Adding an Active Directory Account Secret

To add a new Active Directory Account secret, do the following:

1. Log in to the Management Tool.

2. Click the Password Management navigation link on the left.

3. On the Secrets tab, click the Add Secret button in the top right of the page, and the Add Secret pop-up window will open.

4. On the Secret Properties tab, in the General section at the top, do the following:

• Enter a unique name for the secret.

• Select the Active Directory account secret type from the drop-down list.

• Optionally, enter a description for the secret.


5. In the Account section below, define a computer which users will access using the Ekran System Connection Manager:

• Select the Active Directory domain that the computer belongs to from the drop-down list.

• Select the user’s login name for which a connection will be established from the drop-down list.

• Enter the user’s password.

6. On the Automation tab, to configure automatic remote password changing for the account which the Active Directory user will access using the Ekran System Connection Manager, select the Enable remote password rotation checkbox and specify how frequently the password will be changed.

NOTE: If the password change ever fails, the secret will be marked with theicon next to it on the left in the list of secrets, and the corresponding error event will be displayed on the Health Monitoring page. In this case, subsequent password changes will no longer occur.


7. On the Permission tab, click the Add button, and in the drop-down list that opens, search for and select the users and user groups that you want to grant permissions to, then click Add, and next to each user or user group, select the permission to be granted to them.


8. On the Restriction Types tab, to configure the access restrictions for users to access the secret, do the following:

• Select the required option:

- Access without any restrictions: If this option is selected, users will be able to access the secret without any restrictions.

- Always require approval on secret usage: If this option is selected, users will require approval when they attempt to access the secret.

- Allow access without approval during work hours: If this option is selected, specify the work hours, date range, and days of the week when users will be able to access the secret without approval.

     • Users Who Can Approve Access: Select the users (i.e. Approvers) who will be able to approve requests by users to access the secret.

     • Owners or Approvers also require approval: Select this checkbox to also require approval (e.g. by the default admin user) for Owners and Approvers to access the secret.

NOTE: Approvers receive notifications by email and can approve access either by clicking the link in the email or by way of the Management Tool.


9. Click the Save button in the bottom right of the Add Secret pop-up window.

10. The secret is now added.