Reference Guide
User Management
Assigned Credentials
assigning credentials correlates different kron pam users with specific local or active directory (ad) users or groups in target systems it sets up the connection to the target system by matching the kron pam users or groups with local or ad users in proxy connections, the target device’s credentials are either entered as a global username/password or they can be retrieved from the password vault in either situation, the users use just one local user to connect to the target device, and these credentials are defined for the whole device group in some cases, different users might need to connect to the same devices with different user accounts in this case, assigning credentials will let different kron pam users connect to target devices with different sapm accounts also, as mentioned above, user groups can be retrieved from active directory credentials that are kept in sapm can be assigned to ad user groups, as well as users if a specific device or device group is selected in the assigned credentials definition, the user can use the sapm account defined in the selected device connection this process applies to devices for the selected device or device group, or you can use the apply for all devices option in the example illustrated above, the users are connecting to target devices with and without assigned credentials in the first diagram, kron pam users a, b, and ad user groups use the same local/ad user accounts to connect to the target devices in the second diagram, assigned credentials were configured between kron pam user a and local/ad user a, and between kron pam user b and local/ad user b, which allowed kron pam user a to log in to target devices as local/ad user a, and kron pam user b to log in as local/ad user b defining the assigned credentials allows the use of the defined accounts in active directory, ldap, winrm, and smb strategies to connect to different devices but first, you must configure the local/ad user as a dynamic password controller account to use assigned credentials see the related sections in this document for configuration details to configure assigned credentials navigate to users > assigned credentials click the +add button choose user or user group in the user selection field and indicate user or user group accordingly choose the assigned account in the vault account section this assignment can be done to all devices if the user wants to connect to all devices with this account or a device/a device group can be chosen this configuration is optional to use this assignment; navigate to devices > inventory click the edit button of a device group that will connect to the target devices via assigned credentials and select the edit option go to section 2 (properties) click the additional credentials menu and enable add assigned credential to credential selection sections 5 through 7 can also be applied to users or user groups when editing a user or user group in the assigned credentials menu, accounts for the same purpose can be selected