Skip to main content
Skip table of contents

Configuring a Jump Server


Before account secrets (also referred to as "secrets") can be created and used to access the required accounts on the associated remote computers, a Windows Client computer needs to be configured as a jump server, also known as a PAM gateway (via which users who have the appropriate permissions will be able to use the secrets to access the associated accounts by way of Ekran System Connection Manager).

Either a Terminal Server license or a Terminal Server (Limited Sessions) license needs to be assigned to the Windows Client (jump server) computer via which users will get access to critical endpoints by using the Ekran System Connection Manager.

NOTE: For the correct functioning of the Ekran System Connection Manager, it is recommended to use a Windows Server OS on the jump server computer.

NOTE: The Ekran System Connection Manager requires .NET Framework 4.8 to be installed on the Client (jump server) computer.

NOTE: This feature is only available with an activated serial key for the Enterprise Edition of Ekran System.


To configure the Windows Client computer that will be used as the jump server (i.e. the computer with the Ekran System Connection Manager), do the following:

1. Log in to the Management Tool as a user with the Client Configuration Management permission for Clients.

2. Click the Client Management navigation link (on the left).

3. On the Client Management page that opens, find the Client that will be used as the jump server, and click its name in the Client Name column.

NOTE: To find specific Clients, the Search box and filters at the top of the Client Management page can be used.

4. On the Editing Client page, on the Properties tab, in the Client Properties section (at the top), make sure that either a Terminal Server / Terminal Server (Limited Sessions) license is assigned to the Client.

NOTE: For the correct functioning of the Ekran System Connection Manager, it is recommended to use a Windows Server operating system on the jump server computer.

5. Scroll down to the Client Mode section, and do the following:

• Select the Enable the Ekran System PAM Connection Manager checkbox.

• Select the Replace Windows Shell with the Ekran System PAM Connection Manager checkbox if you want to only display the open Ekran System Connection Manager window to users (i.e. without the jump server's desktop).

    

    

NOTE: When using a custom Windows shell, the Ekran System Connection Manager application (shortcut icon) may not be displayed on the desktop, but can be found in the C:\Users\Public\Desktop folder.

6. Select the Authentication Options tab, and scroll down to the Two-Factor and Secondary Authentication section, then select the Enable secondary user authentication on login checkbox.

NOTE: It is not required to enable secondary user authentication for Active Directory users.

    

7. Click the Finish button (in the bottom right of the page).

8. The Client as then configured as the jump server (from which users will access the account secrets by using the Ekran System Connection Manager).


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close