How to set up a credential

Prev Next

In this tutorial, we’ll provide a step-by-step guide to setting up a credential in Segura® Platform. Ensure you fulfill the requirements below before proceeding with the configuration steps.

Requirements

  • Be registered/enabled as a PAM Operator in Segura® Platform.
  • Have a device created.

Set up a credential

There are two ways to access the credentials configuration area.

The first way is via the Add new menu on the top toolbar. To configure a credential using quick actions, follow the steps below:

  1. Click on the Add new icon, represented by a sheet of paper with a sum sign, and select Credential.

The second way is from the Products menu. To do this, follow the steps below:

  1. On Segura® Platform, in the navigation bar, hover over the Products menu and select PAM Core.
  2. In the side menu, select Credentials > All credentials.
  3. Click Add.

Both actions will open a new screen, which you must fill in with your data.

Information tab

  1. Username*.
  2. Password type*.
  3. Domain.
  4. Device*.
  5. Additional information.
  6. Enable Status* as Active or Inactive to categorize the status.
  7. Set the password for the credential (limit 256 characters, 70 if the password change is set to automated).
  8. Choose to generate a random password according to the password policy.
  9. Optionally, fill in the Tags for identification of the credential.
  10. Click the Save button.

Execution settings tab

  1. Parent credential: choose the parent credential from the drop-down menu. Note that when you select a parent credential, the child credential will assume the same password as the parent credential. Whenever there is a manual or automated password change on the parent credential, the child credential will also be modified and assume the same password as the parent credential.
  2. In the Credential password change settings section:
    1. Enable automatic change: check this checkbox to make automated credential password exchange active.
    2. Enable agent-based password change.
    3. Change plugin: choose the plugin for automated credential password exchange from the drop-down menu.
    4. Change template: select the template for automated credential password exchange from the drop-down menu.
    5. Justification for credential not being managed: describe the reason the registered credential is not managed.
  3. In the Authentication settings section:
    1. Use own credential to connect: select this checkbox to use your own credential to perform authentication.
    2. Authentication credential: select the credential that will perform authentication from the drop-down menu.
  4. In the Reconciliation credential settings section, in the Status option, select the Active or Inactive option. This option enables credential reconciliation. More information in How to reconcile a credential.

Session settings tab

  1. Connectivity: select the connectivity options to which this credential will have access.
  2. In the Remote application settings section:
    1. Restrict access to remote application only: select this checkbox if you want this credential only to have access to one or more remote applications. If you choose this option, you must indicate which remote applications will be accessed by this credential. Fill in the fields below:
      1. Automation macro (RemoteApp): click the add button to add the applications used. Clicking on the add button will take you to two drop-down menus:
        1. RemoteApp: select the application you want to give access to the credential from the drop-down menu.
        2. Connectivity: select the connection protocol that this remote application will use.
    2. Use own credential to connect: select this checkbox to use your own credential to authenticate.
    3. Authentication credential: enter the credential that will be used for authentication.
    4. Authentication device: indicate the device where authentication will take place.
  3. In the Certificate section, you can choose between:
    1. Manual upload:
      1. Certificate file: upload the certificate file.
      2. Key file: upload the key file for authentication.
      3. Key password: password for the key file.
    2. Import from Certificate Manager:
      1. Certificate Manager Certificate: in the dropdown, select a certificate previously registered in Certificate Manager.
  4. Click Continue.
Alert
  • The certificate will only be used when registering a credential to connect to an Oracle database. More information in Data Base Proxy for Oracle.

In manual upload:

  • When you upload a certificate, it will be linked to the credential at the time of upload. However, be aware that if you need to edit this credential after saving it, there will be no indication that the certificate file has been uploaded.
  • You can replace the certificate by simply uploading the file again if necessary.

When importing a certificate from the Certificate Manager:

  • If the certificate is disabled in the Certificate Manager, it still appears on the credential, but its use will result in a “certificate disabled” error.
  • When the certificate is renewed, the update is automatically reflected in the PAM.

Additional settings tab

  1. Identifiers (for webservice): enter the identifier of the web service used in the credential.
  2. User who owns the credential: defines the owner of the credential. The user indicated in this field will be the only one with access to the credential.
  3. Path on the server: this field is used to specify the location of the credential in the files. This functionality is particularly useful when there is a need to change the password in the files. By providing the path, it is possible to identify precisely where to change the credential on the server.
  4. Secret key (TOTP): fill in your TOTP key. More information in How to access the TOTP token for a credential.
  5. In the Additional authentication fields section:
    1. New extra field: by clicking on the plus sign, you can enter additional parameters for authentication. In this case, you can enter the following parameters: Name, Surname, and Value.
    2. Remarks: fill in relevant remarks in case necessary.
Attention
  • The limit of credentials varies according to the license contracted with Segura® Platform.
  • The existence of a parent credential does not prevent the password of the child credential from being changed manually or automatically.

How to edit a credential

To edit a credential, follow the steps below:

  1. On Segura® Platform, in the navigation bar, hover over the Products menu and select PAM Core.
  2. In the side menu, select Credentials > All credentials.
  3. In the list, identify the credential you want to edit, and in the Actions column, click on the icon represented by the three vertical dots and select the Edit option from the drop-down menu.
  4. In the Credential window, edit the settings you want according to the instructions in this document.
  5. Click Save.
Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
Connect With Us
SEGURA
LEARN
EXPLORE
Copyright © Segura. All Rights Reserved