Using Secrets


To access a remote computer by using the Ekran System Connection Manager, do the following:

1. Log in to the jump server machine in the usual way (either locally or remotely), and if permission to use the corresponding secret has been granted to an Active Directory user, enter their credentials.

2. If secondary user authentication is enabled, enter the credentials of the secondary user to whom the permission to use the corresponding secret has been granted.

3. Right-click on the Ekran System Client tray icon in the Windows notification area, and click Remote Access in the context menu.

    

4. The Ekran System Connection Manager opens, which displays the list of secrets for which the user has been granted the corresponding permission to use (where the Refresh button can be clicked to update the list of secrets).

   

Apart from the basic information in the Secret Name and Secret Type columns, additional information is also displayed in the Details column (as shown in the screenshot above) if the following features are enabled to indicate their status:

If access approval is required to use a secret (as defined on the secret's Restriction Types tab). one of the following status messages is displayed:

- Allowed during working hours: Indicates that approval is not required at the current time, in accordance with the standard work hours defined (i.e. it is only required outside of the times/days defined).

- Requires approval: Indicates that the user needs to request access, but has not yet requested it.

- Waiting for Approval: Indicates that the user has requested access, but access has not yet been granted by an Approver (see the Access Requests section).

- Approved. Expiration date/time [xx:xx]: Indicates that the access request has been granted by an Approver, so the user can now log in.  

- Denied: Indicates that the access request has been denied by an Approver, so the user will not be granted access to log in.

If the Password Checkout functionality is enabled for a secret (as defined on the secret's Security tab), one of the following status messages is displayed:

- Requires checkout: Indicates that the secret is available for use (i.e. its password is not currently checked out).

- Checked out: Indicates that the secret is not currently available for use (as it is being used by another user), where additional information can be viewed in the Checked out to hint by hovering over the "i" icon next to it:

- Username: The user name of the user that is secret's password is currently checked out to.

- Auto Check-in: If the Check in automatically after checkbox is selected in the secret, the date & time when the password will be automatically checked back in (i.e. when the secret will become available for use by another user).

5. Click anywhere on the required secret, and then click the Connect button.

6. Request access approval if required in the pop-up window that opens.

NOTE: Approvers receive notifications by email and can approve access either by clicking the link in the email or by way of the Management Tool (see the Access Requests section).

7. For Active Directory accounts only, in the additional pop-up window that opens, enter the name of the computer you want to access manually or its IP address, and then click Connect.

   

8.  A remote connection is then established according to the type of secret, and the user is automatically logged in to the corresponding account.


NOTE: A watchdog for Ekran System Connection Manager provides for automatic recovery in the case of failure.

NOTE: For MS SQL account secrets, Version 18.0 or higher of MS SQL Management Studio needs to be pre-installed for the secret to work correctly.

NOTE: For Web account secrets:

• This type of secret is only compatible with the Google Chrome browser, and always needs to be opened in Incognito mode, which does not allow the browser to cache data.

• If the system does not log you in automatically, an Ekran System extension for the Google Chrome browser is available that allows you to insert the login and password for the Web account.