Configuring Secret Server

To configure Secret Server for the integration with ScreenConnect, complete the following tasks: 

• Step 1: Creating an Application Account in Secret Server.

• Step 2: Creating a Secret in Secret Server.

Step 1: Creating an Application Account in Secret Server

During a ScreenConnect remote access connection to a remote machine, you must use the username and password of an application account in Secret Server to log in your Secret Server instance to access the secrets. If you don't have an application account in Secret Server, you can create one. For more information about creating an application account, see Managing Local Accounts in the Secret Server documentation.

The application account's role in Secret Server must have the View Launcher Password on Secrets and View Secret permissions. The following procedure describes how to create a role with these permissions and how to assign the role to your user in Secret Server.

1. In Secret Server, navigate to Access > Roles.

2. Select Create role.

3. In the Create role dialog, provide a name and an optional description for the new role, and select Save.

4. Go to the Permissions tab for the role.

5. Select Edit and in the Scope dropdown list, select All.

6. Search for the View Launcher Password on Secrets permission by using the search box at the top.

7. Select the checkbox next to the permission name and select Save.

8. Repeat steps 6–7 to add the View Secret permission to the role.

   The Permissions tab shows the permissions added to the role.

9. Assign the role to your user in Secret Server:

   1. Navigate to Access > Users.

   2. On the User management page, search for and select the application account.

   3. On the user page, go to the Roles tab and select Edit.

   4. In the window that appears below, search for and select the role that you created and select the checkbox next to the role name.

   5. Select Save.

Step 2: Creating a Secret in Secret Server

During a ScreenConnect remote access connection to a remote machine, you retrieve the credentials from a secret in Secret Server to log in to the machine.

You must grant the Secret Server application account that you use for this integration the View permission for the secret. The following procedure describes how to create a secret to store the credentials for the machine and how to grant the application account the View permission for the secret.

To create a secret:

1. In Secret Server, choose the folder to store the secret or create a folder for the secret.

   Make sure that the application account in Secret Server that you use for this integration has the View permission for the folder. If there are any folders above the folder, make sure that the application account also has the View permission for each of those parent folders. For information about creating folders and folder permissions, see Folders in the Secret Server documentation.

2. In the Create New Secret page, choose the secret template that works best for your needs and then set the secret fields.

   You can use any secret template. For details about creating secrets, see the Secret Server documentation.

3. Grant the application account the View permission for the secret:

   1. Go to the Sharing tab of the secret's page.

   2. Select Edit in the upper-right corner.

   3. Clear Inherit permissions.

   4. Search for the application account by using the search box at the top.

   5. Select the check box to the left of the application account name and then select View in the dropdown list under Secret Permissions.

4. To create additional secrets for your other remote machines, repeat steps 1–3.