Skip to main content
Skip table of contents

Workforce Password Management


The primary purpose of the Workforce Password Management (WPM) functionality is to:

 Enable PAM users (i.e. any users of the Ekran System Connection Manager), including those who do not have the administrative Management Tool Access permission to the Management Tool, to create (and manage) their own Workforce Password Management (WPM) secrets, which unlike regular secrets, are hidden from other users (except from the built-in default “admin” user of Ekran System), unless a PAM users specifically shares them with other users (while creating/editing a secret).


This functionality is available in an easy-to-use way, by using the Add Secret button in the Ekran System Connection Manager, as follows:

 When any PAM user clicks this Add Secret button, the Management Tool Log In page opens in the browser, where they log in, and can then create (and manage) their own WPM secrets in their own separate WPM folder (on the Password Management page).

NOTE: If the PAM user does not have the administrative Management Tool Access permission, they only get limited access (i.e. to the Password Management page only).


Table of Contents


1. Configuring PAM Users Who Do Not Have Access to the Management Tool


To enable a PAM user who does not have access to the Management Tool (i.e. who does not have the administrative Management Tool Access permissionto add (and manage) their own hidden Workforce Password Management (WPM) secrets, do the following:

1. Log into the Management Tool as a user with the administrative Management Tool Access and User Management administrative permissions.

2. Click the User Management navigation link (on the left).

3. On the User Management page that opens, click the Add button to add a new user (or the Edit User (

) icon to modify an existing user).

4. On the Adding New User (or Editing User) page that opens, on the Administrative Permissions tab, grant this user the administrative PAM User Access permission (which can also be inherited from a user group having this permission (in the “Received from user groups” column) that the user belongs to, e.g. the PAM Users group).

    

NOTE: Only users added to the Management Tool as separate users, but not those in an Active Directory user group added, can use the Workforce Password Management functionality.


2. Adding Workforce Password Mangement (WPM) Secrets by a PAM User


For a PAM user (i.e. any user of the Ekran System Connection Manager) to create (and manage) their own WPM secrets, do the following:

1. Log in to a Client computer which has the Ekran System Connection Manager enabled, as a Management Tool user who has either the administrative Management Tool Access permission or the administrative PAM User Access permission).

NOTE: The Enable the Ekran System PAM Connection Manager option must be enabled on the Client computer.

NOTE: Only users added to the Management Tool as separate users, but not those in an Active Directory user group added, can use the Workforce Password Management functionality.

2. Open the Ekran System Connection Manager (e.g. by clicking on the Ekran System Remote Access (

) icon).

3. In the Ekran System Connection Manager, click the Add Secret button (in the bottom left).

    

4. On the Management Tool Log In page that opens in your browser, enter your password.

    

NOTE: The Login field is filled out with the username automatically, and cannot be modified.

5. On the Password Management page that opens, the user’s own WPM folder is displayed (in the Tree View folder structure pane on the left) as the current folder, which is called “My Secrets (<username>)”, and which the user can add their own WPM secrets (as well as sub-folders) to.

    

NOTE: The WPM folders of other PAM users who have shared any of their WPM secrets with the PAM user, are also displayed in a similar way (i.e. in other WPM folders, where the folder names include the usernames of their Owners).

NOTE: For WPM secrets shared by other PAM users who belong to Active Directory domains, their WPM folder names also include the domain name, i.e. “My Secrets (<domain name>\<username>)”.

6. Either edit an existing WPM secret, or add a new WPM secret by clicking the Add button (in the top right of the page), and optionally share the secret with other users (in the usual way, on the Users & Permissions tab) to allow them to also use your WPM secrets.

    

NOTE: Sub-folders can also be added to the user’s WPM folder (in the usual way).

NOTE: Only users added to the Management Tool as separate users, but not those in an Active Directory user group added, can use the Workforce Password Management functionality.

    

7. After editing/adding the secret, it is displayed on the Password Management page in the user’s WPM folder (displayed in the Tree View folder structure pane) as the current folder called “My Secrets (<username>)”, and unlike regular secrets, is hidden from other users (except from the default “admin” user of Ekran System) unless specifically shared with them.

    

8. The secret is then also displayed in the Ekran System Connection Manager in the user’s WPM folder (in the Tree View folder structure pane on the left), which is also called “My Secrets <username>”, and which can be used by clicking the Connect button (in the usual way).

    

NOTE: The WPM folders of other users (and the shared WPM secrets in them) are also displayed, if any other users have shared at least one of their WPM secrets with the user (e.g. the screenshot below also shows the WPM folder of the user "David").

    


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.