Credentials Store

ControlUp supports saving credentials for future reuse. You can use the Credentials Store to create, edit, and validate saved credentials. To access the Credentials Store, open the ControlUp Real-Time Console, click the Settings tab > Credentials Store:

You can perform the following actions in the Credentials Store:

• Create credentials set.
• Add cloud credentials.
• Add key-based credentials.
• Edit, remove, or validate existing credentials.

Scenarios for Utilizing Saved Credentials

You can use ControlUp to save credentials in the following ways:

1. Configure Active Directory (AD) Domain Connections to use a saved set of credentials. This is useful if your environment includes several AD domains or forests which require different credentials. When you configure an AD connection with a set of saved credentials, those credentials are utilized when deploying or manipulating ControlUp Agent instances on machines from the respective domain or forest. For more information on AD connections, see AD Connections.
2. Some management actions support choosing a set of saved credentials when executing the action. For example, if you use the Run Process As action to execute a process on a managed machine, you can select a set of credentials to use when launching the process.
3. Configure Remote Desktop connections to use a saved set of credentials. You can specify credentials in the connection properties for single machines or in folders that contain a set of managed machines. For more information, see Remote Desktop Pane.
4. When you configure a hypervisor connection, saved credentials are mandatory for enabling data collection from the virtualization layer. Additionally, all ControlUp users need to save the same service account credentials in their credentials store in order to enable data collection from the hypervisors. For more information, see Connect to the Virtualization Infrastructure.

Share Credentials between ControlUp Users

Your saved credentials are stored securely in your Windows user profile directory and are accessible solely using your own Windows user account, even if you use shared configuration or copy your ControlUp settings to another user.

The Shared Credentials Store allows you to manage credentials centrally so all authorized users can use shared credentials sets. This enables a streamlined management of credentials and a quicker onboarding process for new ControlUp users, which doesn't require them to know the service usernames and passwords.

In ControlUp Hybrid Cloud environments, credentials stay personal and are never sent to the cloud services or shared with other users. In On-Premises environments, when the centralized configuration feature is not available, sharing the configuration tree and other organization-wide settings between ControlUp users is achieved by copying the %AppData%\ControlUp folder between users.

Note that this operation does NOT transfer saved credentials between users. When your colleagues start ControlUp with the %AppData%\ControlUp copied from your user profile, they are prompted to reconfigure all saved credentials.

ControlUp Monitor and Saved Credentials

If you configure a ControlUp Monitor in your organization, the configuration must include saved credentials. These credentials are required to access all managed machines in your environment. For more information, see ControlUp Monitor.

Local Computer Credentials

When saving a set of credentials, the domain drop-down allows you to select the Local Computer option in order to save non-Active Directory credentials. Use this option in the following scenarios:

1. You need to save a username and password for a local (non-domain) Windows user. These credentials can be used for Remote Desktop connections and for management actions that don't require domain access.
2. Your environment includes a hypervisor connection that requires non-Windows credentials, for example, a XenServer root account.
3. You regularly connect using Remote Desktop to computers that belong to Active Directory domains, the domain controllers of which aren't accessible from your local network. For example, consider an off-site server that belongs to the AD domain external.com, for which you have valid AD credentials. You can't save a set of credentials for the external.com domain in ControlUp, because the domain controllers for that domain can't be accessed from your local network to validate those credentials. As a workaround, select Local Computer from the domain drop-down, and in the User field, enter the username in the format domain\user.
   For example, external.com\MyUserName:
   

This way, the credentials set is treated as local and saved without local validation.