Delinea Secret Server proxy

Hi Michael,

We already have a ticket opened for this and have just recently setup the Delinea RDP proxy on our side. The development for this is planned in the coming months.

Best regards,

Hello Xavier,

Thanks for this good news! I will look out for any new development!

Best regards!

Hi michael!

RDM Windows 2024.2.14.0 is now available and comes with two new types of entries, RDP over Delinea Secret Server Proxy and SSH over Delinea Secret Server Proxy:



Those two entry types are pretty straight forward to configure. In both case, you need to:
1) Set the host you want to connect to (over Secret Server proxy)
2) Select a Secret Server credential entry used to establish the connection with the Secret Server instance and obtain the proxy host and the temporary credentials to use
3) Optionally, and if the credential entry selected is configured to prompt, you can select a specific account to uses for the authentication. If left empty, you will be prompted at launch. If the credential is not configured to prompt, the account selected in said credential will be used.

Here's an example with RDP over Delinea Secret Server Proxy:



Do not hesitate if you have any questions! And please, do tell me if it works properly for you!

Best regards,

Hi Michael,

I received a notification for a response. Are you still having issue with the RDP over Delinea Secret Server Proxy entry? Missing the proxy specific settings?

Best regards,

Hello Xavier,

The issue resolved when I restarted the RDM

What is not working is the usage of local specific settings when using a shared database.
We would like to have a shared database with multiple users using their own user vault and use the override credentials settings.

This is a standard RDP Session where the override works


And this is a Delinea Proxy Entry where the override does not work


Is there a solution for this?

Best regards,
Michael

Not at the moment, I will open a ticket to add override support to it though.

Best regards,

Hello Xavier,

Can you give me an ETA for this feature?

Best regards,
Michael

Hi Michael,

Not at the moment, it depends on how much it affects the models. I'll start to work on this right now, but if I have to change models used across platforms, it might have to wait a major release before it can be available (2024.3, releasing somewhere in late-September), or at least, the first beta of this version (which would come a bit earlier).

I'll post back on this thread when I know more.

Best regards,

Hi Xavier,

I have been testing the functionality of the Delinea Proxy Entries further and noticed that an inheritance of credentials from a folder to a RDP over Delinea Secret Server Proxy or SSH over Delinea Secret Server Proxy is not possible.

Is this something that can be added as well?

Best regards,
Michael

Hi Michael!

The support to override the credential of the RDP/SSH over Delinea Secret Server proxy entry has been implemented and the change will be available on the release of RDM 2024.2.17.0.

This will work pretty much like any other entries, you'll need to check the Override credentials checkbox, but be limited to the Linked (Vault) and Linked (Shared vault) modes:



Best regards,

Hi Xavier,

I have been testing the functionality of the Delinea Proxy Entries further and noticed that an inheritance of credentials from a folder to a RDP over Delinea Secret Server Proxy or SSH over Delinea Secret Server Proxy is not possible.

Is this something that can be added as well?

Best regards,
Michael

It's not possible at the moment, but a ticket is already opened for this.

Best regards,

Hi Xaver,

Thank you very much, your development team is really quick! :)

Best regards,
Michael

Hi Michael!

I forgot to get back in touch with you! The improvement should have been available for a few weeks.

If it doesn't quite work for you, please, do not hesitate to tell me.

Best regards,

In the future it would be possible to use "My priivileged Account" as credential for RDP via Delinea Proxy? (I mean: File --> My Account Setting --> My Privileged Account)

Hi Luca,

It's already implemented internally. The change is just not released yet. You can expect it for the release of RDM 2024.3 that should be available at the end of September.

Best regards,

Hello Xavier,

The "override credential" is working fine but the inheritage from a folder is not working for me.
There is no option to select if the credentials should be inherited

Am I missing somthing here?

Best regards,

Hi Michael!

This is normal, the Inherited mode won't be available until the release of RDM 2024.3 (which should be around the end of September).

Best regards,

Hello Xavier,

I have made some tests with the new RDM version and the inheritence of username and password with a RDP over Delinea Secret Server Proxy object.
As expected I can map a a secret to a folder


Than I select the inherited Mode in a Proxy Object

But when I try to open this session it opens the Delinea secret Server credentials list even though I have a secret selected on the folder earlier.

Is there any way this can be changed so the secret is used for the connection?

Best regards,
Michael

Oh! You're right, I can reproduce.

I might have missed something while implementing this. I've opened a ticket to fix this.

Best regards,

Hi! I've made a fix for this!

It should be available in the next minor release of RDM.

Best regards,

I don't see these options for Mac Client. Is it not available on MAC? only windows?

Hi,

The RDP/SSH over Delinea Secret Server proxy are indeed unavailable in RDM Mac. They also won't ever be as this functionality has been deprecated in favor of a more manageable solution for us to maintain.

This alternative will be available to RDM Mac in the next major release (2025.3). Instead of using dedicated entry types (RDP/SSH over Delinea Secret Server proxy), you'll be able to use regular RDP/SSH entry and link them through the normal credential linking mechanism to a Delinea Secret Server credential entry configured to support proxy connection.

So the session (an RDP for instance) would look like this:

And the credential entry would look like this:

Best regards,