Prompt for Credentials

User Prompt for Remote Connection Parameters.

When records to be used for Remote Sessions are typically created, the owner of the record defines the connection parameters including Host, Port, User and Password.

This allows the PAM user to easily connect to this remote session with a single click, while ensuring the record’s are accurate.

However, there are valid reasons where the record Owner would like the PAM user to define their own host or user credentials during connection.

This includes, but is certainly not limited to, Network Administrators who are used to or are permissioned to use their personal network credentials.

 

If you would like to configure this type of record, then please perform the following procedure in PAM and then share this record with your users.

The ability to prompt users for connection parameters currently supports the record parameters Host, Port, User and Password.

 

To prompt a user for a host or port during connection

To prompt a user for user and password credentials during connection

To prompt a user for all parameters during connection

To prompt a user for a port using the SSH Proxy (dynamic port)

To prompt a user to select from a list of available hosts

Prompting Host or Port

To prompt a user for a Host or Port during connection:

  1. Login to PAM as a user with the permission to create a new record.
  2. Create a new Record using the Add Record menu.
  3. Select a Record Type that contains the parameters Host, Port, User and Password fields. For example, Windows Host or Unix Host.
  4. Enter a Name for the new record (required).
  5. Enter a Description for the new record (optional).
  6. Enter a User for the new record.
  7. Enter a Password to the User for the new record.
  8. RecordPrompt-HostPrompt-RecordSave

  9. Click the Save and Return button to complete the record creation.

When a PAM user clicks the Connect button for this record, they will be required to populate the Host and/or Port number to establish the remote host.

The User and Password defined in the record will be used to connect.

RecordPrompt-HostPrompt-Connect

Prompting for User and Password credentials

To prompt a user for User and Password credentials during connection:

  1. Login to PAM as a user with the permission to create a new record.
  2. Create a new Record using the Add Record menu.
  3. Select a Record Type that contains the parameters Host, Port, User and Password fields. For example, Windows Host or Unix Host.
  4. Enter a Name for the new record (required).
  5. Enter a Description for the new record (optional).
  6. Enter a Host for the new record.
  7. Enter a Port to the User for the new record.
  8. RecordPrompt-LoginPrompt-RecordSave

  9. Click the Save and Return button to complete the record creation.

When a PAM user clicks the Connect button for this record, they will be required to populate the User and Password to establish to establish the connection to the remote Host and Port already defined.

RecordPrompt-LoginPrompt-Connect

Prompting for All parameters

To prompt a user for All parameters during connection:

  1. Login to PAM as a user with the permission to create a new record.
  2. Create a new Record using the Add Record menu.
  3. Select a Record Type that contains the parameters Host, Port, User and Password fields. For example, Windows Host or Unix Host.
  4. Enter a Name for the new record (required).
  5. Enter a Description for the new record (optional).
  6. RecordPrompt-AllPrompt-RecordSave

  7. Click the Save and Return button to complete the record creation.

When a PAM user clicks the Connect button for this record, they will be required to populate the Host, Port, User and Password to establish the remote connection. The Audit, Session and Recordings will be captured in the same manner as if all connection parameters were pre-defined in the record.

RecordPrompt-AllPrompt-Connect

To prompt a user for a port using the SSH Proxy (dynamic port)

  1. Login to PAM as a user with the permission to create a new record.
  2. Create a new Record using the Add Record menu.
  3. Select a Unix based Record Type that at least contains the parameters Host and Port fields. For example, Unix Host or Unix Host with Key.
  4. Enter a Name for the new record (required).
  5. Enter a Description for the new record (optional).
  6. Enter a Host for the new record (required).
  7. Enter a 0 (zero) in the Port for the new record (required).
  8. Enter valid values for the remaining fields in the record (required).

    RecordPrompt-DynamicPortPrompt-RecordSave

  9. Click the Save and Return button to complete the record creation.

When a PAM user connects with the SSH Proxy using this record, after authentication they will be required to enter the valid SSH port for this host to establish the remote connection.

The Audit, Session and Recordings will be captured in the same manner as if all connection parameters were pre-defined in the record.

RecordPrompt-DynamicPortPrompt-Connect

To prompt a user to select from a list of available Hosts

A record may contain a predefined list of whitelisted Host or Host:Post values that will allow a user to select one for connection.

To configure this feature, you will need to create a custom field in your Record Type which will require the System Administrator role.

To create this custom field:

  1. Login to PAM with a System Administrator account.
  2. Navigate to Administration > Record Types and click the Edit button for the record type in which you wish to enable this feature.
  3. On the Record Type edit page, click the Add Field button and create your new field using these values:
    • Field Type: Text
    • Name: Hosts
    • Display Name: Hosts
  4. Click Save when complete.

Create_the_Custom_Field.png

Once the new field has been created, return to an existing record that uses this type or create a new record of this record type.

  1. Enter a Name for this new record (required).
  2. Enter a Description for this new record (optional).
  3. Enter a User for this new record.
  4. Enter a Password to the User for the new record.
  5. Enter a comma separated list of whitelisted Host or Host:Port values in the Hosts field.
  6. If Host or Port fields are present, leave both empty.

Create_a_New_Record.png

Finally, when the user clicks the Connect option, they will be presented with a list of these predefined Hosts that they may select from to start their remote session.

 

Connection_Parameters.png