Jump to content

Lock linked credentials in Remote Session Launcher if they are in use


SimonRB
 Share

Recommended Posts

Hello,

 

I recently installed and configured Passwordstate 9 in our organization, to work as our password vault and also our PAM solution.

 

We're really happy with the option to link privileged credentials to specific hosts. However there's a scenario I can't seem to figure out how to solve.

 

The idea is that for each server two user accounts will be created. 

ServerOne_01 and ServerOne_02 as an example.

These credentials are saved to a password list, and then linked to a set of Remote Session Credentials.

User A, B, and C are allowed to use these credentials on ServerOne.

 

User A logs on with the credentials ServerOne_01

User B logs on with the credentials ServerOne_02

 

Now trouble arrives cause User C would also like to log on to ServerOne.

 

The way things work now, if User C Auto Launches a Remote Session to ServerOne then he takes over the session from either User A or User B.

 

I was wondering if it was possible to lock the credentials while they are in use so that User C is denied access to logon until either User A or User B is done using them.

 

Kind Regards

Simon

 

Link to comment
Share on other sites

Hi Simon,

 

Thanks for your post and I think another feature we have called "Check Out" will help with this.  This feature give a user exclusive access to a Password Record, and this feature works in conjunction with the Remote Session Launcher.

 

Here is a video of how to use the Checkout feature: https://www.youtube.com/watch?v=xq15Bbdkz1k

 

 

And below is a screenshot of what the user will see, if they try to do a remote session using a Remote Session Credentials linked to a password record configured for Checkout:

 

newone.png

 

If you have any questions about this, please don't hesitate to ask.

 

Regards,

Click Studios Support

Link to comment
Share on other sites

Hello Support,

 

Thanks for getting back to me.

 

I attempted this check out feature, because I figured that's how it would work. However in my experience the Auto Launch button does not turn grey.

Does this have something to do with being system administrator?

Link to comment
Share on other sites

Hi Simon,

 

It actually shouldn't have anything to do with being an administrator.  Do you have more than one Remote Session Credential linked to your host?  This may be a bug and may need fixing, and I'll test this as soon as I can.

 

Regards,

Support

Link to comment
Share on other sites

I actually managed to get it to work with checkout. Here is a little detail so you can look into if it is working as intended.

 

User A - Security Administrator

User B - Security Administrator

User C - Regular user with access

 

Host 1 - Windows Host

Remote credentials are set with Check Out

 

User A connects to Host 1 with remote credentials.

User B can hijack that connection using the same remote credentials. Button is NOT grayed out.

User C CAN'T hijack that connecting using the same remote credentials. Button IS grayed out.

 

That leaves me to believe that Security Admins can always hijack sessions, which for my purposes is perfectly fine.

My issue was that I never thought to test the check out feature with anything but security admins.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...