.png){kind=logo}
Universal Orchestrator
Configuration items related to the deployment of Universal Orchestrator extensions.
This section relates to the installation and configuration of various orchestrator extensions that provide additional capabilities to the orchestrator framework. For more information about the Universal Orchestrator, visit the Command Reference Guide.
The Universal Orchestrator integration functionalities are provided using custom orchestrator extensions. Keyfactor provides several PAM extensions on the publicly-facing Keyfactor GitHub.
Configuration Item | Description | Customer Requirements |
|---|---|---|
Orchestrator Extension: | This extension supports the inventory and management of the Windows Local Machine Certificate Stores (e.g. Personal, Trusted Roots, and Web Hosting). | |
Orchestrator Extension: | This extension supports numerous file based certificate store types including JKS, PEM, DER, and PKCS12. | |
Orchestrator Extension: | This extension enables the creation and management of certificate stores linked to the Azure Application Gateway. This extension supports both certificates and certificates with bindings. | |
Orchestrator Extension: | The Citrix ADC Orchestrator remotely manages certificate objects on a Citrix ADC device. Since the ADC supports services including: Load Balancing, Authentication/Authorization/Auditing (AAA), and Gateways, this orchestrator can bind to any of these virtual servers when using unique virtual server names for each service. | |
Orchestrator Extension: | The Hashicorp Vault Orchestrator extension allows you to manage certificates in Hashicorp Vault KeyValue secrets engine and perform inventory on certificates stored in the PKI or Keyfactor secrets engines. | |
Orchestrator Extension: | The Kubernetes Orchestrator allows for the remote management of certificate stores defined in a Kubernetes cluster. The following types of Kubernetes resources are supported: Kubernetes secrets of | |
Orchestrator Extension: | The Palo Alto Orchestrator remotely manages certificates on either the Palo Alto PA-VM Firewall Device or the Panorama. If using Panorama, it will push changes to all the devices from Panorama. It supports adding certificates with or without private keys. Palo Alto does not support incremental certificate inventory. If you have large numbers of certificates in your environment it is recommended to limit the frequency of inventory jobs to 30 minutes or more | |
Orchestrator Extension: | Kemp Load Balancer for Add, Remove and Inventory | |
Orchestrator Extension: | The F5 Orchestrator supports three different types of certificates stores with the capabilities for each below:
| |
Orchestrator Extension: | The VMware NSX Advanced Load Balancer (formerly Avi Vantage) Orchestrator allows for the management of certificates stored in the VMware NSX ALB solution. Application, System, and CA cert types are supported. Inventory, Management, and Renewal functions are supported. | |
Orchestrator Extension: | This integration allows the orchestrator to act as a client with access to an instance of the Azure Key Vault; allowing you to manage your certificates stored in the Azure Keyvault via Keyfactor. | |
Orchestrator Extension: | The Fortanix orchestrator extension allows for the inventory of certificates in Fortanix stores. Only Inventory is supported. The orchestrator extension uses the Fortanix API library to perform this function.. | |
Orchestrator Extension: | The Imperva Orchestrator Extension allows for the management of SSL certificates bound to web sites managed by the Imperva cloud-based firewall. | |
Orchestrator Extension: | The GCP Certificate Manager Orchestrator Extension remotely manages certificates on the Google Cloud Platform Certificate Manager Product. | |
Orchestrator Extension: | The Google Cloud Platform (GCP) Load Balancer Orchestrator allows for the management of Google Cloud Platform Load Balancer certificate stores. Inventory, Management-Add, and Management-Remove functions are supported. Also, re-binding to endpoints IS supported for certificate renewals (but NOT adding new certificates). The orchestrator uses the Google Cloud Compute Engine API (https://cloud.google.com/compute/docs/reference/rest/v1 ) to manage stores. | |
Orchestrator Extension: | The Alteon Load Balancer integration allows you to manage certificates within the Alteon Load Balancer device. | |
Orchestrator Extension: | Bosch IP Camera Orchestrator for Inventory and Reenrollment (on-device keygen) for existing and new certificates | |
Orchestrator Extension: | The Signum Orchestrator Extension supports inventorying certificate stored in a Signum instance. Adding, renewing existing and removing certificates is not supported. | |
Orchestrator Extension: | Apigee is a Google Cloud Platform (GCP) software product for developing and managing APIs. The remote GCP Apigee Orchestrator allows for the remote management of Apigee certificate stores. Inventory and Management functions are supported. The Orchestrator performs operations utilizing the Apigee REST API. | |
Orchestrator Extension: | A10 vThunder AnyAgent allows an organization to inventory and deploy certificates in any domain that the appliance services. The AnyAgent deploys the appropriate files (.cer, .pem) within the defined directories and also performs and Inventory on the Items. | |
Orchestrator Extension: | The FortiWeb Orchestrator Extension is an integration that can replace and inventory certificates on the device that are bound to a Vitrual Server via Policy. The certificate store types that can be managed in the current version are:
| |
Orchestrator Extension: | Certificate inventory and management for Integrated Dell Remote Access Controller appliances | |
Orchestrator Extension: | The F5 Big IQ Orchestrator Extension supports the following use cases:
| |
Orchestrator Extension: | The IBM DataPower Orchestrator allows for the management of certificates in the IBM Datapower platform. Inventory, Add and Remove functions are supported. This integration can add/replace certificates in any domain\directory combination.
| |
Orchestrator Extension: | The Akamai Certificate Provisioning System (CPS) Orchestrator is capable of inventorying existing certificates on the Akamai platform, and performing enrollments and renewals of certificates with keys generated on the Akamai system. | |
Orchestrator Extension: | The F5 WAF Orchestrator extension remotely manages TLS and CA Root certificates uploaded to F5 Distributed Multi-Cloud App Connect, which is the F5 platform that manages WAF services. Certificates bound to Http Load Balancers within Multi-Cloud App Connect can be renewed/replaced, but they cannot be removed. Certificate store types f5WafTls and f5WafCa are used to manage stores containing TLS and CA Root certificates, respectively. | |
Orchestrator Extension: | The Azure App Registration and Enterprise Application Orchestrator extension remotely manages both Azure App Registration/Application certificates and Enterprise Application/Service Principal certificates. Application certificates are typically public key only and used for client certificate authentication, while Service Principal certificates are commonly used for SAML Assertion signing. The extension implements the Inventory, Management Add, Management Remove, and Discovery job types. Certificates used for client authentication by Applications (configured in App Registrations) are represented by the | |
Orchestrator Extension: | The Fortigate Orchestrator Extension supports the following use cases:
| |
Orchestrator Extension: | The AWS ACM Orchestrator supports Inventory and Management of certificates in the AWS Certificate Manager. It supports three methods of authentication: Environmental Credentials loaded via the AWS SDK e.g. inside an EC2 instance; IAM User Credentials for assuming a Role as a specific user; OAuth-based Credentials to authenticate with an OAuth provider to assume a Role. |