In some cases, there are no Active Directory credentials in the target systems. Also, not all users use the same credentials. There is more than one privileged user account in the target system, and different user groups use different privileged accounts to log in to the target system. 

In the example below, the company policy is that User A logs in to the target system as Account X, and User B logs in to the target system as Account Y. This configuration is made in Kron PAM as Assigned Credentials.

Role-Based Management Configuration: Users, User Groups, Devices, Device Groups, and Device Realms need to be configured properly. Admins also give users the right to see the permitted device list.

Assigned Credentials Configuration: The Assigned Credentials parameter is configured in Kron PAM.

Log in to Kron PAM: Users log in to Kron PAM via Web GUI.

User Session Established: The session between the user and Kron PAM is established.

RDP Connection Request: The user chooses the desired system from the Device Inventory and sends a connection request.

Log in to the Target System: Kron PAM checks the assigned credential parameters and connects the user with the proper account.

Monitored Session Established: The session between Kron PAM and the target system is established.

Back-to-Back Session Establishment: By establishing the user session and the monitored session, a back-to-back session is established between the user and the target system.