Multiple User Selection in SSH Proxy
This feature allows the user to select the appropriate account to connect to the target system, as there could be more than one option. This feature is enabled by configuring the possibility of more than one connection. Possible choices are Manual Login, Global User, Vault User, and Assigned Credential User. To add Session User to this list, the addSessionUserToUserSelection property needs to be configured.
- Navigate to Devices> Device Groups.
- Click the Device Group and select the Properties option.
- Click the Edit the Next buttons.
- Expand the Additional Credentials section.
- Toggle on the Add Session User to Credential Selection.
The table below shows which user has priority, and the resulting Kron PAM behavior:
Add Session User to Credential Selection | Add Manual Login to Credential Selection | Global User Count | Behavior |
---|---|---|---|
False | False | 0 | Connect with “Session User” automatically |
False | False | 1 | Connect with “Global User” automatically |
False | False | More than 1 | List Global Users |
False | True | 0 | Ask for username/password |
False | True | 1 | List the "Manual Login" and “Global User” options |
False | True | More than 1 | List the "Manual Login" and Global User options |
True | False | 0 | Connect with “Session User” automatically |
True | False | 1 | List the "Session User" and “Global User” options |
True | False | More than 1 | List the "Session User" and “Global User” options |
True | True | 0 | List the "Session User" and "Manual Login" options |
True | True | 1 | List the "Session User”, "Manual Login", and “Global User” options |
True | True | More than 1 | List the "Session User”, "Manual Login", and “Global User” options |
The table above reflects the possible scenarios that can be defined with the properties listed (Add Session User To Credential Selection and Add Manual Login To Credential Selection) and the behavior that occurs for the related scenarios. The Global User count for each scenario is shown under the ‘Global User Count’ column.
For instance, if a global username and Session User (LDAP/AD User) property is set at the same time, it results in the scenario shown in this figure:

On the SSH Proxy terminal, the user will have a multiple-user selection window available and will be eligible to select one of the connection ways to access the target device.
