CyberArk Privilege Cloud - Connect to a Target Device
Privilege Cloud provides single-sign-on capabilities to all of your privileged accounts. Using Privilege Cloud, you can connect to Windows servers, databases, SSH devices such as UNIX, Linux, routers and switches, without knowing or specifying the required password or key.
You need the following permissions in the Safe to connect to target devices:
- Use account
- List account
Connect in the following ways:
Connection type |
Description |
---|---|
Connect to remote target devices from the Privilege Cloud Portal |
|
Connect to any remote target securely with a standard Remote Desktop Client application like mstsc or a connection manager. The connection from the client machine is initially established using the RDP protocol, but it provides connectivity not only to Windows machines, but to a wide range of systems and applications. Use this method to connect to the target device without logging on to the Privilege Cloud Portal. |
|
Connect to remote target devices, such as Unix servers, using SSH. Use this method to connect to the target device without logging on to the Privilege Cloud Portal. Your admin must configure this capability before you can use it. |
|
Connect to unmanaged or non-defined machines (Ad Hoc Connections) |
Connect to any machine through PSM using any account, including those that are not managed in Privilege Cloud while retaining privileged session management benefits. |
Connect from the Privilege Cloud Portal
Connect to remote target devices from the Privilege Cloud Portal.
The following procedure describes how to connect using the Privilege Cloud Portal from within your organizational network, using an RDP file.
For details on connecting remotely, see Connect remotely to target machines
Connect to a target
To connect using the Privilege Cloud Portal:
-
On the Accounts View, locate the account you want to connect to, and then click Connect.
-
Your next steps depend on your system setup:
System access options Option
Step
Dual-control configuration
Click Request Connection, and follow the instructions in Request a connection (dual control)
PSM access
In the Connect dialog box, enter the required information and click Connect.
-
A download icon in the top right corner of the workstation indicates that an RDP file is downloaded to the Downloads folder on your computer.
The RDP file is dedicated to the specific target you requested to access, and appears with the following name convention:
RDP file name convention RDP file name
Description
[Target IP address]PSM Address.[sequential number].rdp
The file is valid for 6.0 seconds
-
In the Downloads folder double-click the RDP file to connect to your target.
When the session begins, the RDP file becomes invalid.
-
When you have completed your sessions, it is recommended to delete the RDP file from the downloads folder.
Connect remotely to target machines
|
---|
Privilege Cloud enables you to connect to a target machine remotely, meaning from outside your organization's network. For example, if you are working from home and you do not have a VPN connection. Remote connection allows you to perform various actions on the machine, including file transfer.
Connecting remotely is similar to connecting from within the organization, with the exception of the method. Instead of establishing the connection using RDP, it is done using HTML5.
To connect remotely using the Privilege Cloud Portal:
-
On the Accounts View, locate the account you want to connect to, and then click Connect.
If the account is configured for dual-control, click Request Connection, and follow the instructions in Request a connection (dual control).
-
On the Connect dialog box, click the Remote Connection toggle, enter any other required information, and then click Connect.
A new browser tab opens with your remote session.
If you are prompted by a popup blocker, set it to allow connections.
Request a connection (dual control)
You may be required to request a connection to specific accounts. When you request a connection, an authorized Safe owner receives your request and can either confirm or deny it.
You can review your requests from the Accounts > Request List. For details, see Review your connection requests.
To request a connection:
On the Request Connection page, enter the following information, and then click OK:
Field |
Description |
---|---|
Reason |
Enter a reason for accessing this account. |
Request Timeframe |
Specify the date range if you require access during a period of time. |
Multiple access is required |
Select if you need to access the Safe or file/account several times. |
Additional information |
The information in this section depends on the account type. For details, see Account properties. |