This article provides instructions on how to integrate Kaseya VSA to Lifecycle Manager to pull configuration items from Kaseya VSA.

Prerequisites

The following is required for integrating Kaseya VSA with Lifecycle Manager:

  • You must have Administrator user credentials for your Kaseya VSA account

  • You must have Administrator user credentials for your Lifecycle Manager account or member permissions of Manage Sync Settings selected

Additional Prerequisites

  • All communications must run over HTTPS / port 443

  • A valid hostname and certificate is needed on the server

Software version reporting

Note that when using Kaseya VSA with SAM enabled, Kaseya VSA doesn't report on all software build versions. It only reports software versions for Operating Systems and Security products and our product team is working on enhancing our integration to remove the limitation.

To successfully integrate Kaseya VSA with Lifecycle Manager, please follow these steps in each article section:

Integration steps in Kaseya VSA

Token authentication in Kaseya VSA

Integration steps in Lifecycle Manager


Integration steps in Kaseya VSA

Creating a custom role and assigning permissions

You need to create a custom Kaseya role and apply it to a newly-created integrator user.

  1. Sign in to Kaseya VSA as an administrator

  2. Within the Kaseya VSA menu, navigate to System > User Security > User Roles.

  3. Click the +New button to create a new user role

  4. On the Add User Role window, type in a role name.

    1. Select Kaseya Advanced from the Role Type drop-down menu

  5. Click the Save button.

  6. Once the role is saved, select the newly defined Role to view the role’s access rights.

  7. Click on the Access Rights tab to enable/disable modules before adding users to this role.

  8. Click the Set Role Access Rights button to set minimum permissions.

  9. Once the minimum permissions are set to the custom Kaseya role, click Ok to save the changes.

  10. Once you’ve saved the changes, you will need to assign the role to a user. By clicking on the Members tab, you can see that no current users are found.

Setting minimum permissions to custom Kaseya role

The minimum permissions you can apply to the custom Kaseya role are as follows:

  • Audit

    • Asset

      • View Assets

        • View

    • Collect Data

      • Run Audit

        • Machine status

    • View Individual data

      • Machine summary

        • Software

          • System Information

          • Software Licences

          • Installed Applications

          • Add/Remove

          • Startup Apps

          • Security Products

        • Hardware

          • Disk Volumes

      • System Information

        • Machine Status

  • System

    • User Settings

      • Preferences

    • Orgs/Groups/Depts/Staff

      • Manage

        • Machine Groups


Determining scope for a user

Now, we will need a Scope to go with the new User Role. We recommend using the System/ Master scope, along with the minimum role permissions (created in the previous steps) to ensure all your organization's sync to Lifecycle Manager. You will select this scope when you are creating an integration user.

Kaseya VSA Master vs System role/scope
The varieties of Kaseya VSA have different fixed role/scope names:

  • Hosted VSA - The all-access scope that we recommend for our Kaseya integration is called System.

  • On-Prem VSA - The all-access scope that we recommend for our Kaseya integration is called Master


Creating an integration user

Now that the custom role is created, you need to create a Kaseya VSA user that will be associated with your Lifecycle Manager integration. As you created a user role without having VSA users in place, you need to create a Kaseya VSA user that will be associated with your Lifecycle Manager integration.

As you navigate to the Users page and create a new user - you will see from the drop-down menus, your newly created user role and pre-defined scope.

  1. If you haven't already signed in, sign in as an administrator in Kaseya VSA

  2. Within the Kaseya VSA menu, navigate to System > User Security > Users. The Users view displayed is where you add and manage users.

  3. Click the +New button.

    1. On the Add User screen, enter a username and relevant date. The User Name and Email address must be the same.

  4. In the Initial Role* and Initial Scope* drop-down menus, you will be able to select your newly created User Role and Scope.

  5. Save the changes by clicking the Save button.

You should see the User Role/Scope assigned to this VSA account under the Roles and Scopes tabs.


Token authentication in Kaseya VSA

Generating an access token

API connection authentication can be done with access tokens, rather than passwords, in VSA.

The password authentication feature of VSA has been deprecated and will be removed shortly.

  1. In VSA, Navigate to System > Users > User > Access Tokens tab

  2. Click +New to create a token for your account.

  3. In the Add Access Token screen, fill in the relevant token token name (e.g. lifecycle_manager_token). After entering a token name, we recommend setting an expiration period of 6 months for the token.

  4. In the Scopes Assigned section, select the REST API (Read, Write) option as this option lets you have access to the REST APIs using the generated token.

    1. In the Rest API Access Rights section, ensure the Inherit from User Role option is selected.

  5. Click Save to generate the API token for this user. The generated access token appears on a pop-up screen.

    1. The access token will be hidden for security reasons after navigating away from this page. Once the token is generated, take note and copy the access token. Keep the token in a secure location, because this value is not recoverable once navigating away.

  6. Click Ok.


Integration steps in Lifecycle Manager

Adding Kaseya VSA API credentials to Lifecycle Manager

  1. From Lifecycle Manager, navigate to Integrations and click the Add integration button.

  2. The Add integration page will open. Select Kaseya VSA.

  3. Enter your username and password on the add integration page.

    1. While Lifecycle Manager currently supports both password authentication and access token (as the field name Password or Access Token indicates), we are recommending all Kaseya integrations provide an access token to ensure no disruptions when the password authentication is deprecated.

  4. Enter your Kaseya Server Hostname

  5. Select your Company Name Mapping option from the drop-down menu

  6. Click Save Kaseya VSA Setup.

IP allowlisting in AuthAnvil settings
When Kaseya's native 2FA feature is used, it is supported for API integrations by default. However, if you are using AuthAnvil for your Kaseya VSA 2FA, you may receive an error message indicating "Kaseya is asking for a 2FA code which we cannot support for API calls. Please disable 2FA for this user."

To solve this issue, you can configure the IP allowlisting for Lifecycle Manager sync servers in your AuthAnvil settings within the VSA admin panel: AuthAnvil > Two Factor Auth > Configure Kaseya Logon. You can request Lifecycle Manager's IP Allowlist by email: success@scalepad.com.

As soon as you have allowlisted Lifecycle Manager's sync servers, you will be all set up for a successful Kaseya VSA integration. Additional information on Requesting Lifecycle Manager's IP Allowlist can be found here.

When you click Save Kaseya VSA Setup, Lifecycle Manager performs a full sync. When finished, you should be able to view your hardware assets in your account.


What's next

Did this answer your question?