Reference Guide
User Management

Assigned Credentials

Assigning credentials correlates different Kron PAM users with specific local or Active Directory (AD) users or groups in target systems. It sets up the connection to the target system by matching the Kron PAM users or groups with local or AD users. In Proxy connections, the target deviceโ€™s credentials are either entered as a global username/password or they can be retrieved from the Password Vault. In either situation, the users use just one local user to connect to the target device, and these credentials are defined for the whole device group. In some cases, different users might need to connect to the same devices with different user accounts. In this case, assigning credentials will let different Kron PAM users connect to target devices with different SAPM accounts. Also, as mentioned above, user groups can be retrieved from Active Directory. Credentials that are kept in SAPM can be assigned to AD user groups, as well as users. If a specific Device or Device Group is selected in the Assigned Credentials definition, the user can use the SAPM account defined in the selected device connection. This process applies to devices for the selected Device or Device Group, or you can use the Apply for All Devices option.

Connection with and without Assigned Credentials
Connection with and without Assigned Credentials
๏ปฟ

In the example illustrated above, the users are connecting to target devices with and without assigned credentials. In the first diagram, Kron PAM

users A, B, and AD user groups use the same local/AD user accounts to connect to the target devices. In the second diagram, assigned credentials were configured between Kron PAM User A and Local/AD User A, and between Kron PAM User B and Local/AD User B, which allowed Kron PAM User A to log in to target devices as Local/AD user A, and Kron PAM User B to log in as Local/AD user B.

Defining the Assigned Credentials allows the use of the defined accounts in Active Directory, LDAP, WinRM, and SMB strategies to connect to different devices. But first, you must configure the local/AD user as a Dynamic Password Controller account to use assigned credentials. See the related sections in this document for configuration details. To configure assigned credentials:

  1. Navigate to User Management > Assigned Credentials.
  2. Enter the Kron PAM user or user group in the User Selection field and select Credentials Source.
  3. Enter the SAPM account name to be used to connect to the target devices in the SAPM Account field and click Save.
  4. Fill in the Device or Device Group fields if the user wants to connect to a specific device (Optional)
  5. Check the Apply for All Devices box if the user wants to connect to all devices. (Optional)
  6. Navigate to Device Management > Device Groups.
  7. Right-click the device group that will connect to the target devices via assigned credentials and select Show Properties.
  8. Define the following configurations: Property Key: addAssignedCredentialToUserSelection Value: true
Assigned Credentials Configuration
Assigned Credentials Configuration
๏ปฟ

๏ปฟ

PREVIOUS
Importing User Groups
NEXT
Assigned Credentials Bulk Import
Docs powered byย Archbee