Creating Synthetic test credentials

Edit online

When you adopt Synthetic monitoring, it is essential to consider the potential security risks and take the appropriate steps to protect your systems and prevent unauthorized access. Consider the following guidelines to optimize the secure usage of scripted Synthetic tests.

  • Ensure proper user permissions: Use Role Based Access Control to make sure that the users with write access on Synthetic test definitions have only the necessary access. See Managing access with user permissions.
  • Restrict the usage of Synthetic credentials: When you create the credentials that you will provide to Instana to run your Synthetic tests, make sure that the credentials are used only to run the Synthetic test. See Creating dedicated credentials for Synthetic test scripts.

Before you create a credential or provide that credential in your Synthetic test running on Instana, you must evaluate the scope of access.

Defining the scope of access for a Synthetic credential:

In your credentials manager or by using your credentials process, create a dedicated credential with only limited access and scope to run the Synthetic test. Use the relevant operating system, application, or credential manager capabilities to create the credential and limit its scope. The Synthetic PoP requires that each Synthetic test script that requires credentials to run provides the credentials to Instana. You manage the scope and permission of the credential when you create it. Instana is only a user of the credential. When you create credentials, ensure that it is used for accessing only those application or website actions that are required for the Synthetic PoP to run the Synthetic test.

  • Access to only those application or website actions that are required for the Synthetic PoP to run the Synthetic test.

Expected use of the Synthetic test scripts includes script statements that can be run by any Instana user with the appropriate permission. Creating a dedicated credential with limited access for these script statements prevents the statements that are invoked from Instana from accessing unauthorized content.

To create a Synthetic credential, complete the following steps:
  1. Go to Synthetic Monitoring > Credentials > New Credential.
  2. Enter a name and value for the credential.
  3. Optional: Associate the credential with an application in the Associations tab. You can use a combination of associations.
    • Application: If an application is monitored by Instana, you can associate the credential with the application. You can select multiple applications.
    • Website: If a website is monitored by Instana, you can associate the credential with the website. You can select multiple websites.
    • Mobile app: If a mobile app is monitored by Instana, you can associate the credential with the mobile app. You can select multiple mobile apps.
    Create credential dialog showing name and value fields Associations tab showing application, website, and mobile app options
  4. Optional: Create a team association for the credential in the Teams tab.
    Figure 1. Teams tab for creating team associations
    Teams tab for creating team associations