Once the Bridge agent is set up, you can log in to the bridge agent to view and modify the allowed configuration as needed. To do this:

1. In Qntrl, navigate to (settings) >> Advanced >> Bridge, then select your bridge.

2. Hover your cursor over the bridge name, then click on the action menu, and select Open Agent.

3. This will direct you to the bridge agent login page. Log in with your username and password.

4. Click the   (settings) icon at the top right of the header bar.

5. The following settings options will appear on the left pane.

1. Configuration

2. Reset Password

3. Credentials

4. Configure OAuth

5. Configure SSL

6. From the options, you can click on the desired action to perform various configuration tasks.

View Bridge agent configuration   

Click Configuration from the left pane to view the following bridge agent configurations:

1. Bridge Configuration: Displays details such as Organization Name, Bridge Name, Registration Key, Polling Interval, and Installation Directory.
2. Version Details: Displays the bridge version.

      

     

Change login password   

1. Click Reset Password from the left pane.
2. Enter your Current Password and New Password.
3. Click Save to update the login password. 

Store credentials in Bridge   

1. Click Credentials from the left pane.
2. Click the Add Credentials button present at the top right of the page.
3. Enter the Credential details.
   
1. Credential Name: Give a name to the Credential.
   
2. Type: Click the dropdown menu, select the suitable Credential type based on the service you wish to connect with, and complete the relevant fields associated with the chosen Credential type. For instance, if you intend to perform a task within the AD module, choose Type as 'Active Directory'.
   
1. API - Provide API Key
   
2. JDBC - Provide User Name and Password
   
3. SSH - Provide Public Key/Password
   
4. PowerShell - Provide User Name and Password
   
5. Active Directory - Provide User DN and Password
Refer to the below section, Types of Credentials for more insights into the credential type used.





4. Click Save. The credentials will be stored and ready for use.

Types of Credentials       

1. API  

1.  Append To: Select the Parameter or Header to append the credential
   
2. Token: Enter the API token generated in the target service, included in the API request header or parameter.
   
3. Header Name: If the Append To field is selected as Header, enter the name of the HTTP header carrying the API token (e.g., Authorization, API-Key, Bearer).
   
4. Parameter Name: If the Append To field is selected as a Parameter, enter the query parameters or request body parameters containing the API token.

2. JDBC 

Grants access to a database connection by establishing a connection with a database using the provided username and password. Upon selecting JDBC as the credential type, fill in the following field details.

• Username: Username associated with the database account.

• Password: Password for the corresponding username to authenticate database access.

3. SSH (Secure Shell) 

Enables secured connections to UNIX and Linux devices by executing commands over SSH protocol. This credential type has two modes of authentication.

i. Password Authentication:

1. Authentication Mode: Select the authentication mode Password/Public Key
   

• User Name: Username on the target machine.
  
• Password: Password for script execution.

• User Name: Username on the target machine.
  
• Identity: Location of the Private Key.
  
• Passphrase: Password that can be added optionally for an extra layer of security during the key generation.

4. PowerShell 

Used for secure connections with Windows machines by executing Powershell commands. If you've chosen Powershell as the credential type, provide the following details in the designated fields.

• User Name: Username on the Windows machine.
  

• Password: Password associated with the machine for script execution.

5. Active Directory 

Used for authentication and accessing resources within an Active Directory environment. For AD credential types fill in the following details.

• User DN: Distinguished Name of the Active Directory.
  

• Password: Active Directory password.
  

OAuth Configuration  

Pre-requisite

Configuring OAuth for Connection

1. Select Configure OAuth from the left pane.
2. If you've registered your application before, enter your Client ID and Client Secret.
• Client ID: Unique identifier you receive when you register your application with Zoho.
  
• Client Secret: A unique key generated upon registering your application with Zoho.
  
• Authorized redirect URI: URI endpoint for client-based applications to which Zoho Accounts has to redirect the user-agent with the access token after authorizing the client.
  

To register your application and generate a Client ID and Client Secret, select the '+' icon next to Client ID and follow the registration process outlined in the Register your Application section, commencing from step 3.

3. Click Save and Connect.

4. Upon successful authorization, the connection will be created and the status will be shown as Connected.

5. You have the option to modify or revoke the connection you've created by simply clicking the Edit or Revoke buttons.

Register your Application    

You must register your application through the Zoho API Console, to receive your Client ID and Client Secret. Follow these steps to register your application successfully:

1. Visit the Zoho API Console by navigating to the official website Zoho API Console and click GET STARTED.

      

2. Choose the "Server-based Application" client type and click CREATE NOW.

      

3. Provide the following details:
   

1. Client Name: Enter the name of the application you want to register with Zoho.
   
2. Homepage URL: Input the URL of your application's web page.
   
3. Authorized Redirect URIs: Specify a valid application URL to which Zoho Accounts will redirect you, providing a grant token (code) upon successful authentication.
   

4. Click CREATE.

      

5. Upon successful registration, you will receive the following credentials:

Client ID: The consumer key generated from the connected app.

Client Secret: The consumer secret generated from the connected app.

      

For more in-depth information about OAuth integration with Zoho, you can  refer to Zoho's OAuth documentation 

• The Client Name should not include any special characters except for "_" and "&."
  

• The Redirect URIs must be in the format "https://www.your-domain.com/callback".

• The Homepage URL in the format "https://www.yourdomain.com"

Configure SSL 

Prerequisites   

Before enabling HTTPS for the Bridge, ensure that the following requirements are met:

OpenSSL Version Requirement  

Qntrl Bridge currently requires OpenSSL 1.x. To enable HTTPS, ensure that OpenSSL 1.x is installed on the Bridge host computer.

• If OpenSSL 1.x is installed, you can proceed with configuring HTTPS.

• If OpenSSL 3.x or any other version is installed, follow the steps below to install OpenSSL 1.x.

 

Steps to Install OpenSSL 1.x  

For Linux:

1. Download the OpenSSL 1.x source archive using the following command: wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz
2. Extract the downloaded archive: tar -xvzf openssl-1.1.1w.tar.gz
3. Navigate to the extracted directory: cd openssl-1.1.1w 
4. Configure the installation directory for the OpenSSL(e.g., /opt/openssl-1.1.1w): ./config --prefix=/opt/openssl-1.1.1w
5. Ensure the GCC compiler is installed. If not, update the system and install GCC: sudo apt update && sudo apt install gcc
6. Build OpenSSL: make
7. Install OpenSSL: sudo make install
8. Verify the OpenSSL installation: /opt/openssl-1.1.1w/bin/openssl version
9. Add the following lines to your .bashrc file to update environment variables:
   

            export LD_LIBRARY_PATH=/opt/openssl-1.1.1w/lib:$LD_LIBRARY_PATH

            export openssl=/opt/openssl-1.1.1w/bin/openssl

Once HTTPS is enabled for the Bridge, you can remove these lines from .bashrc.

For Windows:

1. Download OpenSSL 1.x for Windows, from a trusted source like this link.

2. Extract the downloaded ZIP file into a folder and install.

3. Set the OpenSSL 1.x version as default in the environment path.
   

Steps to Configure SSL  

1. Click Configure SSL from the left pane of the settings page.
2. If the Configure SSL section is not visible on the settings page, manually open <bridgehostname:portnumber>/account/ssl in your browser's address bar. This will open the Configure SSL section. You can then proceed with the steps below.
3. Fill in the Following Fields:
   

• Private Key: Upload the private key file of your server, used to digitally sign your Certificate Signing Request (CSR) and to secure and verify connections to your server. Learn more about private keys.
  
• Private key password: Use the password provided during private key generation.
• Root Certificate: Upload the Root SSL certificate issued by a trusted certificate authority (CA).
• Intermediate Certificate: Upload the intermediate certificate that acts as a bridge between a root certificate and an entity certificate, providing an extra layer of security.
  
• Server Certificate: Upload the server certificate, typically issued to hostnames, representing the bridge server. Enabling HTTPS is mandatory if a server certificate is uploaded.
  

2. Enable the Enable Https checkbox.
3. Click Save Keystore. The bridge will restart in HTTPS mode.
   

Sample to Create Configuration Files and Generate Certificates   

1. Create a Configuration File

Create a file with the following sample content and save it as <name.conf>.

[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
 
[req_distinguished_name]
C = {Your country code}
ST = {Your state}
L = {Your city}
O = {Your organisation}
OU = {Your org unit}
CN = {Your bridge domain}
 
[req_ext]
subjectAltName = @alt_names
 
[alt_names]
DNS.1 = {Your bridge domain}

This file contains the details for the certificates.

2. Create a Private Key

Execute the following command in the terminal:

openssl genrsa -out {bridge_domain}.key 2048

This command will create a .key file, which has to be uploaded in the Private Key field.

3. Create a CSR (Certificate Signing Request)

Execute the following command to create a .csr file. You will need this to obtain the server certificate from your Certificate Authority.

openssl req -new -key {bridge_domain}.key -out {bridge_domain}.csr -config cert.conf

Execute the following command to create a server certificate for testing purposes.

openssl req -key {bridge_domain}.key -new -x509 -days 365 -out {bridge_domain}.crt -config cert.conf

Truststore  

The bridge truststore is used for all outbound calls from the bridge. You can upload certificates that the bridge needs to trust.