Getting Started

Credential Manager provides access to secrets across your organization. In order to use the extension, you need a supported browser and valid login credentials.

For a list of supported browsers, see Troubleshooting.

Downloading the Extension

  1. Install Credential Manager from supported browser stores.

  2. If Credential Manager does not appear in the extensions toolbar, click the puzzle piece icon and pin Credential Manager to your toolbar.

  3. Click the Credential Manager icon.

    The extension appears grayed out because it is not yet connected to your Delinea Platform or Secret Server.
    For example:

Logging In to Delinea Platform

To use Credential Manager to manage your secrets and log in to websites, you need to sign in to Delinea Platform.

To log in to Delinea Platform:

  1. Enter your Delinea Platform tenant URL. If it doesn't auto-populate, enter it manually.

  2. Enter your username and click Next in the window that opens to the tenant URL.

  3. Enter your password and click Next.

  4. Click the Credential Manager icon to open the extension and view the Secrets tab.

    Depending on administrative MFA settings or authentication policies, you may be required to validate your identity with a second authentication method.

You may now manage your secrets and log in to websites.

Session Lengths

For Delinea Platform, set the maximum Credential Manager session length using the Session Length value. The platform issues one-hour tokens, and you can refresh tokens until reaching the session limit. If anything blocks token refresh, Credential Manager logs you out early. See Browser Session Parameters.

In Secret Server, administrators set both the access token duration and the number of allowed refresh tokens. This approach gives precise control over session duration. If you block token refresh for any reason, Credential Manager logs out early. See Enabling Refresh Tokens for Web Services.

If your computer sleeps or stays inactive, Credential Manager may not refresh your access token. When you return, you may be logged out because the system needs to refresh its access token, which cannot happen while the device is asleep.

The Credential Manager has the following browser limitations:

  • Browsers may suspend the extension's service worker at any time.

  • Browsers do not guarantee that JavaScript timers for token refresh run on schedule, especially if the browser does not prioritize extensions.

Delinea Platform and Secret Server require you to refresh tokens before the access token expires. If refresh fails for any reason, you lose the session and Credential Manager logs out. Credential Manager tries to refresh tokens two minutes before expiration. If you set very short token lifespans (shorter than the default twenty minutes), the early refresh means your total session lasts less time than expected.

For example:

If you use a five minute token with ten refreshes, you might expect a 55 minute session. However, if the token is refreshed two minutes early each time, the session ends after only 33 minutes.

To exchange a refresh token for an access token, see Exchanging a Refresh Token for a New Access Token.