Managing Session Recording Limits

Each session has a default maximum recording time of two hours, regardless of how many tabs you have open. If you start session recording on red.delinea.com, and then open a tab for blue.delinea.com, session recording will continue on blue.delinea.com when you focus on it. By default, the system will stop session recording after two hours and close both tabs. You can extend this session recording limit to a maximum of eight hours by configuring the Native Messaging Host file.

If you want to capture other sites with different subdomains that launch from the same Secret, you must use RegEx to configure the Secret to include the other URLs.

Using RegEx

RegEx provides a sequence of patterns that Secret Server templates specify and that you can enter as OtherUrls during account setup in Web Password Filler. This allows you to record sessions on redirected websites.

When you log into a website using a secret and have session recording enabled, WPF will record a session for that URL. If the website redirects you to another URL and you want session recording to continue for the redirected URL, you can those URLs in the OtherUrls field when you add the account. Currently, this field supports only URLs.

As soon as you access a URL for a website using a secret with session recording enabled, the system will capture everything you do. This includes any actions you take to change the password for that secret.

Using RegEx in WPF

  1. To add a new secret via WPF, select a Secret Server template that has the RegEx field.

    regex-1

  2. Click OK.

  3. In the new Add Account to Secret Server dialog, add the required details.

    regex-2

    Enter any other URL in the Extended Mapping field for which you should enable session recording, in case the user gets redirected to those URLs.

  4. Click Save.

Setting Up Templates in Secret Server

  1. Sign into Secret Server and navigate to Admin Secret Templates.

    templates

  2. Click Create Template.

  3. Name the new template and click Save.

    create new page

  4. Inside the secret template, click Mapping.

    extended map

  5. In the Mappings page, click Add Mapping.

    config

  6. From the Mapping Type drop-down, select Regex List.

  1. From the Regex List Field drop-down, select the fields you would like to map.

8. Click Save.

You can now use the template in WPF.

If you enable session recording for two secrets that contain the same primary or secondary domain (e.g. microsoftonline.com) and the same host name (e.g. microsoftonline.com), and you use both secrets, WPF will close the first session when you select the second session. It will also close the tabs associated with the first secret. This ensures that WPF only records sessions associated with secrets that require session recording. Sites like microsoftonline.com only allow one login/active credential at a time.

If you have session recording enabled for two secrets that do not contain a primary / secondary domain address (e.g. .net, .com, .co.in), both secrets will be recorded independently. For instance, red.local.something is not the same as blue.local.something because 'something' is neither a primary domain or secondary domain identifier.

IP Addresses are now treated as an entirely unique address (e.g. 10.0.0.61 is not the same as 10.0.0.51) and will be recorded independently.

WPF records sessions for the account that logged directly into the Windows Admin Center. However, WPF cannot record RDP sessions that you log into after that initial login. This is because the main browser window still refers to the Windows Admin Center URL, and not to the RDP window nested inside the browser page.