Enterprise Recon 2.0.27

Target Credential Manager

The Target Credential Manager manages the credentials for Target locations that require user authentication for access.

The section covers the following topics:

Credential Permissions

Whether a user can view, use, add, or edit a set of saved credentials depends on the User Permissions granted. The following table describes the types of access each set of User Permissions grants for credentials.

Global Manager Manager Global Reader Reader
Use All Credentials User-specific permissions All credentials User-specific permissions
Add
Edit/Remove

Global Managers have full access to all credentials, while Global Readers can view and apply all credentials to Targets.

Non-global Managers and non-global Readers have user-specific permissions for credential sets. For a Manager or Reader to have access to a set of credentials, access must be explicitly granted to the user through User Permissions.

Granting users permissions to a credential set does not automatically grant the user access to the Target location it applies to, because the permissions to scan a Target and permissions for credentials are handled separately.

Conclusion: To scan a Target location that requires user authentication, you need at least Manager permissions for a given Target location and at least Reader permissions for the appropriate credential set.

Example 1: User B Scans Target A

Target location A is a Unix network share. Credential Set X contains the user name and password to access Target A.

User B has Manager permissions for Target A and Reader permissions for Credential Set X. Hence, User B can start a scan on Target A using Credential Set X.

er2-credentialManager-eg1.png

Example 2: User C cannot scan Target A

Target location A is a Unix network share. Credential Set X contains the user name and password to access Target A.

User C has Manager permissions for Target A but no permissions granting access to Credential Set X. This means User C cannot start a scan on Target A using Credential Set X for access.

er2-credentialManager-eg2.png

Using Credentials

Credential sets that are saved in the Target Credential Manager appear in the Stored Credentials field when Adding Targets to scans.

er2-stored-credentials.png

If the credential set you are adding has not been previously saved to the Target Credential Manager, you must enter the credential set into the Credential Details field set.

Once the Target is added to ER2, the credentials that you entered into the Credential Details field set is automatically saved to the Target Credential Manager under the Credential Label that you have specified.

Add Target Credentials

You can add credentials to the Target Credential Manager in two ways:

  • When you Start a Scan, the credentials you use for that scan are saved in the Target Credential Manager.
  • Adding a credential set through the Target Credential Manager.

er2-tcm-server.png

To add a Credential Set through the Target Credential Manager

  1. Go to SCANNING > TARGET CREDENTIAL MANAGER.
  2. On the top-right of page, click +Add.
  3. In the New Credentials page, enter a descriptive label in the Credential Label field.
  4. Select the Target Type:

    Target Type Description
    Cloud

    From the Storage Provider list, select your cloud storage provider.

    Each cloud storage provider requires different credential formats. See Add Targets.

    Server

    In the New Credentials page, enter your:

    • User name.
    • Password.
    • (Optional) Click Browse to upload a P12 key or SSL certificate.

Edit Target Credentials

You can edit previously saved credentials through the Target Credential Manager:

  1. Hover over the Target credential set that you want to edit on the Target Credential Manager.
  2. Click Edit to edit the credentials.