Auto Logon Helper
(Feature available only in Premium and Enterprise Editions)
Automatically Logging in to Remote Systems & Applications
Password Manager Pro stores the passwords of remote systems and applications. Normally, organizations use tools such as remote desktop applications, Putty or SecureCRT to connect to remote target systems. Password Manager Pro's "Auto Logon Gateway" feature provides an option to automatically connect to the remote target systems and applications without the need for handling passwords in plaintext.
How Auto Logon Gateway feature works.
Password Manager Pro comes bundled with RDP, SSH and SQL gateway engine. This feature allows the users to launch remote terminal sessions from within their browser. All the sessions invoked from the Connections tab are initiated and tunneled through the Password Manager Pro server. This allows the administrators to disable RDP, SSH and SQL permissions in the end user systems such as laptops and desktops but still allow users to access the target systems through tunneled remote sessions. The remote terminal sessions are emulated inside the browser tab and hence there is no need for installing any plug-in or agent in the end points. The only requirement is that the browser should be HTML 5 compatible (For example, IE 9 or above, Firefox 3.5 or above, Safari 4 or above, Chrome).
As soon as an administrator adds a resource that supports one of these remote terminal session types, the feature becomes available to all users in the system who have access to that resource, with no further configuration anywhere. In addition, the Connections tab will allow users to easily locate remote accounts and launch a session with a single click.
The entries in the Connections page with the names 'RDP and VNC Connections', 'SSH Connections' and 'SQL Connections' belong to this type and come out-of-the-box.
How to set up Auto Logon Gateway.
You can set up Auto Logon Gateway in 3 ways:
- RDP and VNC Connections
- SSH Connections
- SQL Connections
1. RDP and VNC Connections
- All Windows systems can be automatically connected to an RDP session. For logging into a Windows resource, you need to configure either a domain account or a local account that can be used by users to authenticate and launch a Windows RDP session with the remote host. Alternatively, an administrator can also allow users to launch RDP sessions using their AD account with which they have logged into Password Manager Pro vault.
- An administrator can configure a domain account by navigating to Resources, selecting the desired resource(s), clicking Resource Actions at the top and then choosing Configure Auto Logon Helper from the drop-down menu.
- In the new window that opens, you can configure the domain account by choosing the domain from the Domain Name drop-down menu, specifying the Username, and the RDP Port for Auto Logon.
- Click Save.
- Once you have configured your domain account, it gets reflected under the Connections tab, as shown below:
- The port for RDP and VNC can be customized for each resource by navigating to Resources, selecting the desired resource(s), and choosing Edit Resources from the Resource Actions drop-down menu at the top.
- In the window that opens, enter the RDP and VNC ports in the respective fields, and click Save.
2. SSH Connections
- Any SSH based device such as Linux servers or network devices can be added into Password Manger Pro application as a resource. This allows administrators and other users to connect to the target system via a remote SSH session.
- You can configure the SSH port in which the SSH service is listening on the remote host. Password Manager Pro will use this port for launching the session. To do this, navigate to Resources, select the desired resource(s), and choose Edit Resources from the Resource Actions drop-down menu beside the resource(s).
- In the new window that opens, enter the SSH port through which you want to connect to the remote system, and click Save.
- The end users will be able to launch SSH sessions using the local SSH accounts that are shared with them by the administrators.
3. SQL Connections
You can add a Database instance as a resource in Password Manager Pro to enable remote connections. This feature is supported for Mysql, PostGres and MS-SQL databases. Note that the SQL connections are CLI based, meaning they allow users to execute queries to perform operations.
- To configure an SQL connection for remote sessions, navigate to Resources, select the Resource Action button present next to the SQL resource and select the Configure Remote Password Reset option.
- Specify the port number that needs to be used for SQL connection. The SQL session will be initiated in this port with the account that is shared with the users.
Port Requirements for client access
- The Windows RDP Auto Logon Gateway listens at port 7273 in Password Manager Pro server by default. This is a secure web socket port (wss://) and you should allow traffic to this port from the end user machines for this feature to work.
- You can change this port by navigating to Admin >> Settings >> Password Manager Pro Server.
- In the new window that opens, switch to Auto Logon tab and then enter the port in the Remote Desktop Gateway Port field.
- Password Manager Pro web server (7272 in Password Manager Pro server) and this gateway should open and listen at different ports.
Note: When Password Manager Pro is installed, it generates a self-signed SSL certificate for the instance which is also used by the Auto Logon Gateway to encrypt the traffic. It is recommended that you apply a CA signed certificate to the Password Manager Pro instance before opening it out for end users. In case of a self-signed certificate, connecting to the gateway is not possible unless users explicitly mention the gateway port in the URL, accept the warning and install the self-signed certificate. (For steps to generate unique SSL certificate, refer to this section of our site).
The SSH and Telnet Gateways have no such requirement as they use the same Password Manager Pro web server port for all communication.
Invoking Auto Logon through Gateway
As soon as an administrator adds a resource that supports one of the three remote terminal session types (Windows RDP, SSH and SQL sessions), the feature becomes available to all users in the system who have access to that resource, with no further configuration anywhere. The 'Connections' tab will allow users to easily locate remote accounts and launch a session with a single click.