Multiple User Selection in SSH Proxy

This feature allows the user to select the appropriate account to connect to the target system, as there could be more than one option. This feature is enabled by configuring the possibility of more than one connection. Possible choices are Manual Login, Global User, SAPM User, and Assigned Credential User. To add “Session User (LDAP User)” to this list, the “addSessionUserToUserSelection” property needs to be configured.
Navigate to Devices> Device Groups.
Click the Edit the Next buttons.
Expand the Additional Credentials section.
Toggle on the Add Session User to Credential Selection.
The table below shows which user has priority, and the resulting Kron PAM behavior:
Add Session User to Credential Selection
Add Manual Login To Credential Selection
Global User Count
Behavior
False
True
0
Ask for username/password
False
True
1
List the Manual
Login and Global User options.
False
True
More than 1
List the Manual
Login and Global User options.
True
False
0
Connect with Session User automatically.
True
False
1
List the Session User and Global User options.
True
False
More than 1
List the Session User and Global User options.
True
True
0
List the Session User and Manual Login options.
True
True
1
List the Session
User, Manual Login, and Global User options.
True
True
More than 1
List the Session User, Manual Login, and Global User options.
The table above reflects the possible scenarios that can be defined with the properties listed (Add Session User To Credential Selection and Add Manual Login To Credential Selection) and the behavior that occurs for the related scenarios. The Global User count for each scenario is shown under the ‘Global User Count’ column.
For instance, if a global username and Session User (LDAP/AD User) property is set at the same time, it results in the scenario shown in this figure:
Global Username/Password and Session User Properties set at the same time
﻿
On the SSH Proxy terminal, the user will have a multiple-user selection window available and will be eligible to select one of the connection ways to access the target device.
Multiple User Selection on SSH Proxy Terminal
﻿
﻿

Add Session User to Credential Selection	Add Manual Login To Credential Selection	Global User Count	Behavior
False	True	0	Ask for username/password
False	True	1	List the Manual Login and Global User options.
False	True	More than 1	List the Manual Login and Global User options.
True	False	0	Connect with Session User automatically.
True	False	1	List the Session User and Global User options.
True	False	More than 1	List the Session User and Global User options.
True	True	0	List the Session User and Manual Login options.
True	True	1	List the Session User, Manual Login, and Global User options.
True	True	More than 1	List the Session User, Manual Login, and Global User options.

Session User (LDAP/AD User) Connection

Global SSH Key Connections