Skip to main content
Skip table of contents

Workforce Password Management


The primary purpose of the Workforce Password Management (WPM) functionality is to:

 Enable PAM users (i.e. any users of the Ekran System Connection Manager), including those who do not have the administrative Management Tool Access permission to the Management Tool, to create (and manage) their own private Workforce Password Management (WPM) secrets, which unlike regular secrets, are hidden from other users (except from the built-in default “admin” user of Ekran System), unless PAM users specifically share their own WPM secrets with other users (while creating/editing a secret).


This functionality is available in an easy-to-use way, by using the Add Secret button in the Ekran System Connection Manager, as follows:

 When any PAM user clicks this Add Secret button, the Management Tool Log In page opens in the browser, where they log in, and can then create (and manage) their own WPM secrets in their own separate WPM folder (on the Password Management page).

NOTE: If the PAM user does not have the administrative Management Tool Access permission, they only get limited access (i.e. to the Password Management page only).


Table of Contents


1. Configuring PAM Users Who Do Not Have Access to the Management Tool


To enable a PAM user who does not have access to the Management Tool (i.e. who does not have the administrative Management Tool Access permission) to add (and manage) their own hidden Workforce Password Management (WPM) secrets, do the following:

1. Log into the Management Tool as a user with the administrative Management Tool Access permission and the administrative User Management permission.

2. Click the User Management navigation link (on the left).

3. On the User Management page that opens, click the Add User button (in the top right of the page) to add a new user (or click the Edit User (

) icon to modify an existing user).

NOTE: Only users specifically added to the Management Tool as separate users, but not those only belonging to an Active Directory user group added, can add secrets/folders (please refer the Management Tool Issues and Error Messages page for more information).

4. On the Adding New User (or Editing User) page that opens, on the Administrative Permissions tab, grant this user the administrative PAM User Access permission (which can also be inherited from a user group having this permission, as displayed in the “Received from user groups” column, that the user belongs to, e.g. the PAM Users group).

    


2. Adding Workforce Password Mangement (WPM) Secrets by a PAM User


For a PAM user (i.e. any user of the Ekran System Connection Manager) to create (and manage) their own private WPM secrets, do the following:

1. Log in to a Client computer which has the Ekran System Connection Manager enabled, as a Management Tool user who has either the administrative Management Tool Access permission or the administrative PAM User Access permission).

2. Open the Ekran System Connection Manager (e.g. by clicking on the Ekran System Remote Access (

) icon).

3. In the Ekran System Connection Manager, click the Add Secret button (in the bottom left).

    

4. On the Management Tool Log In page that opens in your browser, enter your Password.

    

NOTE: The Login field is filled out with the username automatically, and cannot be modified.

5. On the Password Management page that opens, the user’s own WPM folder is displayed (in the Tree View folder structure pane on the left) as the current folder, which is called “My Secrets (<username>)”, and which the user can add their own WPM secrets (as well as sub-folders) to.

    

NOTE: The WPM folders of other PAM users (and the shared WPM secrets within them) are also displayed in a similar way, if any other users have shared at least one of their WPM secrets with the user (where the folder names include the usernames of their Owners).

NOTE: For WPM secrets shared by other PAM users who belong to Active Directory domains, their WPM folder names also include the domain name, i.e. “My Secrets (<domain name>\<username>)”.

6. Either edit an existing WPM secret, or add a new WPM secret by clicking the Add button (in the top right of the page), and optionally share the secret with other users (in the usual way, on the Users & Permissions tab) to allow them to also use your WPM secrets.

    

NOTE: Sub-folders can also be added to the user’s WPM folder (in the usual way).

NOTE: Only users specifically added to the Management Tool as separate users, but not those only belonging to an Active Directory user group added, can add secrets/folders (please refer the Management Tool Issues and Error Messages page for more information).

7. After adding/editing the secret, it is displayed on the Password Management page in the user’s WPM folder (in the Tree View folder structure pane on the left) as the current folder called “My Secrets (<username>)”, and unlike regular secrets, is hidden from other users (except from the default “admin” user of Ekran System) unless specifically shared with them.

    

8. The secret is then also displayed in the Ekran System Connection Manager in the user’s WPM folder (in the Tree View folder structure pane on the left), which is also called “My Secrets <username>”, and which can be used by clicking the Connect button (in the usual way).

    

NOTE: The WPM folders of other PAM users (and the shared WPM secrets within them) are also displayed in a similar way, if any other users have shared at least one of their WPM secrets with the user (e.g. the screenshot below also shows the WPM folder of the user "David").

    


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close