Reference for credentials
  • 4 minutes to read
  • Dark
    Light
  • PDF

Reference for credentials

  • Dark
    Light
  • PDF

Article summary

Reference guide to describe the options on the credential registration page of the senhasegura platform.

Information

FieldDescription
UsernameUsername of the credential for the session authentication. Note that this credential must match the credential of the remote system.
Password typePassword type that defines the model of credentials used to segment users and assign permissions based on access groups. The password type can take three values: Domain User, Local Administrator, and Local user.
DomainTo which domain the credential belongs, and can be used to start sessions on other devices in the same domain.
DeviceThe device where the credential will be able to start sessions.
Additional informationOption to complement the use of the credential on the target device, such as, for example, in database connections. The field is also for use in automated password exchange and RemoteApp macros.
StatusCredential status: Enable or Disable.
PasswordCredential password. Character Limit: 256.
Set current passwordEnables the Password field and sets a new password manually.
Show passwordDisplays the password during editing. The eye icon identifies it.
Generate a passwordGenerates a random password as per the Password Policy.
TagsIdentifier for credential segregation
Secret key (TOTP)Secret key to generate a TOTP token. To use the previous key, leave it blank.
Info

Note the information box of password policies that must be considered when creating the password for the credential, thus ensuring the creation of a more secure password.

Execution settings

FieldDescription
Parent CredentialSelect a credential to be considered the “parent” credential. From that point on, the “child” credential will always assume the same password as the parent credential.
Info

The existence of a parent credential doesn't prevent the password of the child credential from being changed manually or automatically.

Credential password change settings

FieldDescription
Enable automatic changeSelect to enable automatic credential change.
Enable agent-based password changeThis feature that allows users to change their passwords through an automated process facilitated by a software agent is called agent-based password change.
Change pluginSelect the plugin used to connect and execute the change on the device. This plugin is linked to several connection protocols, there is no validation that the device has its connectivity active.
Change templateSelect the template that the executing plugin will execute. In the senhasegura PAM solution, the user has access to a wide variety of templates developed and regularly updated.

Authentication Setup

FieldDescription
Use own credential to connectSelect to use the credential itself to connect to the device and perform the password change.
Authentication credentialIf you don't use your own credential to change the automated password, select which credential will be used to connect to the device.

It's possible to use a credential to start sessions on the device, and another already registered to perform the password change.

Reconciliation Credential Setup

FieldDescription
StatusEnables credential reconciliation. Check Active or Inactive to define the status of the credential.
AutorunEnables automatic password reconciliation for credentials. Check Active or Inactive.
Reconciliation CredentialReconciliation Credential
Reconciliation pluginReconciliation plugin.
Reconciliation TemplateReconciliation template.

To understand more, access the reconciliation credentials

Session Settings

FieldDescription
ConnectivitySelect which protocols the credential can use. Only the selected connectivities will be available to start a session.

Remote application settings

FieldDescription
Restrict access to remote application onlySelect this option to use the credential only in RemoteApp proxy sessions. This option makes it impossible to use a proxy session that provides the desktop or terminal of the device, as it doesn't prevent the password from being made available to the user.
Automation macro (RemoteApp)Add the RemoteApp macros linked to the credential and available to proxy users.
Use own credential to connectIndicate whether the same credential will be used to authenticate the target device and the RemoteApp.
Authentication credentialIf you don't use the RemoteApp credential, indicate which credential will be used for the authentication step.
Authentication deviceSelect the device where the credential will be authenticated and the macro will run. If completed, the device registered in the Information tab will be ignored.

Certificate

FieldDescription
Certificate ArchiveSelect the certificate file, in .crt format.
Key FileSelect the certificate key file, in .key format.
Key passwordIf the key file is password protected, write the password in this field.
Info

This Certificate configuration is only necessary to configure the [Database Proxy with Oracle database](/docs/pam-session-how-to-configure-a-credential-in-senhasegura-to-use-the-database-proxy -with-oracle).

Additional settings

FieldDescription
Identifier (for webservice):Add identifiers for the triggered credential via A2A web services.
User credential ownerSelect the user who owns the credential. This owner user will always have access to the credential.
Server pathPath to the file storing the credential.
Secret key (TOTP)TOTP uses a secret key to generate temporary passwords for authentication.
CriticalitySet credential criticality to Low, Medium, or High.
Additional fields for authenticationAdd the additional information you need to complete the authentication steps.
NotesAdd general notes if necessary.

Do you still have questions? Reach out to the senhasegura Community.


Was this article helpful?