Linking Credentials to Managed Domains

After you have vaulted a credential for a domain, you can link that credential to all computers in a domain. Once a computer credential has been linked to a specific domain, users can request access to any domain computer using those credentials. If access is granted, users can perform any tasks on the computer(s) granted by the credentials. All access to computers occurs through RDP or SSH sessions via EmpowerID's Privileged Session Manager.

When users request access to a computer, EmpowerID routes those requests to the Access Manager or owner of the computer credential. If approved, users check out the credentials, which initiates an RDP or SSH session to the computer using EmpowerID's Privileged Session Manager. Privileged Session Manager provides a number of features that gives administrators the ability to monitor, review and terminate session activity when necessary. To use EmpowerID's Privileged Session Manager in your environment, there are a number of configuration tasks you must complete. For information, see Configuring Privileged Session Manager.

To link credentials to a managed domain

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Computers find page by expanding Resources and clicking Computers.
  2. From the Computer find page, click the All Computer Credentials tab and then search for the computer credential you want to link to a domain.
  3. To link the credential to all computers in a managed domain, the Credential Type must be a Domain Admin or Domain User credential type.
  4. Click the Display Name link.
  5. This directs you to the View One page for the credential. View One pages allow you to view information about a resource in EmpowerID and manage that resource as needed.
  6. From the View One page, click the Domain or Directory accordion to expand it and then click the Add Domain button.
  7. The Domain or Directory accordion only appears for Domain Admin or Domain User credential types.
  8. In the dialog that appears, type the name of the managed domain in the Account Store field and then click the tile for that domain to select it.
  9. Click Save to save your selection and close the dialog. If one or more computers linked to credential are in the IT Shop, users with access to the IT Shop can request Login Session Access to those computers. If the computers are not in the IT Shop, at a minimum, users must have the Computer PAM User Full Access Management Role.
When users request access to a computer, EmpowerID routes those requests to the Access Manager or owner of the computer credential for approval. If approved, users check out the credentials, which initiates an RDP or SSH session to the computer using EmpowerID's Privileged Session Manager. To use EmpowerID's Privileged Session Manager in your environment, there are a number of configuration tasks that need to be completed. For information, see Configuring Privileged Session Management.