Documentation

PingOne DaVinci

Suggest Edits

This integration uses webhooks to allow BeyondTrust to automatically send detections and recommendations to PingOne DaVinci, which eliminates manual intervention and delays in incident response, helping organizations improve their overall security postures.

⚠️

Important

Third-party documentation is subject to change. Updates might not be reflected in BeyondTrust documentation. For the most up-to-date information, visit PingOne DaVinci.

There are 3 types of PingOne DaVinci webhooks that can integrate with Insights. Password Safe, Privileged Remote Access, and Remote Support.

Required permissions - BeyondTrust

  • An Identity Security Insights account with administrator privileges.
  • An account that has access to the applicable tenant in Identity Security Insights.

Required permissions - DaVinci

Access to DaVinci with administrative rights to create flows, connectors, applications and variables.

PingOne DaVinci and Password Safe

DaVinci configuration

Log in to the DaVinci admin portal and add a flow:

  1. Add input schema with the parameter name snowsecops in the flow.
  2. Add a custom function.
  3. Create two variables by the name of clientId and clientSecret. These variables are used for establishing a ServiceNow connection.
  4. The value to pass is: {{global.parameters.snowsecops.messaging}}
  5. Use the following code to the custom function:
module.exports = a = async ({params}) => {
  var clientId = params.clientId;
  var clientSecret = params.clientSecret;

  const auth = Buffer.from(\`${clientId}:${clientSecret}\`).toString("base64");
  return {'auth': auth};
}
  1. Add an HTTP node and configure it with the ServiceNow URL.
  2. Add the following raw body to the HTTP node:
"active": "{{global.parameters.snowsecops.active}}",
"short_description": "{{global.parameters.snowsecops.short_description}}",
"description":"{{global.parameters.snowsecops.description}}",
"assignment_group":"{{global.parameters.snowsecops.assignment_group}}",
"caller":"{{global.parameters.snowsecops.caller}}",
"impact":"{{global.parameters.snowsecops.impact}}",
"cmdb_ci":"{{global.parameters.snowsecops.cmdb_ci}}",
"assigned_to":"{{global.parameters.snowsecops.assigned_to}}",
"urgency":"{{global.parameters.snowsecops.urgency}}",
"messaging":"{{global.parameters.snowsecops.messaging}}",
"user":"{{global.parameters.snowsecops.username}}"
}
  1. Add a function node with multiple functions and multiple conditions, and connect each conditional code to the respective HTTP node.
  2. Add REST API call details on each conditional node defined in the steps above. For the No Match condition, add an Error Message. For example, if the first condition is msteams, and it is true, then there is an MS Teams HTTP node to Make REST API Call.
  3. Add a BeyondTrust Password Safe node on a true condition for respective conditional node. Pass the username {{global.parameters.snowsecops.username}} to lock Password Safe session by username.
  4. Add an HTTP node to send a success/fail response.
  5. Add an application, noting the company ID, client ID, and API key.
  6. Add a flow policy, and add the flow created in steps above.

Insights configuration

Log in to Insights and create the webhook:

  1. In Identity Security Insights, select your tenant.

  2. In the upper left menu, click Insights > Integrations.
    The Integrations page displays with the available integrations.

  3. Click Webhooks or your product.
    The Summary page displays.

  4. Click Create Integration.
    The Configure Integration page displays.

  5. To create the webhook, enter the following:

    • Webhook Name: Enter a name
    • Webhook URL: Enter the Integration URL: https://orchestrate-api.pingone.com/v1/company/YOUR\_COMANY\_ID/policy/YOURPOLICY\_ID
    • Authorization Type: None
    • Key: X-SK-API-KEY
    • Value: Your_API_Key
    • Webhook template: Use the following test webhook JSON template to test the connection and send a webhook to Ping DaVinci. After a successful test with the static test data, the template can be configured. Create or change the fields and add variables as per your requirement.
{
  snowsecops":{
              "active":"true",
              "short_description":"":"%%definitionSummary%%",
              "description":"%%definitionSummary%%",
              "assignment_group":"dea26263ff0331007a6dffffffffff19",
              "caller":"963080bf3b5946504fef6b0c95e45a06",
              "impact":"1",
              "cmdb_ci": "Identity Security Insights",
              "assigned_to":"31620b30c3694e507ba03aec0501319c",
              "urgency":"2",
              "user":"admin",
              "messaging":"both",
              "link":"%%link%%"
           }
 }

PingOne DaVinci and Privileged Remote Access

DaVinci configuration

Log in to the DaVinci admin portal and add a flow:

  1. Add input schema with the parameter name snowsecops in the flow.
  2. Add a custom function.
  3. Create two variables by the name of clientId and clientSecret. These variables are used for establishing a ServiceNow connection.
  4. The value to pass is: {{global.parameters.snowsecops.messaging}}
  5. Use the following code to the custom function:
module.exports = a = async ({params}) => {
  var clientId = params.clientId;
  var clientSecret = params.clientSecret;

  const auth = Buffer.from(\`${clientId}:${clientSecret}\`).toString("base64");
  return {'auth': auth};
}
  1. Add an HTTP node and configure it with the ServiceNow URL.
  2. Add the following raw body to the HTTP node:
"active": "{{global.parameters.snowsecops.active}}",
"short_description": "{{global.parameters.snowsecops.short_description}}",
"description":"{{global.parameters.snowsecops.description}}",
"assignment_group":"{{global.parameters.snowsecops.assignment_group}}",
"caller":"{{global.parameters.snowsecops.caller}}",
"impact":"{{global.parameters.snowsecops.impact}}",
"cmdb_ci":"{{global.parameters.snowsecops.cmdb_ci}}",
"assigned_to":"{{global.parameters.snowsecops.assigned_to}}",
"urgency":"{{global.parameters.snowsecops.urgency}}",
"messaging":"{{global.parameters.snowsecops.messaging}}",
"user":"{{global.parameters.snowsecops.username}}"
}
  1. Add a function node with multiple functions and multiple conditions, and connect each conditional code to the respective HTTP node.
  2. Add REST API call details on each conditional node defined in the steps above. For the No Match condition, add an Error Message. For example, if the first condition is msteams, and it is true, then there is an MS Teams HTTP node to Make REST API Call.
  3. Add a BeyondTrust Privileged Remote Access node on a true condition for respective conditional node. Pass the username {{global.parameters.snowsecops.username}} to terminate PRA jump session by username.
  4. Add an HTTP node and define the REST API credentials to get PRA token.
  5. Add a variable to fetch a token: {{local.chie00n5wa.payload.output.rawResponse.body.access_token}}.
  6. Add an HTTP node and define the REST API credentials with a Patch HTTP method to disable the user. Pass body parameters: {"enabled": false}
  7. Add an HTTP node and send a success response.
  8. When complete, you should have the following nodes after the initial conditional node: BeyondTrust Privileged Remote Access - GetToken PRA - Variables - GetUserID PRA - DisableUser PRA - Success Response, with each node having a failed response and sending an error message.
  9. Add an application, noting the company ID, client ID, and API key.
  10. Add a flow policy, and add the flow created in steps above.

Insights configuration

Log in to Insights and create the webhook:

  1. In Identity Security Insights, select your tenant.

  2. In the upper left menu, click Insights > Integrations.
    The Integrations page displays with the available integrations.

  3. Click Webhooks or your product.
    The Summary page displays.

  4. Click Create Integration.
    The Configure Integration page displays.

  5. To create the webhook, enter the following:

    • Webhook Name: Enter a name
    • Webhook URL: Enter the Integration URL: https://orchestrate-api.pingone.com/v1/company/YOUR\_COMANY\_ID/policy/YOURPOLICY\_ID
    • Authorization Type: None
    • Key: X-SK-API-KEY
    • Value: Your_API_Key
    • Webhook template: Use the following test webhook JSON template to test the connection and send a webhook to Ping DaVinci. After a successful test with the static test data, the template can be configured. Create or change the fields and add variables as per your requirement.
{
   "snowsecops":{
                "active":"true",
                "short_description":"":"%%definitionSummary%%",
                "description":"%%definitionSummary%%",
                "assignment_group":"dea26263ff0331007a6dffffffffff19",
                "caller":"963080bf3b5946504fef6b0c95e45a06",
                "impact":"1",
                "cmdb_ci": "Identity Security Insights",
                "assigned_to":"31620b30c3694e507ba03aec0501319c",
                "urgency":"2",
                "username":"james",
                "messaging":"both",
                "link":"%%link%%"
               }
}

DaVinci PingOne and Remote Support

DaVinci configuration

Log in to the DaVinci admin portal and add a flow:

  1. Add input schema with the parameter name snowsecops in the flow.
  2. Add a custom function.
  3. Create two variables by the name of clientId and clientSecret. These variables are used for establishing a ServiceNow connection.
  4. Use the following code to the custom function:
module.exports = a = async ({params}) =>{
  var clientId = params.clientId;
  var clientSecret = params.clientSecret;

  const auth = Buffer.from(\`${clientId}:${clientSecret}\`).toString("base64");
  return {'auth': auth};
}
  1. Add an HTTP node and configure it with the ServiceNow URL.
  2. Add the following raw body to the HTTP node:
"active": "{{global.parameters.snowsecops.active}}",
"short_description": "{{global.parameters.snowsecops.short_description}}",
"description":"{{global.parameters.snowsecops.description}}",
"assignment_group":"{{global.parameters.snowsecops.assignment_group}}",
"caller":"{{global.parameters.snowsecops.caller}}",
"impact":"{{global.parameters.snowsecops.impact}}",
"cmdb_ci":"{{global.parameters.snowsecops.cmdb_ci}}",
"assigned_to":"{{global.parameters.snowsecops.assigned_to}}",
"urgency":"{{global.parameters.snowsecops.urgency}}",
"messaging":"{{global.parameters.snowsecops.messaging}}",
"user":"{{global.parameters.snowsecops.username}}"
}
  1. Add a function node with multiple functions and multiple conditions, and connect each conditional code to the respective HTTP node.
  2. Value to pass is: {{global.parameters.snowsecops.messaging}}
  3. Add REST API call details on each conditional node defined in the steps above. For the No Match condition, add an Error Message. For example, if the first condition is msteams, and it is true, then there is an MS Teams HTTP node to Make REST API Call.
  4. Add a BeyondTrust Remote Support node on a true condition for respective conditional node. Pass the username {{global.parameters.snowsecops.username}} to terminate RS jump session by username.
  5. Add an HTTP node and define the REST API credentials to get Remote Support token.
  6. Add a variable to fetch a token: {{local.nodexx.payload.output.rawResponse.body.access_token}}.
  7. Add an HTTP node and define the REST API credentials with a Patch HTTP method to disable the user. Pass body parameters: {"enabled": false}
  8. Add an HTTP node and send a success response.
  9. When complete, you should have the following nodes after the initial conditional node: BeyondTrust Remote Support - GetToken - Variables - GetUser Details - Variables - http - Success Response, with each node having a failed response and sending an error message.
  10. Add an application, noting the company ID, client ID, and API key.
  11. Add a flow policy, and add the flow created in steps above.

Insights configuration

Log in to Insights and create the webhook:

  1. In Identity Security Insights, select your tenant.

  2. In the upper left menu, click Insights > Integrations.
    The Integrations page displays with the available integrations.

  3. Click Webhooks or your product.
    The Summary page displays.

  4. Click Create Integration.
    The Configure Integration page displays.

  5. To create the webhook, enter the following:

    • Webhook Name: Enter a name
    • Webhook URL: Enter the Integration URL: https://orchestrate-api.pingone.com/v1/company/YOUR\_COMANY\_ID/policy/YOURPOLICY\_ID
    • Authorization Type: None
    • Key: X-SK-API-KEY
    • Value: Your_API_Key
    • Webhook template: Use the following test webhook JSON template to test the connection and send a webhook to Ping DaVinci. After a successful test with the static test data, the template can be configured. Create or change the fields and add variables as per your requirement.
{
   "snowsecops":{
                "active":"true",
                "short_description":"":"%%definitionSummary%%",
                "description":"%%definitionSummary%%",
                "assignment_group":"dea26263ff0331007a6dffffffffff19",
                "caller":"963080bf3b5946504fef6b0c95e45a06",
                "impact":"1",
                "cmdb_ci": "Identity Security Insights",
                "assigned_to":"31620b30c3694e507ba03aec0501319c",
                "urgency":"2",
                "user":"james",
                "messaging":"both",
                "link":"%%link%%"
               }
}

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.