Secrets with Workflows

Connection Manager supports a variety of Delinea Platform and Secret Server workflows associated with remote connections and the workflows functions are very similar to Secret Server such as:

  • Multi-factor authentication
  • Require Comment
  • Check in or Check out (Able to check-in a secret if it was checked-out by the same user)
  • Change Password on Check-in
  • Prompt for Reason or Ticket System
  • Request Access

  • QuantumLock

Users will see a notification in the secret properties pane and if a Secret has a workflow associated with it, Connection Managerwill prompt you for the appropriate workflow options in the Properties pane. Please see the Secret Server Secret Workflows.

Once the workflow is successful, the connection is established.

Accessing Secrets Guarded by Multi Factor Authentication

Delinea Platform users can access secrets guarded by MFA through Connection Manager. When a user attempts to access a secret guarded by MFA, they will see a message that they must complete an additional MFA challenge:

MFA

After clicking Challenge, users will be prompted to complete the MFA challenge in a separate Connection Manager window. When the MFA challenge has been successfully completed, users can return back to Connection Manager to view or launch the secret.

MFA

Secret Check Out Timer

As part of the secret workflow, Connection Manager offers a secret check out timer which informs users how much time they have remaining to access a secret. The workflow for the secret checkout timer is described below:

  1. Simply click on any secret and in the right pane you will see information on whether or not the secret requires check out and how much time you will have to access the secret.

  1. If the secret requires check out, click Check Out
  2. Once you have been granted access to the secret, you will see a timer in the right pane, along with all of the needed information about the secret.

  1. When the time remaining with the secret falls below the threshold set in Secret Server, the timer color will turn red to alert users that they are running out of time to access the secret.
  2. Users can extend the secret check out timer by clicking Extend. (Optional)

Users must enter a reason for extending the secret check out time

 

The extend check out functionality needs to be configured in Secret Server.

Connection Manager automatically checks in secrets after the user logs off the endpoint server. To prevent this from occurring, please adjust the relevant setting in Secret Server.