The ControlUp Real-Time Console allows you to set shared credentials for use with your configured Hypervisor, XenDesktop, and Netscaler connections. This enables streamlined management of credentials and a quicker onboarding process for new ControlUp users which does not require them to know the service usernames and passwords.
Create Shared Credentials
To create shared credentials:
- Click the Settings tab in the Home ribbon and select Monitors.
- In the Manage ControlUp Monitors window, click Monitors Settings.
- Click Add Credentials Set.
- In the Add New Credentials popup, enter the user, password, and friendly name of the new user. If you want to configure this user as a shared user, check the Share credentials with authorized users checkbox.
The user is now added to the credentials list.
- You can validate the user credentials to check if the entered credentials are valid. Mark the user that you created and click Validate. If your user credentials are validated successfully, you should see this popup message:
If the credentials are not successfully validated, this popup appears:
If the credentials you want to share are already configured, check the box under the "Shared" column to share it with your users.
Grant Permission for Organizational Users to use Shared Credentials
Organizational Users can not use shared credentials. You must create a Security Role to grant permission to use shared credentials. Once you've saved your credentials as shared credentials, on the bottom of your console click the Security Policy Pane and open the permissions tree for "Perform organization-wide actions"
Scroll down to the bottom of the organization-wide permissions tree to "Shared Credentials", choose the Security Role you wish to grant permissions to, and set that permission to "Allow".
Once you have created the shared credential, and granted permissions to users to make use of it, it will become available to set in the Connection Settings of your Hypervisors, XenDesktop Sites, Cloud, and Netscaler Connections.
Notes on Shared Credentials:
- The shared credentials metadata (including the friendly name, username, and domain name) is stored in the organization's public configuration store.
- The shared password is stored in the private configuration store (located in the %AppData% folder of the Monitor network service or the console user profile) encrypted with DPAPI encryption (https://en.m.wikipedia.org/wiki/Data_Protection_API) and never leaves the customers premise