Configuration
To configure the integration between ScreenConnect and Secret Server, make sure that you complete the following tasks:
-
Create a secret to store the credentials for each remote machine in Secret Server. During a ScreenConnect remote access connection to a remote machine, you will retrieve the credentials from the secret to log in to the machine.
-
Create an application account for this integration in Secret Server. During a ScreenConnect remote access connection to a remote machine, you must use the user name and password of the application account to log in your Secret Server instance to access the secrets in Secret Server . Make sure that the role of the application account in Secret Server has the View Launcher Password on Secrets and View Secret permissions. For more information about application accounts and how to create them, see the Secret Server documentation.
-
Configure your ScreenConnect instance to connect to your Secret Server instance on a remote machine.
The following sections detail how to perform these tasks.
Creating Secrets in Secret Server
To create a secret:
-
In Secret Server, choose the folder to store secrets or create a folder.
Make sure that the application account has the View permission for the folder. If there are any folders above the folder, make sure that the application account also has the View permission for each of those parent folders. For information about creating folders and folder permissions, see Folders in the Secret Server documentation.
-
In the upper-right corner of the Folder Details page, select Create secret.
-
In the Create New Secret page, choose the Windows Account template and then set the secret fields as follows:
-
Secret name: A descriptive name to identify the secret.
-
Machine: The IP address of the remote machine.
-
User name: The username to log in to the machine.
-
Password: The password to log in the machine.
-
Site: Select the site that the site belongs to.
-
(Optional) Auto Change Enabled: Select this checkbox to enable automatic remote password changing (RPC) for the secret.
-
This example uses the Windows Account secret template, but you can choose a different template that works best for your needs.
-
For details about creating secrets, see the Secret Server documentation.
-
-
To save the secret, select Create secret.
-
Grant the application account the View permission for the secret:
-
Go to the Sharing tab of the secret's page.
-
Select Edit in the upper-right corner.
-
Clear Inherit permissions.
-
Search for the application account by using the search box at the top.
-
Select the check box to the left of the application account name and then select View in the dropdown list under Secret Permissions.
-
- To create additional secrets for your other remote machines, repeat steps 2–5.
Configuring the ScreenConnect Instance
This section explains how to connect to your Secret Server instance on a remote machine by using a ScreenConnect remote access connection.
-
Log in to the ScreenConnect Cloud Portal and select Sign In.
-
In the left navigation pane, select Instances and on the Instances page, select the name of your ScreenConnect instance to access it.
-
In the left navigation pane, select Access.
-
Under All Machines by Company, on the sessions list, select the check box for the remote machine that you want to connect to and select Join above the sessions list.
A Join Session dialog appears. When a remote access connection to the remote machine is established, the ScreenConnect host client toolbar appears at the top of the remote machine desktop, and the Helper window opens on the right side (see the image under step 5 below).
If the Helper window is not visible, select the Helper plus icon on the host client toolbar (see the image under step 5).
-
In the Helper window, next to Select Provider, select Delinea Provider.
-
Select Configure Secret Server and enter the following parameters to connect to your Secret Server instance:
-
Delinea Server URL: The URL of your Secret Server instance.
The Secret Server URL must be a fully qualified domain name (FQDN), for example, https://TestMachine.gamma.mydomain.com/SecretServer. URLs that include an IP address or that are not an FQDN (such as https://12.34.56.789/SecretServer/ or https://TestMachine/SecretServer/) are not supported. If you entered a URL that is not a FQDN, you will get a "PLEASE ENTER A VALID URL" error. For information about how to resolve this error, see Troubleshooting.
-
Username or email: The username to authenticate with Secret Server.
-
Password: The password to authenticate with Secret Server.
-
Domain: If your Secret Server user is a domain, enter the user's domain. If your user is a local user, leave this box empty.
-
-
To save the connection parameters, select Save.