CyberArk Privilege Cloud - Connect to a Target Device

This topic describes how to connect to a target device using Privilege Cloud.

Privilege Cloud provides single-sign-on capabilities to all of your privileged accounts. Using Privilege Cloud, you can connect to Windows servers, databases, SSH devices such as UNIX, Linux, routers and switches, without knowing or specifying the required password or key.

You need the following permissions in the Safe to connect to target devices:

  • Use account
  • List account

Connect in the following ways:

Connection Options

Connection type

Description

Connect from the Privilege Cloud Portal

Connect to remote target devices from the Privilege Cloud Portal using either PSM or DPA for RDP connection.

Connect using RDP

Connect to any remote target securely with a standard Remote Desktop Client application like mstsc or a connection manager.

The connection from the client machine is initially established using the RDP protocol, but it provides connectivity not only to Windows machines, but to a wide range of systems and applications.

Use this method to connect to the target device without logging on to the Privilege Cloud Portal.

Connect to Unix machines (using PSM for SSH)

Connect to remote target devices, such as Unix servers, using SSH.

Use this method to connect to the target device without logging on to the Privilege Cloud Portal.

Your admin must configure this capability before you can use it.

Connect to unmanaged or non-defined machines (Ad Hoc Connections)

Connect to any machine through PSM using any account, including those that are not managed in Privilege Cloud while retaining privileged session management benefits.

Connect from the Privilege Cloud Portal

Connect to remote target devices from the Privilege Cloud Portal.

The following procedure describes how to connect using the Privilege Cloud Portal from within your organizational network, using an RDP file.

For details on connecting remotely, see Connect remotely to target machines

Connect to a target

To connect using the Privilege Cloud Portal:

  1. On the Accounts View, locate the account you want to connect to, and then click Connect.

  2. Your next steps depend on your system setup:

    System access options

    Option

    Step

    Dual-control configuration

    Click Request Connection, and follow the instructions in Request a connection (dual control)

    PSM access

    In the Connect dialog box, enter the required information and click Connect.

  3. A download icon in the top right corner of the workstation indicates that an RDP file is downloaded to the Downloads folder on your computer.

    The RDP file is dedicated to the specific target you requested to access, and appears with the following name convention:

    RDP file name convention

    RDP file name

    Description

    [Target IP address]PSM Address.[sequential number].rdp

    The file is valid for 6.0 seconds

  4. In the Downloads folder double-click the RDP file to connect to your target.

    When the session begins, the RDP file becomes invalid.

  5. When you have completed your sessions, it is recommended to delete the RDP file from the downloads folder.

Connect remotely to target machines

Remote connection requirements
 
  • This feature must be enabled by your Privilege Cloud administrator in order to work.
  • Only English keyboard layout is supported (QWERTY).
  • This topic is relevant for employees who require access to the organization's internal assets from remote. Vendors can connect remotely, as described in .Connect from remote using Remote Access.

Privilege Cloud enables you to connect to a target machine remotely, meaning from outside your organization's network. For example, if you are working from home and you do not have a VPN connection. Remote connection allows you to perform various actions on the machine, including file transfer.

Connecting remotely is similar to connecting from within the organization, with the exception of the method. Instead of establishing the connection using RDP, it is done using HTML5.

To connect remotely using the Privilege Cloud Portal:

  1. On the Accounts View, locate the account you want to connect to, and then click Connect.

    If the account is configured for dual-control, click Request Connection, and follow the instructions in Request a connection (dual control).

  2. On the Connect dialog box, click the Remote Connection toggle, enter any other required information, and then click Connect.

    A new browser tab opens with your remote session.

    If you are prompted by a popup blocker, set it to allow connections.

Request a connection (dual control)

You may be required to request a connection to specific accounts. When you request a connection, an authorized Safe owner receives your request and can either confirm or deny it.

You can review your requests from the Accounts > Request List. For details, see Review your connection requests.

To request a connection:

On the Request Connection page, enter the following information, and then click OK:

Connection Details

Field

Description

Reason

Enter a reason for accessing this account.

Request Timeframe

Specify the date range if you require access during a period of time.

Multiple access is required

Select if you need to access the Safe or file/account several times.

Additional information

The information in this section depends on the account type.

For details, see Account properties.



Keywords:
PAM, privilege, session, management, CyberArk, privilege cloud, connect, broker 
Doc ID:
136657
Owned by:
Peter V. in Cybersecurity
Created:
2024-04-08
Updated:
2024-08-06
Sites:
Office of Cybersecurity