Device Onboarding
Each platform connects over its native API or SSH with a read-only / least-privilege
account. SAMURAI never makes configuration changes; it polls and reads. SSH device
commands are restricted to show.
| Platform | Connection | Account |
|---|---|---|
| Cisco ACI (APIC) | HTTPS API | Read-only admin |
| Nexus Dashboard Orchestrator | HTTPS API | Read-only |
| Cisco FMC | HTTPS API | Read-only API user |
| Cisco FTD / ASA | SSH (CLISH) | Read-only |
| Cisco ISE | ERS / OpenAPI | Read-only ERS admin |
| Palo Alto | XML API | Read-only |
| FortiGate | REST API | Read-only |
| VMware vCenter | vSphere API | Read-only |
| Active Directory | LDAP | Bind account (paged read) |
| Routers / Switches | SSH | Privileged show access |
After adding a device, SAMURAI runs an initial sync and then re-syncs on a schedule (configurable in Settings). For what each platform exposes once connected, see the per-vendor Device Panels.
Credentials are stored encrypted at rest (AES-256-GCM) and used read-only. Grant the account only the access listed above; SAMURAI never needs write or configuration rights.
Last updated on