Default Record Types

PAM provides a variety of out of the box Record Types to assist in creating, organizing, connecting and establishing inheritance (parent/child relationship) of formulas, strategies and policies within your records and secrets.

The following article will list and define each of the available Records Types in Privileged Access Management.

 

If you would like to hide Record Types from users, enable the Hidden checkbox.

These hidden record types can still be used; however, they will not appear in the Add Record dropdown menu.

 

Record Types can also be configured to allow their use in Personal Vaults. If you would like them to be used in Personal Vaults, check the Personal Vault box and if you would not, then uncheck this same box.

 

Using Service Administrator's account navigate Administration > Record Types and find a list of available records types.

There are 47 record types available:

AWSP	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	AWS Access Keys A record with AWS access key id and secret key		AWSP
HTTP	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	WEB Portal [*deprecated as of 2025] A record with WEB Portal information		HTTP	Y	Y
Kubernetes	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	Kubernetes A record to connect to Kubernetes console of a container		Kubernetes
ORAP	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	Oracle A record with Oracle DB information		ORAP
Other	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	Active Directory User An Active Directory User Record			Y	Y
	AD Query A record for Active Directory queries to execute tasks on mass for multiple computers stored in Active Directory	Active Directory User Record
	AWS STS Temporary Access AWS STS Temporary Keys Generator
	Certificate A record with a certificate, a private or a public key			Y
	Informix A record with Informix DB information
	LDAP Server LDAP Server
	LDAP User LDAP User
	Microsoft Entra ID A record with Entra ID credentials (formerly Azure Active Directory)
	MS SQL Server A record with MS SQL Server information
	MySQL A record with MySQL DB information
	PostgreSQL PostgreSQL Database
	Secret A record with a secret sentence			Y	Y
	Virtual SMS MFA Virtual SMS MFA
	Virtual TOTP MFA Virtual TOTP Application
RDP	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	Remote App Host A record with Remote Application Host configuration		RDP
	Windows Host RDP Windows Host A record with Windows Host Information		RDP
	Windows Host Ephemeral Account Windows Host Ephemeral Account		RDP
RemoteApp	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	Google Chrome A record with Google Chrome Remote Application information		RemoteApp
	Internet Explorer [*deprecated as of 2025] A record with Internet Explorer Remote Application information		RemoteApp
	MS SQL Studio A record with MS SQL Studio Remote Application information		RemoteApp
	MySQL Workbench A record with MySQL Workbench Remote Application information		RemoteApp
	EAM (formerly OneSign) Admin Console A record with EAM (formerly OneSign) Admin Console Remote Application information		RemoteApp
	EAM (formerly OneSign) Appliance Console A record with EAM (formerly OneSign) Appliance Console Remote Application information		RemoteApp
	Oracle SQL Developer A record with Oracle SQL Developer Remote Application information		RemoteApp
	PC5250 A record with PC5250 Terminal Remote Application information		RemoteApp
	PuTTY A record with PuTTY Remote Application information		RemoteApp
	Remote Desktop Connection A record with Remote Desktop Connection Remote Application information		RemoteApp
	Toad Oracle A record with Toad Oracle Remote Application information		RemoteApp
SSH	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	Cisco A record with Cisco Host information	Unix Host	SSH
	Juniper A record with Juniper Host information	Unix Host	SSH
	Linux Host Ephemeral Account Linux Host Ephemeral Account		SSH
	Linux Host Ephemeral Account with Key Linux host ephemeral account authentication using private key		SSH
	Palo Alto Networks A record with Palo Alto Networks Host information	Unix Host	SSH
	Unix Host A record with Unix host information		SSH	Y	Y
	Unix Host with Key A record with a Unix host accessed with a private key		SSH	Y
	Unix Host with Private Key Unix Host with Private Key as a Field		SSH
	Unix Host with Protected Key A record with a Unix host accessed with a protected private key		SSH	Y
	Unix Host with Reconcile Account Unix Host with reconcile account on record to manage the primary account		SSH
SSH_EXEC	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	Unix Host Command A record with exec command over ssh support	Unix Host	SSH_EXEC
SSH_SU	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	Unix Host with SU A record with Unix host information including SU	Unix Host	SSH/SU	Y	Y
Telnet	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	AS400 A record with AS400 connection information		Telnet
	Telnet Host A record with Telnet host information		Telnet
VNC	Record Type / Description	Parent Record Type	Session Manager	Enabled	Personal Vault	Vaults	Actions
	VNC Host A record with VNC host information		VNC	Y

In the following list, each of the out of the box Record Type section includes:

 

Sample Record Type Name
• A description of the main use for this type when creating records.
  • Can this record type be used for establish remote sessions and/or execute strategies.
• A list of the default fields includes with this record type.
  • Field Name: [field type] Description of the field.
  • Field Name: [field type:secured] Secured field means that its content is masked and can only be unmasked by clicking the Unlock button. For more information about Secured fields and Unlocking, please read this blog post.
• Active Directory

  • Used to store an AD/LDAP account or any account that requires a username and password combination. Ideal use for reference records.

    • Cannot be used to establish a remote session, but can be associated with Password Reset tasks.

  • Record Fields

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

• AD Query

  • Used for Active Directory queries to execute tasks on mass for multiple computers stored in Active Directory.

    • Cannot be used to establish a remote session, but can be associated with Password Reset and other tasks.

  • Record Fields

    • User: [string] The user name to be used when executing tasks. A Domain Administrator account is recommended.

    • Password: [string:secured] The password associated to the user in this record.

    • AD Query: [string] The Active Directory query that will be executed of which the results will be used as Host(s) for each task execution.

• AS400

  • Used to establish a SSH connection to an AS400 host for access that requires a username and password.

    • Can be used to establish a remote session and be associated with Password Reset tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

• Certificate

  • Used to store a certificate file so that it can be shared between users and teams while maintaining a “source of truth” with auditing events.

    • Cannot be used to establish a remote session.

  • Record Fields

    • Cert: [file:secured] The certificate file to be stored and used in this record.

• Cisco

  • Used to establish a connection to a Cisco device for SSH access that requires a username and password. This can optionally be configured to automatically switch to Enable mode using the supplied password.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

    • Enable Password: [string:secured] (optional) The password that will be automatically entered in order to switch to Enable mode.

    • Enable Level: [string:secured] (optional) The Enable level, blank defaults to level 15.

• Google Chrome

  • Used with Google Chrome Remote Application information in order to launch the Google Chrome Web Browser native remote application and provide URL and login parameters to a web site.

    • Can only be used to establish a remote session using the native application.

  • Record Fields

    • URL: [string] The URL to be used to launch the web site.

    • User: [string] The user name to be used when logging in to the web site in the native remote application.

    • Password: [string:secured] The password associated to the user in this record.

• Informix

  • Used to establish a connection to a Informix database. Useful to executing strategies (scripts) against the connected database and to reset database passwords.

    • Cannot be used to establish a remote session, but can be associated with Password Reset and custom tasks.

  • Record Fields

    • Connection: [string] The connection string to be used with this record. Use this formatting when entering this value: jdbc:informix-sqli://<HOST>:<PORT>/<DATABASE>:INFORMIXSERVER=<SERVER>; For example: jdbc:informix-sqli://123.45.67.89:1526/testDB:INFORMIXSERVER=myserver;

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

• Internet Explorer [Deprecated]

  • Used with Internet Explorer Remote Application information in order to launch the Internet Explorer Web Browser native remote application and provide URL and login parameters to a web site.

    • Can only be used to establish a remote session using the native application.

  • Record Fields

    • URL: [string] The URL to be used to launch the web site.

    • User: [string] The user name to be used when logging in to the web site in the native remote application.

    • Password: [string:secured] The password associated to the user in this record.

• Juniper

  • Used to establish a connection to a Juniper device for SSH access that requires a username and password.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

• MS SQL Server

  • Used to establish a connection to a Microsoft SQL database. Useful to executing strategies (scripts) against the connected database and to reset database passwords like ‘sa’.

    • Cannot be used to establish a remote session, but can be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

• MS SQL Studio

  • Used with MS SQL Studio Remote Application information in order to launch the MS SQL Server Management Studio native remote application and provide connection parameters.

    • Can only be used to establish a remote session using the native application.

  • Record Fields

    • Host: [string] The server name to be used when logging in to the native remote application.

    • User: [string] The user name to be used when logging in to the native remote application.

    • Password: [string:secured] The password associated to the user in this record.

• MySQL Workbench

  • Used with MySQL Workbench Remote Application information in order to launch the MySQL Workbench native remote application and provide connection parameters.

    • Can only be used to establish a remote session using the native application.

  • Record Fields

    • Stored Connection: [string] The name of the MySQL Workbench Stored Connection that should be used for connection. Please note that a Stored Connection in MySQL Workbench is required and needs to be accessible by the user account specified in the Remote App Host record.

    • Password: [string:secured] The password associated to the account saved in the selected Stored Connection.

• Oracle

  • Used to establish a connection to an Oracle database. Useful to executing strategies (scripts) against the connected database and to reset database passwords.

    • Cannot be used to establish a remote session, but can be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The connection string needed to connect to the database. This may require port number, SID and other such values.

    • User: [string] The user name to be used when establishing the connection.

    • Password: [string:secured] The password associated to the user in this record.

• PostgreSQL

  • Used to establish a connection to an PostgreSQL database. Useful to executing strategies (scripts) against the connected database and to reset database passwords.

    • Cannot be used to establish a remote session, but can be associated with Password Reset and custom tasks.

  • Record Fields

    • Host (Connection String): [string] The connection string needed to connect to the database given by host:port/database, host/database, host[:port]/database or full JDBC connection string jdbc.postgresql://host[:port]/database

    • User: [string] The user name to be used when establishing the connection.

    • Password: [string:secured] The password associated to the user in this record.

• Palo Alto Networks

  • Used to establish a connection to a Palo Alto Networks device for SSH access that requires a username and password.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

• PC5250

  • Used with PC5250 Terminal Remote Application information in order to launch the PC5250 Terminal native remote application and provide connection parameters.

    • Can only be used to establish a remote session using the native application.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used to authenticate in the remote application.

    • Password: [string:secured] The password associated to the user in this record.

• PuTTY

  • Used with PuTTY Remote Application information in order to launch the PuTTY native remote application and provide connection parameters.

    • Can only be used to establish a remote session using the native application.

  • Record Fields

    • Host: [string] The host name to be used when logging in to the native remote application.

    • Port: [number] The port number to be used when logging in to the native remote application.

    • User: [string] The user name to be used when logging in to the native remote application.

    • Password: [string:secured] The password associated to the user in this record.

• Remote App Host

  • Used to establish a connection to the host that has been configured with Windows RemoteApp functionality.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

    • Filter: [string] Enter the Record Type of the Remote Apps that can be remotely launched using this host. Multiple record types should be separated with a comma.

    • Enabled: [checkbox] Check to Enable this server to act as a RemoteApp host or Uncheck to disable.

• Remote Desktop Connection

  • Used with Remote Desktop Connection Remote Application information in order to launch the Remote Desktop Connection native remote application and provide connection parameters.

    • Can only be used to establish a remote session using the native application.

  • Record Fields

    • Host: [string] The host name to be used when logging in to the native remote application.

    • Port: [number] The port number to be used when logging in to the native remote application.

    • User: [string] The user name to be used when logging in to the native remote application.

    • Password: [string:secured] The password associated to the user in this record.

• Secret

  • Used to store any generic secret that is text based like combinations or credit and account numbers.

    • Cannot be used to establish a remote session.

  • Record Fields

    • Secret: [string:secured] A text based secret that will be stored with the record.

• Telnet

  • Used to establish a connection to a host using the Telnet protocol that requires a username and password.

    • Can be used to establish a remote session.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

• Toad Oracle

  • Used with Toad Remote Application information in order to launch the Toad for Oracle native remote application and provide connection parameters.

    • Can only be used to establish a remote session using the native application.

  • Record Fields

    • Connection String: [string] The connection string needed to connect to the Oracle database. This may require port number, SID and other such values.

    • User: [string] The user name to be used when logging in to the native remote application.

    • Password: [string:secured] The password associated to the user in this record.

• Unix Host

  • Used to establish a connection to a Unix host for terminal access that requires a username and password.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

• Unix Host with Key

  • Used to establish a connection to a Unix host for terminal access that requires a username and key file. For more information, read our blog post and watch our How To Video.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Cert: [file:secured] The certificate file to be stored and used in this record. If you want to save the body of the key file, then use the Record Type Unix Host with Private Key instead.

• Unix Host with Private Key

  • Used to establish a connection to a Unix host for terminal access that requires a username and key file.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Private Key: [text:secured] Paste the body of the private key file into this field. If you want to save the actual key file, then use the Record Type Unix Host with Key instead.

• Unix Host with Protected Key

  • Used to establish a connection to a Unix host for terminal access that requires a username, key file and passphrase.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Cert: [file:secured] The certificate file to be stored and used in this record.

    • Passphrase: [string:secured] The passphrase required to establish the connection.

• Unix Host with SU

  • Used to establish a connection to a Unix host for terminal access that would, upon connection, automatically SU (switch user) to a second account. For more information, read our blog post and watch our How To Video.

    • Can be used to establish a remote session and be associated with Password Reset and custom tasks.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.

    • SU User: [string] The switch user to be used with this record.

    • SU Password: [string:secured] The password associated to the switch user in this record.

• VNC Host

  • Used to establish a VNC connection to a host computer. Optionally, a password can be added if one is required.

    • Can be used to establish a remote session.

  • Record Fields

    • Host: [string] The host name to be used with this record. The name may be an IP address, computer name, FQDN or something else.

    • Port: [number] The port number required for this connection.

    • Password: [string:secured] Optionally, the configured password required to open this VNC session.

• WEB Portal[Deprecated]

  • Used to store any web portal URL and its accompanying username and password. Useful is sharing remote web login credentials with outside team members. Please note this record type is required if using the Access Manager Browser Extension.

    • Cannot be used to establish a remote session.

  • Record Fields

    • Url: [string] The URL to a web page login or signin page.

    • User: [string] The user name to be used with this record.

    • Password: [string:secured] The password associated to the user in this record.