ControlUp supports saving credentials for future reuse. The Credentials Store can be used to create, edit and validate saved credentials. To access the Credentials Store, open the ControlUp Real-Time Console, click the Settings tab > Credentials Store.
The Credentials Store opens and allows you to
- create a new credential set,
- add cloud credentials,
- add key-based credentials and
- edit, remove and validate existing credentials.
Scenarios for Utilizing Saved Credentials
There are several ways in which ControlUp utilizes saved credentials:
- Active Directory (AD) Domain Connections can be configured to use a saved set of credentials. This is useful if your environment includes several AD domains or forests which require different credentials. When you configure an AD connection with a set of saved credentials, those credentials are utilized when deploying or manipulating ControlUp Agent instances on computers from the respective domain or forest. For more information on AD connections, refer to this page.
- Some management actions support choosing a set of saved credentials when executing the action. For example, when using the “Run Process As” action to execute a process on a managed computer, you can select a set of credentials to use when launching the process.
- Remote Desktop connections can be configured to use a saved set of credentials. You can specify credentials in the connection properties for single machines or in folders that contain a set of managed machines. For more information, refer to the Remote Desktop Pane section.
- When configuring a hypervisor connection, saved credentials are mandatory for enabling data collection from the virtualization layer. Additionally, all ControlUp users need to save the same service account credentials in their credentials store in order to enable data collection from the hypervisors. For more information, refer to the Connect to the Virtualization Infrastructure section.
Share Credentials between ControlUp Users
Your saved credentials are stored securely in your Windows user profile directory and are accessible solely using your own Windows user account, even when using shared configuration or copying your ControlUp settings to another user.
In version 7.1 we have introduced Shared Credentials Store - ControlUp now allows to manage credentials centrally so all authorized users can use shared credentials sets. This enables more streamlined management of credentials and a quicker onboarding process for new ControlUp users which does not require them to know the service usernames and passwords.
In online ControlUp environments, credentials stay personal and are never sent to the cloud services or shared with other users. In offline environments, when the centralized configuration feature is not available, sharing the configuration tree and other organization-wide settings between ControlUp users is achieved by copying the %AppData%\ControlUp folder between users. It is important to note that this operation does NOT transfer saved credentials between users. When your colleagues start ControlUp with the %AppData%\ControlUp copied from your user profile, they are prompted to reconfigure all saved credentials.
ControlUp Monitor and Saved Credentials
If a ControlUp Monitor is configured in your organization, note that its configuration needs to include saved credentials. They are required to access all managed computers in your environment. For more information, refer to the ControlUp Monitor section.
Local Computer Credentials
When saving a set of credentials, the domain drop-down allows you to select the “Local Computer” option in order to save non-Active Directory credentials. Use this option in the following scenarios:
- You would like to save a username and password for a local (non-domain) Windows user. These credentials can be used for Remote Desktop connections and for management actions that do not require domain access.
- Your environment includes a hypervisor connection that requires non-Windows credentials (for example XenServer root account).
- You regularly connect using Remote Desktop to computers that belong to Active Directory domains, the domain controllers of which are not accessible from your local network. For example, consider an off-site server that belongs to the AD domain external.com, for which you have valid AD credentials. You cannot save a set of credentials for the external.com domain in ControlUp, because the domain controllers for that domain cannot be accessed from your local network to validate those credentials. As a workaround, select “Local Computer” from the domain drop-down, and in the User field, enter the username in the format "domain\user", for example external.com\MyUserName.
This way, the credentials set is treated as local and saved without local validation.