Logging on without a password
After you add account information to the Privileged Access Service, other users with the appropriate global- or system-specific permission can log on using the account without knowing the password for the account.
When you select an account stored in the Privileged Access Service to log on to a target system, the Privileged Access Service opens a secure shell connection if the target system is a UNIX, Generic SSH, or supported network system or a remote desktop connection if the target system is a Windows computer. If the target system does not use the default port for secure shell or remote desktop connections, you can specify the port to use by clicking System Settings for a selected system. For more information about changing settings for a target system, see Changing system settings.
To log on using saved account information:
- In the Admin Portal, click Resources, then click Systems to display the list of computers and network devices.
- Select a system to display system-specific details.
- Click the Actions menu, then select Select/Request Account.
- Type a string to search for and select the appropriate account from the list of stored accounts, then click Select.
If you have the Login permission and the stored credentials are valid, a new interactive secure shell or remote desktop session opens on the target system. Within the secure shell or remote desktop session, most operations—such as cut and paste or resizing of windows—work as you would expect them to. For more information about working in the remote session, see Connecting to target systems.
If a “request and approval” work flow is enabled, your account access request is sent to a designated user or to the members of a designated role for approval. If your request is approved, you have limited period of time to start a new interactive secure shell or remote desktop session on the target system. For more information about the “request and approval” work flow, see Managing domains.
Depending on how authentication rules and authentication profiles are configured for the system and account, you might be required to respond to one or more authentication challenges before logging on to the remote system. If you are able to authenticate successfully by responding to the authentication challenges, the session opens and the activity is recorded in the dashboard and in the list of system activity.