Logging on without a password

After you add account information to the Privileged Access Service, other users with the appropriate global- or system-specific permission can log on using the account without knowing the password for the account.

When you select an account stored in the Privileged Access Service to log on to a target system, the Privileged Access Service opens a secure shell connection if the target system is a UNIX, Generic SSH, or supported network system or a remote desktop connection if the target system is a Windows computer. If the target system does not use the default port for secure shell or remote desktop connections, you can specify the port to use by clicking System Settings for a selected system. For more information about changing settings for a target system, see Changing system settings.

To log on using saved account information:

  1. In the Admin Portal, click Resources, then click Systems to display the list of computers and network devices.
  2. Select a system to display system-specific details.
  3. Click the Actions menu, then select Select/Request Account.
  4. Type a string to search for and select the appropriate account from the list of stored accounts, then click Select.

    Some organizations may have their tenant configured so that the list of domain accounts doesn't automatically load; enabling this configuration can help with performance if you have a substantial number of accounts. If you have this configuration enabled:

    • You can also filter your search by domains and child domains listed under the Domains section of the search filter. Use the arrow to expand or collapse the domain groups.

    • To use domain accounts, check the domain(s) you want to use for your filter, then type in the search box. The search will return results matching your search term from domain accounts as well as local accounts.


If you have the Login permission and the stored credentials are valid, a new interactive secure shell or remote desktop session opens on the target system. Within the secure shell or remote desktop session, most operations—such as cut and paste or resizing of windows—work as you would expect them to. For more information about working in the remote session, see Connecting to target systems.

If a “request and approval” work flow is enabled, your account access request is sent to a designated user or to the members of a designated role for approval. If your request is approved, you have limited period of time to start a new interactive secure shell or remote desktop session on the target system. For more information about the “request and approval” work flow, see Managing domains.

Depending on how authentication rules and authentication profiles are configured for the system and account, you might be required to respond to one or more authentication challenges before logging on to the remote system. If you are able to authenticate successfully by responding to the authentication challenges, the session opens and the activity is recorded in the dashboard and in the list of system activity.