Credential repository -> Web Browser embedded credential
Hello!
We're currently using RDM Enterprise Edition + Devolution server to manage credentials, sessions, documentation etc. All content in our data sources are shared (no personal entries/vault - we want to avoid that as a team), but the access level varies depending on your role and/or spesific customers. All good.
We're usually pretty strict when it comes to remote sessions and credentials - they're split so that only the required personel can access credentials. Allthough, for Office 365 tenants we've implemented web browser entries for customers' Office 365-portals with the credentials embedded in the web browser entry itself (since we don't want our sales department accessing the rest of the credentials:)). That's also OK.
Lately, I've been planning to also create predefined Powershell-sessions to those same O365-tenants. These will only be available to our technical staff, and is located somewhere else in the hierarchy. The problem is that I cannot seem to be able to point credentials to a web browser entry under credential repository (won't show up as a valid choice). If this is by design - are there any chance of making it possible - like an override, or option?
We have tons of such web browser entries with passwords, and it's imperative that we only have one source of credentials for each site to be able to keep track when passwords change, and to allow us to re-use the credentials without comprimising the rest of our credential hierarchy.
Hope this makes sense. I'll elaborate if needed. Any tips or advice appreciated.
Thanks in advance.
Regards,
Rune Digernes
All Comments (7)
Hello,
The user needs to see the credential entry so that he can use in with the credential repository.
Does the credential entry is located in a folder that the user doesn't see?
Best regards,
Jeff Dagenais
I am aware, Jeff. Yes, it can be seen. My particular challenge is that the credential list (under credential repository) will only show credentials classified as, well, credentials, in the tree view :) "Web browser" sessions (which also contain credentials, but strictly not classified as a credential) can't be selected (not visible). In this particular case, some of the "Web browser" sessions are the "master source" containing these credentials. If you get my drift.
Are there any technical reasons why it's like this?
Here is an example of what I'm trying to do:
Hello,
Unfortunately, it's not possible to use the credential saved in a Web Browser in another session.
I recommend you to create Username / Password credential entries and use those entries in your sessions. If several sessions under the same parent use the same credential, you can configure them at the parent folder level and set your sessions to Inherited.
Best regards,
Jeff Dagenais
That is indeed unfortunate.
We usually split credentials and sessions where the parent folder of the sessions point to the credential repository - allthough, sometimes we need to put the credentials directly in session-entries, because some of the users don't (and shouldn't!) have access to the "credential structure". Guess that means they're not reusable elsewhere (having the password more than one place is not an option). I wish it was possible for users to access a session (with linked credentials), even though they don't have access to the credentials themselves.
Thanks for the clarification.
Regards,
Rune
Short update,
I split the Web Browser session and Credentials, and gave appropriate read access to the rest of the credential tree for the sales department - without ability to "view password". Then used "allow reveal credentials (everybody)" on the linked Web Browser session itself. They can now reveal that password only, even though it's located somewhere else. Perfect!
It's these little tweaks and twirks that makes RDM so flexible.
In case anyone else stumbles upon a similar situation :)
Regards,
Rune
Hello Rune,
Thank you very much for your feedback, really appreciated.
Best regards,
Jeff Dagenais