...
On the navbar, expand Privileged Access and click Computers.
Click the Computer Credentials tab and then click the Add button.
From the Type drop-down of the Password Vault Data dialog that appears, select the appropriate type of credential. Your options include the following:
Default Credentials — Select this standard credential type to vault any set of credentials that has significance in your environment.
Domain Admin — Select this credential type to vault credentials for the administrator account in a domain managed in EmpowerID. Approved users are granted domain administrator permissions for all computers in the domain that you link to the credential.
Domain User — Select this credential type to vault credentials for a non-administrator account in a domain managed in EmpowerID. Approved users are granted user account permissions for each computer in the domain that you link to the credential.
Local Admin — Select this credential type to vault credentials for an administrator account on a local computer managed in EmpowerID. Approved users are granted administrator permissions on the local computer.
Enter a name for the credential in the Name and Display Name fields. As a best practice, you should not give a vaulted computer credential the same name as the account to which the credential is linked.
From the Shared Credential Policy drop-down, select the Shared Credential policy to link to the Computer Credential. Here are the default options for computers:
Computer Creds - Allow Multi-Check-Out - No Password Reset — Select this policy to create credentials that initiate an RDP or SSH session where more than one session (credential check out) is allowed and you do not want EmpowerID to reset the password for the account when a user checks in the credentials. The reset password on check-in option should be disabled for Multi-Checkout policies. For Multi-Checkout policies, you can rotate the passwords after hours using the scheduled reset feature.
Computer Creds - No Multi-Check-Out - Password Reset — Select this policy to create credentials that initiate an RDP or SSH session where more than one session is not allowed and you do want EmpowerID to reset the password for the account when the user checks in the credentials.
MFA - Computer Creds - Allow Multi- Check-Out - No Password Reset — Select this policy to create credentials that initiate an RDP or SSH session where multi-factor authentication is required, more than one session (credential check out) is allowed, and you do want EmpowerID to reset the password for the account when the user checks in the credentials.
Type a description in the Description field.
To vault credentials for a domain admin or user, in the Managed User Account field, enter a managed user account and then click the tile for the account to select it. This field does not appear on the form if you select Default Credentials from the Type drop-down.
In the User Name field, enter the user name for the account you are vaulting.
To vault credentials that initiate an RDP session with a Windows computer, in the Password field, enter the password for the account.
To vault credentials that initiate an SSH session with a Linux computer, select the SSH Key checkbox, then browse for and select the SSH Key for the computer.
Optionally enter notes in the Notes field.
Click Save.
If you have not yet entered your master password for this session, EmpowerID prompts you to do so. Enter your master password and click OK.
If you have not yet created a master password for yourself, EmpowerID prompts you to do so. Enter a password in the Password and Confirm Password fields and click OK.
...
Now that you have vaulted the computer credential, link it to one or more managed computers or a managed domain to allow users to access those computers using the credential.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
...