Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Privileged Access Management Credentials
#1
We have a requirement to use a PAM solution for connecting into specific devices however we'd like to continue using ASG Remote Desktop which is more user friendly than the PAM web based user interface.

Our PAM solution supports proxying native RDP and SSH client connections so no issues there, the only thing which is a problem is the credentials.
To proxy native protocols our PAM solution requires users to include their username and the unique device ID of what they want to connect to as part of their username, like this: username#device_id

What we want is users to be able to create a private credential for themselves in ASG with the username and password they use for PAM and then we want to create public connection objects which include their unique ID in PAM. I think it would have to be something like an extra field in the ASG connections which when populated automatically append that value to the username provided by the user

The only alternative we have is for every user to create a new credential for every single connection in ASG which is just isn't practical

Thanks
Reply
#2
Did you try to use "Settings=>Variables" for that? You can variables and set for each user a specific value - like all users add "MY_DEVICE_ID" - then use that variable in credentials like "%CUSTOM_MY_DEVICE_ID%"
Regards/Gruss
Oliver
Reply
#3
(17-11-2021, 10:30 AM)DevOma Wrote: Did you try to use "Settings=>Variables" for that? You can variables and set for each user a specific value - like all users add "MY_DEVICE_ID" - then use that variable in credentials like "%CUSTOM_MY_DEVICE_ID%"

Thanks for the reply however the problem with that is we need each connection to have unique id and all users using that connection will use the same device id to connect to it

Variables under Settings are user specific where as we'd need a Connection specific variable
So each user would create one credential and the "%CUSTOM_MY_DEVICE_ID%" value would need to be populated by the individual connections and not the user
Reply
#4
Ok, then just use "Custom Fields" - can also be found in Settings - and will be displayed after in Connection-Properties
Regards/Gruss
Oliver
Reply
#5
(17-11-2021, 02:00 PM)DevOma Wrote: Ok, then just use "Custom Fields" - can also be found in Settings - and will be displayed after in Connection-Properties

Ok I've done that, I can see a new DEVICE_ID custom field under Connection->Connection and I've put in the value we need but it doesn't seem to work the same way Variables should

When I create a credential with the user name "john#%DEVICE_ID%" and try to use that on the connection it doesn't substitute %DEVICE_ID% with the value in the custom field.
What would we need to do to append the connections custom field value to the credential username?
Reply
#6
Please try to use %Custom1% and not the text for the custom variable - then it should be replaced with information from your connection object
Regards/Gruss
Oliver
Reply
#7
(17-11-2021, 03:13 PM)DevOma Wrote: Please try to use %Custom1% and not the text for the custom variable - then it should be replaced with information from your connection object

Yes that works! Thanks so much for your help!
Reply
#8
Great - you're always welcome :-)
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)