Reference Guide
...
SSH Proxy Connections

Multiple User Selection in SSH Proxy

This feature allows the user to select the appropriate account to connect to the target system, as there could be more than one option. This feature is enabled by configuring the possibility of more than one connection. Possible choices are Manual Login, Global User, Vault User, and Assigned Credential User. To add Session User to this list, the addSessionUserToUserSelection property needs to be configured.

  1. Navigate to Devices> Device Groups.
  2. Click the Device Group and select the Properties option.
  3. Click the Edit the Next buttons.
  4. Expand the Additional Credentials section.
  5. Toggle on the Add Session User to Credential Selection.

The table below shows which user has priority, and the resulting Kron PAM behavior:

Add Session User to Credential Selection

Add Manual Login to Credential Selection

Global User Count

Behavior

False

False

0

Connect with “Session User” automatically

False

False

1

Connect with “Global User” automatically

False

False

More than 1

List Global Users

False

True

0

Ask for username/password

False

True

1

List the "Manual Login" and “Global User” options

False

True

More than 1

List the "Manual Login" and Global User options

True

False

0

Connect with “Session User” automatically

True

False

1

List the "Session User" and “Global User” options

True

False

More than 1

List the "Session User" and “Global User” options

True

True

0

List the "Session User" and "Manual Login" options

True

True

1

List the "Session User”, "Manual Login", and “Global User” options

True

True

More than 1

List the "Session User”, "Manual Login", and “Global User” options

The table above reflects the possible scenarios that can be defined with the properties listed (Add Session User To Credential Selection and Add Manual Login To Credential Selection) and the behavior that occurs for the related scenarios. The Global User count for each scenario is shown under the ‘Global User Count’ column.

For instance, if a global username and Session User (LDAP/AD User) property is set at the same time, it results in the scenario shown in this figure:

Global Username/Password and Session User Properties set at the same time.
Global Username/Password and Session User Properties set at the same time.


On the SSH Proxy terminal, the user will have a multiple-user selection window available and will be eligible to select one of the connection ways to access the target device.

Multiple User Selection on SSH Proxy Terminal
Multiple User Selection on SSH Proxy Terminal