When getting started with Devolutions Server, one of the first things you’ll need to do is define your Privileged Access Management settings. Some settings are pretty simple to set up, while others might make you go: “hmmmm…what should I do here?”
Well, at Devolutions we want things to be as clear and simple as possible for you. And so, I thought it would be helpful to go over the difference between two sets of permissions: View sensitive information on checkout and Credentials brokering.
Where You’ll Find It
First, go to Administration > Devolutions Server Settings > Privileged Access Management. In the Credentials section, you’ll see the two options: View sensitive information on checkout and Credentials brokering.
View Sensitive Information on Checkout
The View sensitive information on checkout setting enables users to see and copy the password entry, even if the entry is checked out.
If this option is selected, here is an example of what a user would see after clicking on the “eye” icon (note that the entry has been checked out because the information says “Check Out – Active”):
If this option isn’t enabled, then the user would not have the ability to view the password:
Credentials Brokering
Credentials brokering allows credentials stored in a shared vault to be injected directly into remote sessions without exposing them to a user.
When opening the session that requires a privileged account, a pop-up appears with the checkout request window if the entry requires approval. Following approval, the user can launch the session. If the entry does not require approval, then the session launches directly.
And there you go! Truly, it’s not a question of whether one option is better than the other. The right choice is the one that works best for your team with respect to security, productivity, and efficiency.
I hope that you found this helpful. If you have any comments or questions about Devolutions Server, please let me know and I’ll try to cover it in a future article.