Add a credential
Use the Credentials Manager to manually add and manage your ipMonitor credentials. All credentials are stored in Credential Manager. ipMonitor uses AES 256-bit encryption internally to store all sensitive parameters and data.
Credentials allow the ipMonitor Service to execute under the context of an account with the least amount of privileges. ipMonitor can impersonate accounts with elevated permissions when necessary.
You can configure the credentials to the authentication requirements of the target resource. You can also configure the credentials for use by the administrator who created them, or by another administrator. When you are finished, you can add custom tags to your credentials that include notes, links, and any additional information.
See Credentials for more information about generating credentials in ipMonitor.
- Log in to ipMonitor as an administrator.
- Click the Configuration tab.
- In the Configuration page, click Credential List.
- In the toolbar, click Add Credential.
-
Under Identification, enter a credential name and owner.
The credential name identifies the owner. The owner is the administrator account responsible for creating and administrating the credential.
-
Under Sensitive Data, configure the account information for each selection.
-
To configure Account, click Enable and enter the account name. The name can be a Windows domain account, local machine account, email account, or another type of account.
Valid Window account formats include:
DOMAIN\Account\Name
.\AccountName
AccountName
AccountName@domain.com
(Windows only)
-
To configure Password, click Enable and enter a password.
When you are finished, the password is hidden to maintain security.
- To configure Secret (for Radius), click Enable and enter a secret.
-
-
Under Usage Restrictions, select the appropriate restrictions for this credential.
See Credential user restrictions for a description of each option.
If you are setting up a credential for a VMware monitor, select Always allowed when over SSL. If you choose another setting, the integration between ipMonitor and the ESXi host will be broken.
- Under Monitors using this Credential for monitoring, associate a credential for monitoring. After a credential is assigned to a specific monitor, the Usage Restriction settings determine the specific authentication methods it supports.
- Click Add Monitors.
- Select all monitors that require the credential for monitoring, and then click Continue.
- Under Monitors using this credential for recovery, associate a credential for recovery.
- Click Add Monitors.
- Select all monitors that require this credential for recovery purposes, and then click Continue.
- Under Actions using this Credential, select all actions that use this credential for alerting.
- Click Add Actions.
- Select all actions that require this credential for alerting, and then click Continue.
-
Under Display Categories, select the one or more categories for your credential. This will help you identify the proper credentials when you configure a new monitor in the Credentials Wizard.
If you are setting up a credential for a VMware monitor, select HTTP (HTTP and HTTPS). If you choose another setting, the integration between ipMonitor and the ESXi host will be broken.
-
Click OK.
The credential is added to the Credential List page.
- (Optional) Add a custom tag to a credential.
Credential user restrictions
When you set up your user restriction options for a credential, you can assign a specific restriction. The following table lists the available user restrictions.
By default, a credential can only be applied to monitors configured by the credential owner. You can modify this behavior by allowing the credentials to be used by any account. Once you create a credential, you may need to modify the Local Security policies before the ipMonitor service can properly impersonate another account.
Option | Description |
---|---|
May only be authorized for use by the owner (Default) | Only the Administrator account that created the credential can assign it to a monitor, alert, or server / workstation control feature. |
May be authorized for use by any account | Any ipMonitor account with the appropriate access to the Administration web interface can assign the credential to a monitor, alert, or server / Workstation control feature. |
Always allowed when over SSL |
Allows ipMonitor to perform authentication if SSL encryption is used. For example, an HTML/ASP monitor connects to a secure website that challenges with basic authentication after the SSL connection is established. When this option is enabled, the credential is authorized to use any authentication method necessary. This may include authentication methods that are not specifically selected within the Usage Restrictions section. |
May be used with Digest Authentication Schemes |
Use Digest Authentication for monitors, alerts, and features. These include:
|
May be used with NTLM Authentication Schemes (Windows NT LAN Manager) |
Use NTLM authentication for monitors, alerts, and features. These include:
|
May be used with Windows Impersonation for use with RPC |
Use Remote Procedure Call (RPC) impersonation for monitors, alerts, and features. These include:
|
May be used with Windows Impersonation to start an external process |
Allow the ipMonitor Service to impersonate the security context of a separate account for monitors, alerts. and features. These include:
|
May be used with ADO in Standard (SQL) Authentication |
Use the ADO "Usage Restriction" for the following monitors:
|
May be used to encrypt data | Allows ipMonitor to encrypt and export the Credentials database. This usage restriction is only used when archiving configuration details in Internal Maintenance. |
May be transmitted in clear text |
Allow ipMonitor to authenticate in clear text for monitors, alerts and features. These include:
|
Add a custom tag to a credential
Custom tags allow you to add notes, links, and any additional information to individual monitors, groups, alerts, credentials, report generators, and maintenance schedules. After you tag a credential, other users can access and view the information attached to it.
- In the Credentials List, locate a credential that needs a tag.
- In the Tag column, click the icon.
- Under Tags, click Add Tag.
-
Under Identification, enter a unique name to identify the tag.
-
Under Edit Tag Value, enter the tag content in the Tag Value text box.
To format the code, enter a specific code using opening and closing square brackets ( [ ] ). This is a variation of the HTML tags, allowing you to quickly add functionality and style to your post. You can use the format options or input opening and closing tags directly in the message.
- Click OK.