Multiple Domains with RDM: Strategies for Efficient Privileged Account Management”
Multiple Domains with RDM: Strategies for Efficient Privileged Account Management”
Hello,
until today we have used RDM with a shared Vault among colleagues.
RDM is connected to the PAM (SecretServer), in which within the personal folders each IT member has their own privileged account. On RDM finally, in “my privileged account” we have set up the connection with our PAM personal privileged account.
Everything works magnificently. However, in a month we will find ourselves managing a two additional domains, totally separate from our production domain.
We would like to maintain the same approach in order to launch the various RDM entries with nominal privileged accounts in the new domains, as we already do with the prod domain.
However, we only have one “my privileged account” in RDM. How can we do it? Many are already using the “my personal account” with their personal user
All Comments (3)
Hello,
Thank you for contacting us on that matter.
The best solution would be using the Find by name (user vault) feature for these 2 additional domains.
They can create 2 Secret Server credential entries in their user vault, one per domain. These entries must have the same standard names for all users like:
MyPrivilegedDomainA
MyPrivilegedDomainB
Then, in the RDP entries, or any entries on which they can use these credentials, you set them with the Credentials property set to Find by name (user vault).
Let us know if you have any more questions about this configuration.
Best regards,
Érica Poirier
552cfd43-b750-422c-9f78-e11927255692.png
353ccf18-b54d-4760-be50-f6ad4e3d8c9a.png
Than you for the suggestion!
It work for all the entry in the User Vault but what approach do you suggest for the entry in the main (public) shared vault?
Hello,
I recommend the same approach for sessions in the shared vault. The solution I provided applies to any vault, whether for the user or shared vault.
Most importantly, the different domains' privileged accounts must have the same entry name in all user vaults, with of course, the username set accordingly to the user.
Let us know if you have any more questions about this.
Best regards,
Érica Poirier