Session Recording Limits

The default maximum recording time for each session (start to end) regardless of how many tabs are open, is two hours. If a user starts session recording on red.delinea.com, and then opens a tab for blue.delinea.com, session recording will continue on blue.delinea.com when it is in focus. By default, session recording will stop after two hours, and both tabs will close. This session recording limit can be extended to a maximum of eight hours by configuring the Native Messaging Host file.

If you want to capture other sites with different subdomains that launch from the same Secret, you must use RegEx to configure the Secret to include the other URLs.

RegEx

RegEx is a sequence of patterns specified in Secret Server templates and provided to be specified as OtherUrls during account setup in Web Password Filler (WPF), allowing session recording on redirected websites.

When a user is logged into a website using a secret and session recording is enabled, WPF will record a session for that URL. If a user is redirected to another URL and session recording should continue for the redirected URL, those URLs can be added in the OtherUrls field when the account is added. Currently this field supports only URLs.

Note: That as soon as a URL is accessed for a website and secret with session recording enabled, session recording will capture everything the user does, even if the user changes a password for that secret.

Using RegEx in WPF

1. To add a new secret via WPF, select a Secret Server template that has the RegEx field.

   

2. Click OK.

3. In the new Add Account to Secret Server dialog add the required details.

   

   In the field Extended Mapping, enter any other URL for which session recording should enabled, in the event that the user is redirected to those URLs.

4. Click Save.

Setup in Secret Server

1. Sign into Secret Server and navigate to Admin | Secret Templates.

   

2. Click Create Template.

3. Name the new template and click Save.

   

4. Inside the secret template, click Mapping.

   

5. In the Mappings page click Add Mapping.

   

6. From the Mapping Type drop-down select Regex List

7. From the Regex List Field drop-down select the fields you would like to map.

8. Click Save.

The template is now ready to be used in WPF.

If you have session recording enabled for two secrets that contain the same primary or secondary domain (e.g. microsoftonline.com) and the same host name (e.g. microsoftonline.com) AND both secrets are used, WPF will close the first session when the second session is selected, closing the tabs associated with the first secret. This is expected behavior, ensuring that the only sessions recorded are those associated with secrets that require session recording. Sites like microsoftonline only allow one login / active credential at a time.

If you have session recording enabled for two secrets that do not contain a primary / secondary domain (e.g. .net, .com, .co.in) address, both secrets will be recorded independently. For instance red.local.something is not the same as blue.local.something because “something” is neither a primary domain or secondary domain identifier.

IP Addresses are now treated as an entirely unique address (e.g. 10.0.0.61 is not the same as 10.0.0.51) and will be recorded independently.

WPF records sessions for the account that was used to log into the Windows Admin Center directly. However, WPF cannot record RDP sessions logged into after that, because the main browser window still refers to the Windows Admin Center URL, and not to the RDP window nested inside the browser page.