user, select the user and Edit). Expand the corresponding sections in the below table and assign permissions to the user
|Has API Access
|Check the box
Save the role permissions. Now, you can either assign this role to an existing API user that you wish to use, or you can create a new API-Employee User and assign the newly created role.
Creating an API-Employee with the created role
Once the role has been created, now you can add an API-Employee user and assign them the Role you just created.
Navigate to the HR tab and select Employees on the left nav menu
Create New employee
Select User Type: API-Employee
Security roles: Assign the Security Role you created in the first steps
Note: You must use a valid email address when creating the API user, and it must be unique, as an invite email will be sent to create a password. Alternatively, you can also click the Reset and Send Instructions button to send the password reset email.
Once this is done, you are now ready to configure your integration in RocketCyber.