The application enables the caching, viewing, and copying of credentials. These actions are equivalent to using a proxy, preview, or copy through the web interface. SIEM will audit and relay all these actions.
When opening the application, you can find:
- In the top left corner is the search bar.
- In the top right corner is the Refresh button.
- Below the Search bar, you have the titles:
- User: the default credential for privilege elevation actions inside and outside the Vault.
- Domain: the name of the device's domain
- Device: the device associated with the credential.
If the default credential doesn't have a registered domain, it will display the machine name instead.
Use a credential
Users in Vault are always associated with the accounts they use to log into Windows.
The workstation username must have an equivalent user in the Segura platform. If you are not sure about the username, read the article Requirements.
- Access the user's desktop.
- Start Vault.
- Select the credential you want to use from the list of credentials.
- Right-click on the automation.
- Click Copy or Show to access the password.
Use a credential in case of unavailability
In cases of unavailability of the Segura platform. The Vault stores the user and password credentials locally. It is encrypted and keeps the information from the last update. So the user can view and copy the credentials and password.
- Access the Segura platform.
- Go to EPM > Management > Settings > Parameters > EPM.
- In modules, activate the option Enable credentials?.
- Click on Save.
- Access the user's workstation, and follow the steps to use a credential.
This feature does not work in conjunction with offline mode.
Configure Token requests to view or copy credential
- Access the Segura platform.
- Configure MFA OTP token.
- Go to EPM > Settings > Parameters > Security.
- Check the option Force Multi-Factor Authentication to view password? or Force Multi-Factor Authentication to login? to Yes.
- The user will be prompted to fill in a token to copy or view the credential.
Configure verification of local privileged credentials
- Access the Segura platform.
- Access the menu EPM > Settings > Parameters > EPM.
- Go to the Report section.
- Check the option Enable local privileged credentials checking?.
- Set days and times for execution.
- Click Save.