Inherited shared to Personal Vault Structures in Devolution Server
Inherited shared to Personal Vault Structures in Devolution Server
Hi support members,
Setup
- Devolution Server
- Workspace
- Remote Desktop Manager
Our shared vault contains the following tree structure
- [Relation A] - [General Shared Credentials]
- [Relation A] - [Site] - [General Shared Credentials]
- [Relation A] - [Site] - [Production Line A]
- [Relation A] - [Site] - [Production Line A] - [...]
- [Relation A] - [Site] - [Production Line B]
- [Relation A] - [Site] - [Production Line B] - [...]
- .....
- [Relation B] - [General Shared Credentials]
- [Relation B] - [Site] - [General Shared Credentials]
- [Relation B] - [Site] - [Production Line A]
- [Relation B] - [Site] - [Production Line A] - [...]
- [Relation B] - [Site] - [Production Line B]
- [Relation B] - [Site] - [Production Line B] - [...]
- ........
.............
In addition to the shared credentials in the shared vault, each user has their own personal credentials (specific to these relations). These relationships are linked via "User Specific Settings," and this setup works well.
However, it is now common practice for engineers to duplicate this shared tree structure into their personal vaults. This approach is both labor-intensive and error-prone.
Question
Is there a way to partially or fully inherit the tree structure from the shared vault?
What would be another suitable setup that avoids placing personal credentials directly within the shared vault items? This is important because if an item is removed, the personal credentials would also be lost.
Thank you in advance for your help!
Rob
All Comments (4)
Hello,
Thank you for reaching out!
My name is William and I'm here to assist you in any way I can.
If all engineers are using RDM, I would suggest using My personal credential and My Privileged Account setting in RDM. You can find these settings under File > My account settings:
These settings are local to the RDM installation and can be configured just like a normal credential entry.
Afterward you can change the shared vault to use My personal credential and My Privileged Account. If the entries must be linked to specific accounts in the shared vault, engineer can also right-click on the entry and select Open with parameters where they will find the open with My personal credential and My Privileged Account.
Feel free to reach out if you have any questions or need further clarification.
Best regards,
0d5e6cb3-299c-419a-b395-c1bfab205e8a.png
5dc7bb18-59e8-4739-92bf-71b90d21db06.png
Hello,
Thank you for reaching out!
My name is William and I'm here to assist you in any way I can.
If all engineers are using RDM, I would suggest using My personal credential and My Privileged Account setting in RDM. You can find these settings under File > My account settings:
These settings are local to the RDM installation and can be configured just like a normal credential entry.
Afterward you can change the shared vault to use My personal credential and My Privileged Account. If the entries must be linked to specific accounts in the shared vault, engineer can also right-click on the entry and select Open with parameters where they will find the open with My personal credential and My Privileged Account.
Feel free to reach out if you have any questions or need further clarification.
Best regards,
Hi William,
Thank you for your help.
I’m indeed familiar with this solution, and it would work well within an organization.
Our engineers have personal accounts with various external organizations.
This can easily add up to as many as 100 personal credentials per engineer (with or without OTP).
In such cases, this solution would not be feasible.
Kind regards,
Rob
Hello,
You have the ability to use a Password list in My personal credential and My Privileged Account but it could indeed slow down the process, since each time you will be prompted to select you credential.
In that case I would suggest using the Search by name (User Vault) as the credential on the entry.
The only thing is that users will have to follow the same naming convention for their credentials inside their user vault.
Or I would highly suggest taking a look at our PAM module. Using the PAM module we could store the engineer's privileged credentials from multiple organization and manage them with password rotation. The PAM module would allow the user to check out the desired credentials before opening a session and they would be able to configure the My Privileged Account setting in RDM to retrieve the PAM account from the Devolutions Server.
For more information on the PAM module, you can refer to these pages:
- https://docs.devolutions.net/pam/overview/what-is-pam/
- https://www.youtube.com/watch?v=drRLA7U8YsQ
Best regards,
9776cae0-332d-4f1a-a9ab-a8d7d0d6017a.png
Hello,
You have the ability to use a Password list in My personal credential and My Privileged Account but it could indeed slow down the process, since each time you will be prompted to select you credential.
In that case I would suggest using the Search by name (User Vault) as the credential on the entry.
The only thing is that users will have to follow the same naming convention for their credentials inside their user vault.
Or I would highly suggest taking a look at our PAM module. Using the PAM module we could store the engineer's privileged credentials from multiple organization and manage them with password rotation. The PAM module would allow the user to check out the desired credentials before opening a session and they would be able to configure the My Privileged Account setting in RDM to retrieve the PAM account from the Devolutions Server.
For more information on the PAM module, you can refer to these pages:
Best regards,
Hi William,
The use of "Search by name" seemed to me to come closest, although the naming convention is a problem.
Especially because we have a large group of users.
From your response I understand that there will be no functionality for the time being to be able to use a tree structure from a central shared vault.
Thanks for looking for a solution and your message.
Best regards,