When you add domain accounts to the Privileged Access Service, you can store the passwords for those accounts securely in a local repository, in the Centrify service, or in a key management appliance such as SafeNet KeySecure. If you have the appropriate global- or domain-specific permissions, you can then use the account and its stored password to log on to any domain computers that the account has permission to access. The permissions for the Active Directory accounts you can use to log on are controlled through access control lists (ACL). By storing these accounts in the Privileged Access Service, you can make the account available to multiple users without sharing the password.
To log on to a domain computer:
- In the Admin Portal, click Resources >Domains to display the list of domains.
- Select the domain computer in the list of systems and open the Actions menu.
- Click Select/Request Account.
- Type a search string to filter the list of accounts.
- Select the Active Directory account you want to use to log on to the domain computer, then click Select.
If the selected account has permission to access the selected domain computer, a remote desktop connection starts a new session on the computer for you to perform whatever tasks are required using the Active Directory account you selected.