Shared Credentials
Show Me!
A video tutorial is available on this topic. To access the video, click the following link:
Any credential that you own can be shared with other users of the program. In this case, a "user" can be another person who has logged on to the console machine and launched Security Controls
All credentials are stored with strong encryption techniques. Only the credential owner and those users the owner has elected to share the credential with are able to decrypt and use the credential.
The credentials are encrypted using NIST recommendations and FIPS 140-2 certified algorithms.
To share a credential, on the Manage Credentials dialog, select the desired credential and then click Share. The Share Credential dialog is displayed.
The credential whose shared settings are being edited is shown in the title of the dialog.
Enable for background services |
If enabled, the credential shown in the dialog title can be used to specify credentials for service components within the program. The credential account must have administrator rights on the console server. The service components within Security Controls that require a shared credential include the following: •License server Why is it necessary to share a credential with background services? Credentials are encrypted, so you must share a credential so that the service components can access and decrypt it when needed. Example: If you select Tools > Options > Internet proxy and attempt to assign Service credentials, only credentials that are shared with background services are available for selection. The service must have access to the credential in order to decrypt it. |
What are the security implications? |
It is recommended that you create a service account to perform background service functions rather than using a domain administrator account. For more information, see Potential Security Implications When Sharing Credentials. |
Shared |
Indicates if the credential will be shared with the associated user name. |
User name |
Any user who has previously logged on to the Security Controls console machine will be displayed in this list. Each user is assigned a unique user certificate and an associated private key that enable the user to encrypt and decrypt shared credentials. Any user without a user certificate is not eligible to be assigned a shared credential and will not be displayed in the list. If the list contains users who are no longer affiliated with this project, you can delete them using the User Manager dialog. |
Copy usages to selected users |
If enabled, all usages of the credential by the credential owner will be propagated to the selected users. For example, if you share a credential that is being used to schedule console tasks, enabling this check box will automatically update the console scheduler credential assignment for the shared users. You can verify the usage assignments using the View usages button on the Credentials Manager dialog. |