Page Comparison

When a manager wants to delegate temporary access to a privileged application to an employee with otherwise limited access, sharing a password is not the most secure way to do so. The Privileged Application Launcher allows employees to submit requests to check out vaulted credentials for a specified number of minutes using their own password(PAL) is a local Windows desktop application that enables users to temporarily check-out vaulted Active Directory credentials and launch Windows applications as the check-out identity. PAL acts much like the Runas command but without requiring the user to be granted knowledge of the privileged user password.PAL operates using Windows security so it is limited by Windows domain and trust restrictions.

To install the Privileged Application Launcher

Employees install the Privileged Application Launcher on their local machines.

1. Double-click the installer file, EmpowerIDApplicationLauncherInstaller.msi.
2. In the setup wizard that appears, provide the URL of the EmpowerID host and click Next.
   
   
   
   

3. On the Ready to install page, click Install. 
   
   
   
   

   Note
   Since this must be installed as an administrator, a message flashes on your taskbar. Click it to open the User Account Control requesting permission to make changes on your device. Click Yes to continue.

   
   

4. When the agent finishes installing, click the Finish button to close the wizard.
   
   
   
   

To use the Privileged Application Launcher

There are two ways to use the Privileged Application Launcher. Here is the first.

1. In the Start menu, search for "EmpowerID" and click EmpowerID Application Launcher.
2. In the EmpowerID Privileged Application Launcher window that appears, click the Login button.
   
   
   
   
3. Enter your EmpowerID credentials in the EmpowerID Secure Web Login dialog that appears and click Login.
   
   
   
   
4. The dialog disappears. Back in the Privileged Application Launcher, the Login button changes to Refresh. Click Applications.
   
   
   
   
5. The list populates with links to any applications to which you have access. To limit the choices, type part of the name of the application you want in the Search box and hit Enter.
   
   
   
   
6. When you see the application you want in the search results, double-click it to select it. The selected application link is populated in the Application To Launch field. Click Find Credentials.
   
   
   
   
7. The list populates with any credentials to which you have access. To limit the choices, type part of the name of the credentials you want in the Search box and hit Enter.
   
   
   
   
8. When you see the credential you want in the search results, click the check mark next to it to send a request to check out the credentials.
9. In the Request Check-Out dialog that appears, set the number of minutes that you need to use the privileged account, type the reason you need the credentials, and click Submit.
   
   
   
   
10. In the Master Password Prompt dialog that appears, enter the master password that you used when initially vaulting your credentials and click Validate.
    
    
    
    
11. Once the owner of the credential has approved the request, the application opens using the shared credentials.

To use the Privileged Application Launcher from File Explorer

There are two ways to use the Privileged Application Launcher. Here is the second.

1. In File Explorer, navigate to the application that you want to launch with privileged access.
2. Right-click the executable for the application and select Open with EmpowerID.
   
   
   
   
3. In the EmpowerID Privileged Application Launcher window that appears, click the Login button.
   
   
   
   
4. Log in using your EmpowerID credentials the EmpowerID Secure Web Login dialog that appears and click Login.
   
   
   
   
5. The dialog disappears. Back in the Privileged Application Launcher, the Login button changes to Refresh and the Application To Launch field populates with the name of the application to launch. Click Find Credentials.
   
   
   
   
6. The list populates with any credentials to which you have access. To limit the choices, type part of the name of the credentials you want in the Search box and hit Enter.
   
   
   
   
7. When you see the credential you want in the search results, click the check mark next to it to send a request to check out the credentials.
8. In the Request Check-Out dialog that appears, set the number of minutes that you need to use the privileged account, type the reason you need the credentials, and click Submit.
   
   
   
   
9. In the Master Password Prompt dialog that appears, enter the master password that you used when initially vaulting your credentials and click Validate.
   
   
   
   
10. Once the owner of the credential has approved the request, the application opens using the shared credentials.

To open a command prompt as administrator

1. From the Start menu, search for "EmpowerID" and click EmpowerID Application Launcher.
2. Click the Login button and log in to EmpowerID as above.
3. On the default view that appears, under Application to Launch, click the drop-down list and select cmd.exe.
   
   
   
   
4. Click the Find Credentials button.
   
   
   
   
5. Search for the shared credential that has local admin access to your machine, and click the check mark icon to select it.
   
   
   
   
6. In the Request Check-Out dialog that appears, provide justification for the access, and optionally change the default starting date and time and duration, then click SUBMIT.
   
   
   
   
7. In the Master Password Prompt dialog that appears, enter your master password and click Validate.
   
   
   
   The elevated command prompt appears.