Credential Cache Pane

Getting there

You can use cached credentials to manage access to network resources. Credentials are stored in an encrypted file in the Reflection for Secure IT data folder.

To add credentials to the cache you can:

  • Configure the server to record Windows credentials when users log in.
  • Manually add user credentials to the cache.

     

You can use cached credentials for any or all of the following:

  • Cached passwords for client access

    Use cached passwords to give users access to domain resources using their own Windows credentials. This option is needed only when users log into the server without using their Windows credentials (for example using public key authentication). Without cached credentials, users who log in with public key authentication have access to folders on local drives, but don't have access to network resources. For more information, see Record and Use Cached Credentials.

  • SFTP directories and mapped drives

    Use a specified account to connect to SFTP-accessible network resources or mapped drives. This option allows you to provide access that wouldn't be available to a user based on that user's own Windows account privileges.

  • Active Directory access

    Use a specified account to give the server access to Active Directory. The server uses this account when it queries Windows Active Directory for user attributes and group membership. For more information, see Active Directory Access Pane.

  • FileXpress user access account

    Use a specified account to provide access to FileXpress Gateway users. FileXpress users run under the privileges of the specified account. This option is available only if you are running FileXpress Gateway. For more information, see FileXpress Users.

 

The options are:

 

Record passwords in the cache when users log in

 

 

When this item is selected:

 

  • If a user authenticates using a Windows password, this credential is added to the cache.
  • If a user is configured to authenticate using public key authentication (or any other method that doesn't require entering Windows credentials) and there's no credential for that user in the cache, the server authenticates the user the first time by requesting a password and then adds this credential to the cache. On subsequent logins, the server authenticates the user with the public key (or other method).
  • If a user uploads a public key to the server using the Reflection for Secure IT Client for Windows upload utility and is prompted for a password during the upload, the credential is added to the cache at that time.

     

 

Use cached passwords to give users access to domain resources

 

 

When this item is selected, users who authenticate using public keys (or any other authentication method that doesn't require entering Windows credentials) have access to domain resources using their own cached credentials.

Note: To enable Use cached passwords to give users access to domain resources, you must select Record passwords in the cache when users log in. This is by design, and enables the server to update cached passwords when a password change is required.

 

Cache contents

 

Filters

Opens the Filters dialog box, which you can use to configure which credentials are listed.

You can use a filtered view to manage your stored credentials. For example, if you want to remove all credentials last used before a specified date, you can set that filter, then remove all items in the filtered list.

 

Refresh

Refresh the display to match the current contents of the cache. (The display is also updated automatically when you launch the console, open this pane, or make edits to the cache contents.)

 

Export

Exports data from the credential cache to a CSV (comma-separated value) file. The exported file includes user names and last used values; passwords are not exported.

 

Current filter

The default is All credentials. Click Filters to change this filter. You can filter the list based on allowed uses and/or the last used date.

 

User

Shows the user account name in domain\user format.

 

Last used

Shows the date this account was last used for user authentication.

Note: The Last Used date is not updated when a cached credential is used for mapped drives, SFTP directories, or Active Directory access. (The date is updated when a cached credential is used because Use cached passwords to give users access to domain resources is selected.)

 

Allowed uses

The possible values are Cached passwords, SFTP directories/Mapped drives, Active directory, and FileXpress user.
These options are described above. Click Edit to change the allowed uses for a user.

Related Topics

Record and Use Cached Credentials

Understanding How Credentials Affect User Access to Resources

Files Used by Reflection for Secure IT