Skip to main content
Skip table of contents

Using Secrets


Click on the links below for more detailed information above using the functionality described.


To access accounts on remote computers (by using the associated account secrets) in the Ekran System Connection Manager, do the following:

1. Log in to the jump server computer (i.e. the computer with the Ekran System Connection Manager) remotely (or locally).

2. If secondary user authentication is enabled, enter the credentials of the secondary user.

3. Right-click on the Ekran System Client tray icon (in the Windows system tray), and click Remote Access in the context menu (or double-click the Ekran System Remote Access icon on the desktop).

    

NOTE: When using a custom Windows shell, the Ekran System Connection Manager application icon may not be displayed on the desktop, but can be found in the C:\Users\Public\Desktop folder.

NOTE: The Ekran System Connection Manager requires .NET Framework 4.8 to be installed.

4. The Ekran System Connection Manager then opens, which displays the list of secrets (and folders in the Tree View folder structure pane) for which the user has been granted the corresponding permissions to use (where the Refresh button can be clicked at any time to update the list of secrets).

    

Apart from the basic information in the Secret Name and Secret Type columns, additional information is also displayed in the Details column (as shown in the screenshot above) if the following features are enabled to indicate their status:

If access approval is required to use a secret (as defined on the secret's Restriction Types tab). One of the following status messages is displayed:

- Allowed during working hours: Indicates that approval is not required at the current time, in accordance with the standard work hours defined (i.e. it is only required outside of the times/days defined).

- Requires approval: Indicates that the user needs to request access, but has not yet requested it.

- Waiting for Approval: Indicates that the user has requested access, but access has not yet been granted by an Approver (see the Access Requests section).

- Approved. Expiration date/time [xx:xx]: Indicates that the access request has been granted by an Approver, so the user can now log in.  

- Denied: Indicates that the access request has been denied by an Approver, so the user will not be granted access to log in.

If the Password Checkout functionality is enabled for a secret (as defined on the secret's Security tab), one of the following status messages is displayed:

- Requires checkout: Indicates that the secret is available for use (i.e. its password is not currently checked out by another user).

- Checked out: Indicates that the secret is not currently available for use (as it is being used by another user), where additional information can be viewed in the Checked out to hint by hovering over the Info (

) icon next to it:

- Username: The user name of the user that the secret's password is currently checked out to.

- Auto Check-in: If the Check in automatically after checkbox is selected in the secret, the date & time when the password will be automatically checked back in (i.e. when the secret will become available for use by another user).

Furthermore, if the user has advanced permissions for any secrets, as shown in the following columns, they can also:

Password: View and copy the secret's password, by clicking the Copy (

) and View (
) icons respectively.

File Transfer: Transfer files between the jump server computer (with the Ekran System Connection Manager) and the remote computer (that the secret connects to), by clicking the dark blue (

) icon (where the gray (
) icon means that this functionality is not fully configured for the secret).   

5. Click anywhere on the required secret, and then click the Connect button.

6. Request access approval if required in the pop-up window that opens.

NOTE: Approvers receive notifications by email and can approve access either by clicking the link in the email or by way of the Management Tool (see the Access Requests section).

7. [For the Active Directory account secret type only:] In the additional pop-up window that opens, enter the name of the Computer (or its IP address) to connect to, and then click Connect.

    

8. A remote connection is then established according to the type of secret, and the user is automatically logged in to the corresponding account.


NOTE: A watchdog for Ekran System Connection Manager provides for automatic recovery in the case of failure.

NOTE: [For the Unix (SSH) account secret type only:] PuTTY needs to be installed on the jump server computer (i.e. the computer with the Ekran System Connection Manager) for the secret to work.

NOTE: [For the MS SQL account secret type only:] Version 18.0 or higher of MS SQL Server Management Studio needs to be pre-installed for the secret to work correctly.

NOTE: [For the Web account secret type only]:

• This type of secret is only compatible with the Google Chrome browser, and always needs to be opened in Incognito mode, which does not allow the browser to cache data.

• If the system does not log you in automatically, an Ekran System extension for the Google Chrome browser is available that allows you to insert the user login name and password for the Web account.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.