Add Shared Credentials
  • 06 Jun 2025
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Add Shared Credentials

  • Dark
    Light
  • PDF

Article summary

Some features available only in version 9.1
This article describes some monitor features that are only available in ControlUp Real-Time DX version 9.1.
The ControlUp Monitor Service uses two types of synchronized user credentials:

  • Monitor credentials. Synchronized between monitors only. Required to deploy agents to managed hosts and authenticate towards the managed machines. You can use monitor credentials for AD connections (optional from Hybrid Cloud version 9.0, required for on-prem and Hybrid Cloud versions lower than 9.0), proxy, and SMTP settings.
  • Shared credentials. Same properties as monitor credentials, but also synchronized with Real-Time Console user passwords. You can use shared credentials to connect to data sources and in Script-based actions (SBAs).

You can use the Real-Time Console to set shared credentials to use with your configured Hypervisor, EUC environment, and Netscaler connections. This enables streamlined management of credentials and a quicker onboarding process for new ControlUp users which doesn't require them to know the service usernames and passwords.

To manage credentials with PowerShell commands, see Manage CUCredentials.

Create Shared Credentials

  1. Click the Settings tab in the Home ribbon and select Monitors.
    Monitors button in the Settings tab.

  2. In the Manage ControlUp Monitors window, click Monitors Settings.
    Monitors Settings button in the Manage ControlUp Monitors window.

  3. Click Add Credentials Set.
    Add Credentials Set button in the Domain Identity tab of the Sites and Monitors - Configuration Wizard.

  4. In the Add New Credentials popup, enter the User, Password, select the Domain and Friendly Name of the new service account.
    From version 9.1: If you want to change the site assigned to this user, select a different site from the Site dropdown.
    Site dropdown in the Add New Credentials window set to 'Default'.

    For versions lower than 9.1: If you want to configure this user as a shared user, check the Share credentials with authorized users checkbox.
    'Share credentials with authorized users' checkbox selected in the Add New Credentials window.

    The user is now added to the credentials list and the Shared checkbox indicates that the user is shared user.
    List of user credentials. All users have a checkmark in the 'Shared' checkbox.

  5. You can validate the user credentials to check if the entered credentials are valid. Mark the user that you created and click Validate. If your user credentials are validated successfully, you should see this popup message:
    Popup message saying 'Connection validated successfully'.

    If the credentials are not successfully validated, this popup appears:
    Popup message saying 'Validate Credentials failed. The supplied credentials ... are invalid. The user name or password is incorrect.'

    If the credentials you want to share are already configured, check the box under the Shared column to share it with your users.
    'Shared' checkboxes selected.

Grant Permission for Organizational Users to use Shared Credentials

Organizational Users can't use shared credentials. You must create a Security Role to grant permission to use shared credentials. Once you've saved your credentials as shared credentials, on the bottom of your console click the Security Policy Pane and open the permissions tree for Perform organization-wide actions.
Perform organizatino-wide actions permission category.

Scroll down to the bottom of the organization-wide permissions tree to Shared Credentials. Choose the Security Role you want to grant permissions to, and set that permission to Allow.
Use Shared Credentials permission set to 'Allow'.

From version 9.1, you can assign specific credentials to specific Security Roles.
Under Shared Credentials, open Credentials. Choose the credentials you want to assign to a specific Security Role, and set that permission to Allow.
Credentials folder listing the added credentials.

After you create a shared credential and allow users to use it, it will become available to set in the connection settings of your Hypervisor, EUC, Netscaler, and Cloud Connections. Note that if any of the shared credentials are set to Deny for a specific Security Role of a user, the shared credentials will appear in the Credentials dropdown, but the user won't be able to select them.
Selecting a shared credential from the 'Credentials' dropdown in the 'Add Hypervisor Connection' window.

Notes on Shared Credentials:

  • The shared credentials metadata (including the friendly name, username, and domain name) is stored in your organization's public configuration store.
  • The shared password is stored in the private configuration store (located in the %AppData% folder of the monitor network service or the console user profile) encrypted with DPAPI encryption, and never leaves the customer's premises.

Was this article helpful?