Configuring a Client Computer to Use the Ekran System Connection Manager
Before account secrets (also referred to as "secrets") can be created and used to access the required accounts on the associated remote computers, a Windows Client computer needs to be configured as a jump server, also known as a PAM gateway (via which users who have the appropriate permissions will be able to use the secrets to access the associated accounts by way of Ekran System Connection Manager).
Either a Terminal Server license or a Terminal Server (Limited Sessions) license needs to be assigned to the Windows Client (jump server) computer via which users will get access to critical endpoints by using the Ekran System Connection Manager.
NOTE: A Workstation license can alternatively be assigned without the use of a jump server computer, if no more than one concurrent session is required.
NOTE: For the correct functioning of the Ekran System Connection Manager, it is recommended to use a Windows Server OS on a jump server computer.
NOTE: The Ekran System Connection Manager requires .NET Framework 4.8 to be installed on the Client computer (i.e. the computer with the Ekran System Connection Manager).
To configure a Windows Client computer that will be used as a computer with the Ekran System Connection Manager, do the following:
1. Log in to the Management Tool as a user with the Client Configuration Management permission for Clients.
2. Click the Client Management navigation link (on the left).
3. On the Client Management page that opens, find the Client that will be used as the Client computer, and click its name in the Client Name column.
NOTE: To find specific Clients, the Search box and filters at the top of the Client Management page can be used.
4. On the Editing Client page, on the Properties tab, in the Client Properties section (at the top), make sure that either a Terminal Server / Terminal Server (Limited Sessions) license is assigned to the Client (jump server) computer (or a Workstation license can alternatively be assigned without the use of a jump server computer, if no more than one concurrent session is required).
NOTE: For the correct functioning of the Ekran System Connection Manager, it is recommended to use a Windows Server operating system on a jump server computer.
5. Scroll down to the Client Mode section, and do the following:
• Select the Enable the Ekran System PAM Connection Manager checkbox.
• Select the Replace Windows Shell with the Ekran System PAM Connection Manager checkbox if you want to only display the open Ekran System Connection Manager window to users (i.e. without the computer's desktop).
NOTE: When using a custom Windows shell, the Ekran System Connection Manager application (shortcut icon) may not be displayed on the desktop, but can be found in the C:\Users\Public\Desktop folder.
6. Select the Authentication Options tab, and scroll down to the Two-Factor and Secondary Authentication section, then select the Enable secondary user authentication on login checkbox.
NOTE: It is not required to enable secondary user authentication for Active Directory users.
7. Click the Finish button (in the bottom right of the page).
8. The Client as then configured as the jump server (from which users will access the account secrets by using the Ekran System Connection Manager).