IBM Verify Privilege Vault Ticket System Integration

25 June, 2025, by Tom Macartney

IBM Verify Privilege Vault is a powerful password vaulting, auditing, and privileged access control solution. Its role relates to the identification and security of all service, application, administrator, and root accounts across an enterprise.

Part of the solution is the granular control it offers in the use of these secrets. When checking out a secret, users can be prompted to add a comment, provide a second factor of authentication, require approval from another user, or accept their session being recorded.

Whilst many companies use these services to manage their privileged accounts and track their usage, there is an additional use case that is often overlooked. That is an integration with their ticketing system.

Ticketing systems are used to streamline the process of handling queries or problems reported by customers and employees. By raising a ticket, the system is able to track the resolution process from initial report to closure. Tickets can be raised for all sorts of reasons with some involving access to privileged accounts or resources in order to be resolved. This is where IBM Verify Privilege Vault has some useful functionality.

This article will give you an overview of how one can ensure that privileged users have a valid ticket prior to checking-out a secret from IBM Verify Privilege Vault.

Verify Privilege Vault 

Verify Privilege Vault can integrate into common third-party ticketing systems as well as providing a means to "roll your own" integration via PowerShell scripting. Available integrations include: 

• Atlassian JIRA
• BMC Remedy
• ManageEngine ServiceDesk Plus
• ServiceNow

For the purposes of this article, we are going to focus on PowerShell Ticketing Integration. Our goal is to prompt users to enter a ticket number in the comment section, when requesting a secret. This number will be validated by a PowerShell script and the internal ticket system before access is granted. 

Setup PowerShell Script 

Our first task is to create the PowerShell script we are going to use to validate the ticket number presented in the comment. In the Settings section, under Tools and Integrations, select the Scripts: PowerShell, SQL, SSH.

On the next screen, we select Create Script at which point we will be presented with a form which should be completed as such:

• Name: Whatever you want to call the script
• Description: Be descriptive
• Status: Set to enabled
• Script Type: PowerShell
• Category: Ticket Comment

The following code can be used for simple tests - it checks to see that the ticket number provided was 001. Any other ticket number will cause a rejection.

$comment = $args[0]

Write-Host "Received comment: $comment"

$validTicketPattern = "001"

# Validate if "001" is mentioned in the comment
if ($comment -match $validTicketPattern) {
    Write-Host "✅ Access granted - Ticket 001 found."
    exit 0
} else {
    throw "❌ Access denied - Invalid ticket number."
}

Setup Ticketing System 

Back in Settings, we navigate to the Configuration section, look under the General tab, where we find (and click on) the Ticket System link. 

Next, select the option to Create ticket system after which a form will be presented allowing us to create a new ticketing system with the following details:

• Name
• Description
• Enabled (ticked)
• Default (ticked)
• Ticket number reason options (set to Only Require Ticket Number)
• Ticket system publicly available (ticked)
• Type (Custom Ticketing System - PowerShell)
• Ticket number validation error message (be inventive)
• Run as account (an appropriate internal account that can execute scripts)
• Ticket status script (the script you created above)

The final setup could look like this:

Secret Setup 

After selecting the Secret we want to link to the Ticket System, we must enable the ‘Require Check Out’ and ‘Require Comment’ security options under the Security tab, e.g.:

Save the configuration and navigate back to the All Secrets list. When we select the configured Secret for Check Out, the user will be presented with a form to fill out.

If the script is working as expected, when we enter a viable ticket number the service should successfully Check Out the secret and open to the secret overview page.

If an incorrect ticket number is supplied, the Check Out will fail and the error message “Access denied – Invalid ticket number” will be presented to the user:

Conclusion

That concludes the overview of integrating a ticketing system into IBM Verify Privilege Vault for secrets validation. This exciting feature allows for greater granular control of PAM environments by helping ensure that access to secrets is related solely to a valid ticket in your Ticketing System of choice.