Online Help > Support/Resources > Best Practices

Credential Management For Teams

Description

 

Remote Desktop Manager allows to handle credentials in multiple ways for a team environment. This brings flexibility, but at the cost of creating difficulty when you need to choose an implementation for a particular requirement.

 

Below are multiple methods to handle credentials. You may choose one or many depending on your requirements. We often see scenarios where our clients manage their own infrastructure, as well as their customers'. Group entries in folders depending on the kind of credential management that you must use. Each of these folders could use a different scheme.

 

 

Preamble

 

Here are a few notions to know prior to getting to the scenarios, as they are at the core of the usage of Remote Desktop Manager:

 

Inherited Credentials

Credentials can be set at different levels, such on the entries themselves, or even on their parent folders. The latter enables entries to inherit credentials from a parent folder. Whenever using inherited credentials, the credential resolver will go up a level and use the credentials set on the parent folder. If the inheritance is set on a folder, the resolver simply continues up to the next parent.

 

Private Vault

The Private Vault, available for advanced data sources, allows to create entries available only to their owner. In the cases where a user must use a credential that is exclusive to them, using the private vault is the logical choice.

 

Specific Settings

Specific Settings allow you to override some settings of the entries in the data source. One of the most typical use for this is to override the credentials of the entry fro a specific user. Specific settings can override credentials, session types, folders, etc.

 

 

Scenarios

 

All users share the same set of credentials

The credential entries are referenced directly in the properties of sessions. Select Credential Repository, then select the existing credential entry from the data source.

 

 

If the credentials are the same for more than one device, store the sessions in a folder which the credential entry is assigned to, and set the sessions to use the inherited credential mode.

 

 

Every user have their own set of credentials

Use the User Specific Settings. Type the credentials directly or refer a credential entry in the private vault (recommended).

 

 

Users share a set of credentials while admins use different credentials

The shared credential entries are referenced directly in the properties of sessions. Admins use User Specific Settings to override the credentials, usually to refer a credential entry in the private vault.

 

 

Refactor multiple entries at once

 

To change the credentials of multiple entries at once, the following features might help you out:

 

Batch Edit

The Batch Edit feature allows to modify multiple entries at once. This feature can be used to apply a set of credentials on multiple entries.

 

Powershell

The PowerShell cdmlet of Remote Desktop Manager allows to massively update entries. The script below will set all folders to use the inherited credential mode.

 

Always have a backup of the data source before running a PowerShell script.

 

cls
Write-Host "Fixing Groups...`n"
$entries = Get-RDMSession | where {$_.Kind -eq "Group"}
 
foreach ($entry in $entries)
{
 Write-Host ("   Processing : " + $entry.Name)
 $entry.CredentialConnectionId = "<Credential entry ID>"
 Set-RDMSession $entry
}
 
Write-Host "`nDONE!"