Kron PAM is flexible in adding and managing accounts. With sufficient portal rights given to users, they can add their accounts, just like admins. In this respect, management rights can be assigned to an admin or authorized user. User rights will be detailed in the Password Vault User Rights section.

parameter must be configured in System Config Manager as 

as private, as long as the Private field on the Vault account addition modal is set as 

. If an account is set as private, it cannot be seen by other users in the same User Group.

Private accounts can be set to work by default through the system, by configuring the following parameters in the System Configuration Manager:

Each account has one user ownership. Users can share the account with their group or with other groups whenever they want.

The following system config parameter enables case sensitivity for Vault account names:

In Kron PAM, for users defined in the password vault, headers have been placed at the top of the screen to provide a summary based on the 

In this panel, the distribution of accounts added to the password vault is displayed schematically with each type represented by a different icon and color. The following are shown separately in the PAM system:

Number of Vault Accounts by protocol type (regardless of whether they are Dynamic or Static), such as 

When each icon or color object in this panel is clicked, the relevant Vault Accounts will be listed on the screen.

Learn how to add and manage accounts in Kron PAM with ease. This document highlights the flexibility of granting portal rights to users, allowing them to have similar privileges as admins. Discover the power of assigning management rights to authorized us

Adding Dynamic Accounts in Password Vault

Adding Dynamic Configured Static Accounts in Password Vault

Adding Static Configured Static Accounts in Vault

Export Vault Account

Account Tags

Adding Accounts in Password Vault

Password Vault SSH Key Rotation

Password Vault  Account Permissions

Adding a New Password Vault Group

Editing a Password Vault  Group

Deleting a Password Vault Group

Adding a Vault Account to a Group

Adding Permissions to Password Vault Groups

Adding Child Groups to Password Vault Account Groups

Properties for Password Vault Account Groups

Password Vault Group

Check Out Account Password

Change Account Password Manually

Bulk Update Password

Check Account Password

Reset Account Password

Bulk Reset Account Password

Edit Account

Delete Account

Bulk Edit Account

Managed Systems

Adding Vault Configurations

Duplicating Vault Configurations

Configuration Property to Show Password to Multiple Users

Configuration Properties to Execute Commands After Changing Passwords

Configuration Property to Send Password Change Reminder 

Adding Cluster Accounts in Password Vault

Adding Auto Import Rules

New Account Notification Email Configuration

Editing New User Check Cronjob

Importing New Users to Password Vault

Deleting New Users

Discover New Users

Password Vault Accounts Bulk Import

Display Account Logs

Display Password History Log

Managing Passwords in a File

Password Retrieval Approval Notifications

Password Retrieval Second-Level Approval Notifications

Password Vault Mail List Notifications

Notifications over Account

Notification over Account Group

Notification over Account Owner

Configure Notifications

Password Vault Notification Settings

Auditor User

End-User

Account & Group Creator User

Admin User

Password Vault User Rights

Approval Configuration

Password Vault  Admin Approval Role

Assigning a Manager to an Account

Assigning an Escalation Manager to an Account

Assigning a Manager to a Group

Assigning an Escalated Manager to a Group

Password Vault Admin & Manager Approval Roles

Removing Approved Users

Manager User Approval Role

Account Based Approval Mechanism

Future Date Reservation

Split Password Feature

Password Validation Check

Web Application Password Management

Show Notes Option

Check Out Password Option

Secret Notes

Set Manual Password for Dynamic Vault Accounts

Password Blacklist for Vault Static Accounts

Password Generator

Recycle Bin For Vault Accounts

Connect to Device

Vault Secondary Password Definition (Dual Lock)

Password Vault

3.8.0 Kron PAM Web GUI

License Manager

Email Server Configuration

Language Settings

Menu Lists Management

System Configuration Parameters

Enabling Push Notifications for Kron PAM Mobile Client Application

Enabling HTTPS on the Kron PAM Web GUI

Backup Management

SAML Authentication

Hardware Security Module (HSM) Integration

Windows Authentication on the Kron PAM GUI

PKI Authentication

SMS Configuration

Logo and Background Customization

Multitenancy

Kron PAM Administration

Manual User Creation

Kron PAM Users Search

User Actions Menu

Editing Kron PAM Users

Editing User Properties

Temporary User

Local User Bulk Import

New User Request

Force New User to Change Password 

User Password Strength Settings 

User Password Hash Algorithm Settings

Notifying Inactive Users Before Lock

LDAP/Active Directory Integration

User Group Creation

Assigned Credentials

SSH Keys Manager

User Management

Element Type

Device Groups

Device Inventory

Device Management

Policy Key Creation

Policy Groups Creation

Device Realm Creation

Policy Tracking

Policy Management

Managerial Approval for Connections 

Managerial Approval Connection Reservation

Managerial Policy Reservation

Managerial Approval for Commands

Managerial Approval in Shared Account Password Manager (Vault)

Approval Workflow

Approval Workflow SMS Settings

Approval Management

SSH Proxy

RDP Proxy

HTTP Proxy

Advanced Authorization Methods

User and Entity Behavior Analytics

Session Manager

Application Token

Audit

Vault Agent

Secrets

Sending the MFA QR Code to Users

Creating a Connection Between Kron PAM and the Kron PAM Mobile Client Application

Enabling Multi-Factor Authentication (MFA)

Using MFA to Log in to the Kron PAM Web GUI

Using MFA to Log in to the Kron PAM Desktop Client

Using MFA for SSH Connections

Using MFA for RDP Connections

Using MFA for SSH Proxy

Using MFA for HTTP Proxy

Using MFA for SFTP Proxy

Using MFA for TACACS+ Manager

Using MFA for Radius

Using MFA for Kron PAM Mobile Client Application

Using MFA for Secure Remote Access

Offline Mode Settings

Using SMS for MFA

Using Email for MFA

User Token Management

Using Hardware Tokens for MFA

Using Authentication Key (FIDO Key) for MFA

Using Keystroke to User Behavior Analytics

MFA Configurations for VPN Services

External MFA Providers

Multi-Factor Authentication

Basic Configurations for Unified Access Management

MSCHAPv2 RADIUS Configuration

TACACS+ Management Configuration Page 

Unified Access Manager

Sensitive Data Discovery

SFTP Proxy

Data Access Manager

Importing Devices from Amazon Web Services

Importing Devices from Microsoft Azure

Importing Devices from the Google Cloud Platform

Cloud PAM

CSP Account Definition

Enabling CIEM Service

Cloud Infrastructure Entitlement Management (CIEM)

Creating Script Group

Creating Script

Adding a Script Realm

Running a Script

Privileged Task Automation Logs

Privileged Task Automation

Kron PAM Logs

Active Sessions and Dual Control

System Log Viewer

SIEM Configuration

Kron PAM Reporting and Logging Functions

Reference Guide