Assign Credentials to Orchestration Activities Credential tagging gives an administrator more control over the credentials used in Orchestration activities. This is useful when an activity requires specific credentials to perform a task. You can assign individual credentials to any activity in a Orchestration workflow or assign different credentials to each occurrence of the same activity type in a Orchestration workflow. For example, you can tag the Run Command activity to use specific SSH credentials to run a command on a Linux virtual machine and use a different tag for another Run Command activity that connects to a database server in the same Orchestration workflow. Credential tagging interacts with credential affinity to determine which credentials should be used for a Orchestration activity. How credential tagging works A business rule called Insert Discovery Affinity (renamed from Insert Credential Affinity in the Geneva release) runs when a record is inserted into the ECC Queue. This rule determines whether a credential affinity exists for the device and identifies the proper credential_id (the sys_id of the record in the Credentials [discovery_credentials] table) to use in the generated probe. When the platform encounters an affinity with a credential tag value defined (credential_tag in the business rule), the business rule determines if the credential referenced by the affinity has the specified tag. If it does, the business rule selects the credential_id of the tagged credential and passes that value to the probe. If the credential does not have the specified tag, any other affinities that exist for the target system will be checked. If no affinity references an appropriately tagged credential, the MID Server iterates through the Credentials [discovery_credentials] table and selects the credential with the appropriate tag. The MID Server then creates a new affinity for this credential.Figure 1. Orchestration credential tagging logic Tag an ActivityThe goal in this example is to use the Run Command activity to restart a MySQL database server. To do this, the activity must use a specific credential tagged for that purpose.