Adding a Unix Account (Telnet) Secret
To add a new Unix Account (Telnet) secret, do the following:
1. Log in to the Management Tool.
2. Click the Password Management navigation link on the left.
3. On the Secrets tab, click the Add Secret button in the top right of the page, and the Add Secret pop-up window will open.
4. On the Secret Properties tab, in the General section, do the following:
• Enter a unique name for the secret.
• Select the Unix account (Telnet) secret type from the drop-down list.
• Optionally, enter a description for the secret.
5. In the Account section below, define a Linux computer which users will access using the Ekran System Connection Manager:
• Enter the host name or IP address of the required Linux computer, or select it from the drop-down list.
• Enter the user’s login name.
• Enter the user’s password.
6. The Automation tab is disabled for this type of secret, as remote password rotation is not supported.
7. On the Security tab, you can enhance security by enabling the Password Checkout functionality, so that only one user can use the secret at any given time:
• Requires check out: Select this checkbox to enable the feature, so that only one user can check out the secret's password (i.e. log in to the secret) at any given time.
• Change password on check in: Select this checkbox for the password to be rotated every time the secret's password is checked back in (i.e. every time a user logs out / is logged out of the secret).
NOTE: The "Change password on check in" checkbox is disabled, as password rotation is not supported for this type of secret.
• Check in automatically after: Select this checkbox to specify a time period, after the expiry of which the secret's password will be automatically checked back in (i.e. after which the current user of the secret will be forcibly logged out).
NOTE: The “Check in automatically after” checkbox is completely independent to the “Allow access without approval during work hours” checkbox (on the Restriction Types tab - see below), both of which can therefore function at the same time, in which case the user will be automatically logged off at whichever time period expires first.
• Force Check In: After adding the secret, while editing it later, this button can be clicked at any time to manually check the secret's password back in (i.e. to forcibly log the current user out of the secret) immediately.
8. On the Permission tab, click the Add button, and in the drop-down list that opens, search for and select the users and user groups that you want to grant permissions to, then click Add, and next to each user or user group, select the permission to be granted to them.
9. On the Restriction Types tab, to configure the access restrictions for users to use the secret, do the following:
• Select the required option:
- Access without any restrictions: If this option is selected, users will be able to access the secret without any restrictions.
- Always require approval on secret usage: If this option is selected, users will require approval when they attempt to access the secret.
- Allow access without approval during work hours: If this option is selected, specify the work hours, date range, and days of the week when users will be able to access the secret without approval.
• Users Who Can Approve Access: Select the users (i.e. Approvers) who will be able to approve requests by users to access the secret.
• Owners or Approvers also require approval: Select this checkbox to also require approval (e.g. by the default admin user) for Owners and Approvers to access the secret.
NOTE: Approvers receive notifications by email and can approve access either by clicking the link in the email or by way of the Management Tool (see the Access Requests section).
10. Click the Save button in the bottom right of the Add Secret pop-up window.
11. The secret is now added.