Be able to use RDM variables inside Delinea Secret Server Secrets fields

If you are talking global..

You could do what we do.
Auto map user credentials from secret server to entries.

So we have a naming convention for all SS entries "Hostname - OurDefaultUser""
Then in RDM in the SS entry we set the following:



"$NAME$ - OurDefaultUser" is then pulled to all RDP entries which are set to inherit and at the folder or root level where we point to this entry for credentials.

If you wanting it to work for users specific they could override the folder or root level and point to there own credentials.
Apologies if I have misunderstood you goal and feel free to ignore if that's the case!

If you are talking global..

You could do what we do.
Auto map user credentials from secret server to entries.

So we have a naming convention for all SS entries "Hostname - OurDefaultUser""
Then in RDM in the SS entry we set the following:



"$NAME$ - OurDefaultUser" is then pulled to all RDP entries which are set to inherit and at the folder or root level where we point to this entry for credentials.

If you wanting it to work for users specific they could override the folder or root level and point to there own credentials.
Apologies if I have misunderstood you goal and feel free to ignore if that's the case!

@Iain
Thx, but not my concern.

In my example, the variable is set at Secret Server side (not RDM side), and RDM "read" it as plain text.

So it shows at login the error message :

"Your credentials $CUSTOM_FIELD1$\MyUserName didn't work"

While I would like it to use the value put in the RDM "Custom Field 1" variable (ex : Mydomain.adms) set at RDP connection level.

Hi,

This would require resolving the variables after resolving the credential (I presume we do it before currently if this does not already work). This would work fine for credential resolving with the Delinea Secret Server credential entry (or any other credential entry actually). But I don't think it would really apply to RDP over Delinea Secret Server Proxy though. This entry does not really resolve credential in the traditional sense, it makes a proxy request and receives the proxy information (host/domain/port) as well as generated temporary username and password. The domain here would be the domain to connect to the proxy, not to the end host, so I doubt you'd find a way to pass your variable along like this. Was RDP over Delinea Secret Server Proxy a real case of yours? Or do you just intend on doing credential resolving?

Best regards,

Hi,

This would require resolving the variables after resolving the credential (I presume we do it before currently if this does not already work). This would work fine for credential resolving with the Delinea Secret Server credential entry (or any other credential entry actually). But I don't think it would really apply to RDP over Delinea Secret Server Proxy though. This entry does not really resolve credential in the traditional sense, it makes a proxy request and receives the proxy information (host/domain/port) as well as generated temporary username and password. The domain here would be the domain to connect to the proxy, not to the end host, so I doubt you'd find a way to pass your variable along like this. Was RDP over Delinea Secret Server Proxy a real case of yours? Or do you just intend on doing credential resolving?

Best regards,

@Xavier Fortin
You're right.
It's currently working with RDP connections (resolving the variable inside the Delinea secret), but effectivelly not on "RDP over Delinea Secret Server" connections (from where I did my tests).
I'm not owner of the Delinea Secret Server Solution nor the Distributed Engines part, so missed the info you provided about the way it resolves the credentials.
Anyway, when I configure the secret with the full domain name (instead of the $CUSTOM_FIELD1$ value), it's working correctly using the "RDP over Delinea Secret Server" connection object.
I'll try to check internally how they configured the Delinea Distributed Engines first to get more info at this level.
Thx for your reply.