Ad Hoc Connections

You can connect to any machine through PSM using any account, including those that are not managed in the CyberArk Vault. Connecting to accounts that are not managed (when you know the target machine's credentials) is referred to as Ad Hoc Connections. All ad hoc connection sessions benefit from the standard PSM features, including session recording, detailed auditing, and standard audit records. In addition, authorized users can monitor active sessions in real time, assume control, and terminate them when necessary.

Connect to a remote device with an ad hoc connection

You can configure multiple ad hoc connection platforms, and define different settings for each one, such as recording Safes or a different PSM server. This way, you can create ad hoc connection platforms that suit the network structure and your organizational business needs.

In the Ad Hoc Connection page, you select the ad hoc connection platform and a client that enables them to log on to the remote device. Then you specify the address of the remote machine, and the user name and password that are required to log on, but which are not managed in the Vault.

 
  • When using ad hoc connections, part of the PSM security benefits are lost since the privilege credentials that are used to connect are not secured and vaulted. When possible, it is recommended to take a more secure approach by storing the credentials in the Vault and using standard PSM connections.
  • The ad hoc connection workflow is not supported when connecting directly from the user’s desktop using an RDP client application. Use PVWA for such connections.

 

To connect to a remote device with an ad hoc connection:

  1. In the PVWA, In the Accounts List, click Ad-Hoc Connection.

  2. From the Platform Name drop-down list, select the ad hoc connection platform used to connect to the remote machine.
  3. From the Client drop-down list, select the ad hoc connection client used.

  4. Specify the information that is required to create an ad hoc connection to the remote machine.
  5. Information Description
    All Clients:  
    Required information:
    Platform Name The name of the ad hoc connection platform used to connect to the remote machine.
    Client The connection component used to log on to the remote device.
    Address The IP/DNS address of the remote machine that the user logs on to.
    User Name The name of the user who logging on to the remote machine.
    Password The password used to log on to the remote machine.
    Optional information:
    Map local drives Connects your local drives to the remote computer.
    SQL Plus and Toad Clients:
    Required information:
    Connect As The specific user role used to log on to the remote machine.
    Port The port used to log on to the remote machine.
    Database The remote database that the user logs on to.
    SSH and WinSCP Clients:
    Required information:
    Port The port used to log on to the remote machine.
    RDP Clients:
    Required information:
    Logon To The specific user role used to log on to the remote machine.
    Port The port used to log on to the remote machine.
    Optional information:
    Connect to machine console Connects your local machine to the machine console.
    PSM-SQLServerMgmtStudio Clients:
    Required information:
    Database The remote database that the user logs on to.
  6. Click Connect, and then, on the Remote Desktop Connection window, click Connect again.