Configuring BMS API credentials for RocketCyber integration

It is important to ensure that the BMS API user credentials that are used in RocketCyber have the correct permissions to create and modify tickets, as well as the ability to retrieve organization information(for mapping purposes).

There are two ways to ensure your user has the correct permissions:

  1. Ensure you use a user that has Administrator level Security Role, as well as the API Access permission (less secure).
  2. Create an API-Employee user that has the specific permissions needed (most secure).

Create an API-Employee with the correct permissions in Kaseya BMS

You can create an API-Employee type in Kaseya BMS to use with your RocketCyber integration. This user type will not consume a license in BMS.

While granting them the Administrator role will allow this user to create and update tickets, it is recommended to create a new Security role following the “least privilege” principle to only allow the API user to read account information and create and update tickets.

In BMS, create a new security role under Admin > Security > Roles
blobid0.png

Click Save and the Permissions Screen will load(If you are editing an existing user, select the user and Edit). Expand the corresponding sections in the below table and assign permissions to the user
blobid1.png

Section Module Name View Modify Delete
Home My tickets x x
Service Desk Tickets x x
CRM Accounts x
Admin Service Desk x x
Admin(Special Features) Has API Access Check the box

Save the role permissions.  Now, you can either assign this role to an existing API user that you wish to use, or you can create a new API-Employee User and assign the newly created role.

Creating an API-Employee with the created role

Once the role has been created, now you can add an API-Employee user and assign them the Role you just created.

  1. Navigate to the HR tab and select Employees on the left nav menu
    blobid2.png
  2. Create New employee
    blobid3.png
  3. Select User Type: API-Employee
  4. Security roles: Assign the Security Role you created in the first steps

NOTE  You must use a valid email address when creating the API user, and it must be unique, as an invite email will be sent to create a password. Alternatively, you can also click the Reset and Send Instructions button to send the password reset email.

Once this is done, you are now ready to configure your integration in RocketCyber.