Allowing Only the PRA Launcher on a Secret

The following steps describe how to allow only the PRA launcher ("Open with Remote Access") on a secret:

1. Configure the secret template with the "classic" RDP or SSH launcher.

2. In the Delinea Platform portal, navigate to the Groups page and create a group for users restricted to PRA only.

3. Go to the Roles page and create or modify a role with these permissions:

   1. View Secret

   2. Secret Launch Remote Access (Platform)

      Ensure the role does not contain the "Secret Launcher" permission as this keeps RDP/SSH launchers visible.

4. Add the group to the role and verify the correct users are in the group.

5. Check to make sure that the Everybody group is disassociated from the Platform User role. Otherwise, the user will retain a pathway to the Secret Server Launch permission through the Everybody group membership.