Dynamic Login Credentials

Dynamically Use Stored Credentials to Login to a Remote Session.


Like Pass-Through configuration, Dynamic login allows a record to be created without including a specific set of credentials (user and password) in your XTAM record.

In addition to not including the credentials, Dynamic login provides a search criteria where XTAM can dynamically use the credentials included in another record based on these search results.

Also, this Dynamic credential option provides the benefit of using different credentials to access remote servers for different users accessing the system.

The search criteria for this dynamic credential option is parametric and depends on user attributes (such as login name).


For example, you want to store user credentials in XTAM for your Admin accounts and you do not want to expose these credentials to the actual Administrators themselves.

So you create these login records in XTAM, assign a complex Password Rotation policy and then dynamically load these credentials when the Admins connect to the endpoint using another record, all without revealing the credentials to this user.


To create Dynamically Loaded Login Records:

  1. Create a record that will contain the actual User and Password that will be dynamically loaded. If you wish to rotate this password, create the record using Windows Host or Unix Host. Otherwise, you can use any record type that contains the default User and Password fields.
  2. In this record’s Name or Description, enter a unique value that will be used in the search for your Host record. For example, put the User name like user@domain.com in the description so XTAM search can locate it.
  3. FAQ-Login-Dynamic-Credential-Record-Example

    Make sure this value is truly unique because XTAM search can return only 1 record in order for dynamic login to work properly.


  4. When finished, click the Save and Return button.

  5. Now we are going to create the host record that will dynamically load the credentials from the previously created record. Create this host record using any record type that contains a User and Password fields.

  6. Enter all information as needed. In the User field, we are going to create our search query that will locate our previous record. To create the query, use the following format: $search:{criteria}


    For example, to find our previous record your search criteria would look like this:


    Which uses the XTAM search to find any records where the Name, Description or Host contains the value “user@domain.com”.


    Alternatively, if your user logs in to XTAM with the username “bwilliams”, then you could construct the query like this so that each user can have their own unique login credential:


    This query would then search for any records where the Name, Description or Host contains the value “bwilliams@domain.com”.


    In addition to $login placeholder for the currently logged in user account name, record owners might use $first-name and $last-name placeholders to base search criteria on first or on the last name of the currently logged in user.


  7. When finished, click the Save and Return button.


    Now to test, simply login to XTAM with a user account that has the appropriate permissions on this endpoint and click the Connect button on its record.

    XTAM will dynamically load the credentials from the first record which will then be used to authenticate and log in to the remote endpoint defined in this record.


    To confirm, you can open the record’s Audit Log and observe which account was dynamically loaded to the remote endpoint as shown below.