Assigning Kron PAM Credentials to Target System Accounts
In some cases, Kron PAM users are connected to target devices with different credentials. In other situations, there are more than one privileged user account in the target system and different user groups use different privileged accounts to log in to them. The Assigned Credential feature matches the Kron PAM users with the target device users.
In the example below, User A wants to connect to the target system with Account X and User B wants to connect to the target device with Account Y. In this case, User A is assigned to Account X, and User B is assigned to Account Y.
The following steps should be followed to configure the Assigned Credentials Feature and enable its use for a device group.
This device group should be added to a device group realm with the user group including the users, beforehand.
- Log in to the Kron PAM Web GUI as an admin user.
- Navigate to Device Management > Device Groups.
- Right-click the desired Device Group and select Show Properties.
- Save the addAssignedCredentialToUserSelection property as true.

To set up the assigned credentials for different users, first save the accounts. After saving these accounts, follow these steps:
- Log in to the Kron PAM Web GUI as an admin user.
- Configure the SAPM account for the target system.
- Navigate to User Management > Assigned Credential.
- Start typing the username in the User text box. Matching users will appear below. Select the one for whom another credential will be assigned.
- Select SAPM as the Credential Source.
- According to the selection, either select the SAPM Username name and click Save.
Once these steps are completed, assigned credentials will be used for the connection whenever the defined users are trying to open an SSH session.
