VMDR OT Release 1.2.1
June 25, 2025
Support for OAuth from Qualys Enterprise TruRisk™ Platform
We have now extended our support for OpenID Connect Authentication Client Management capabilities from the VMDR OT user interface. This update allows for secure authentication and authorization of API access directly from the user interface. With this feature, interactions of VMDR OT APIs are now authenticated with enhanced security measures.
In this feature, the ID tokens are generated and validated with utmost security. This seamless integration requires minimal changes to the existing infrastructure, allowing to maintain the highest level of security for APIs.
With the Auth ID Client Management from VMDR OT user interface, you can:
- Manage authentication and authorization processes more intuitively, providing a smoother user experience.
- Easily handle API access permissions directly from the VMDR OT user interface, simplifying the process of granting and revoking access when needed.
- Maintain your existing workflows with minimal changes, enabling you to continue your tasks without the need to learn new processes extensively.
Access Control
We have provided role-based access control to create User Level and Subscription Level clients. A user with Manager role can create these clients.
- User Level Clients: These clients are associated directly to individual user accounts, making them ideal for scenarios where user-specific access control is required. Users can access APIs and VMDR OT functionalities that are provided in this client.
The token generated through the User Level client becomes invalid if the user is deactivated. - Subscription Level Clients: These are independent of users and offer broader access within the subscription. It means the token generated through this client is tied to the subscription rather than an individual user.
The token generated for a subscription level client continues to function even if the user is deactivated.
Non-manager users are restricted to creating only User Level Clients, ensuring limited access control.
To access the Auth ID Client Management tab, navigate to your profile icon, located at the top-right corner, and click View Profile > Auth Id Client Management tab.
For a client creation, select either User Level or Subscription Level and click New Client.
Only users with manager privileges can view and access the Subscription Level tab.
While creating a client, you can select all modules at once or individual modules as required. You can also set various permissions including global permissions, dashboard permissions, tagging permissions, as well as API access. Depending upon these permissions, a user can access the modules and its features that are assigned to the client.
Based on the permissions you select:
- If the API Access permission is not enabled under Global Permissions > Access, the API returns a response with this message:
User does not have permission to access API module - If the OT API Access permission under VMDR OT > OT Permissions is not enabled, the API returns a response with this message:
Access denied due to insufficient permissions
Once you click Create, Client ID and Client Secret Key are automatically generated.
The Client Secret Key is displayed only once. Make sure to copy and store it securely. This key is essential for generating JWT tokens and cannot be retrieved later. For more information, refer to VMDR OT 1.2.1 API Release Notes.
Permission Required for Using VMDR OT APIs
The following permissions must be enabled in the client to access VMDR OT APIs:
| VMDR OT API | Permissions |
|---|---|
| List OT Host Assets | OT API Access |
| List OT Vulnerabilities | OT API Access and OT Vulnerabilities Access |
| List Project Files API | OT API Access and Import OT OCA File Access |
Visibility into File Import Failures
You can now view specific failure reasons when the import of a project file fails. The failure reason is displayed when you hover over the caution icon (
) next to the Failed status.
The import can fail due to the reasons mentioned in the following table.
| Failure Reason | Description |
|---|---|
| Failed to upload the file. Please try again. | Occurs when the project file cannot be uploaded to VMDR OT. |
| No assets found in the file. Please check the file content. | Occurs when the uploaded project file does not contain any asset data. |
| Failed to import assets from the file. Please try again. | Occurs when VMDR OT is unable to import asset data from the project file. |
| Failed to parse the file. Please ensure the file is of supported format | Occurs when the system cannot read the project file due to an unsupported or incorrect file format. |
| Failed to analyze the file. Please ensure the file is of supported format. | Occurs when VMDR OT cannot analyze the contents of the project file. |
| Failed to trigger file deletion. Please try again. | Occurs when VMDR OT is unable to initiate the deletion process for the project file. |
| Failed to delete the file. | Occurs when VMDR OT starts but fails to complete the file deletion process. |