Manage the credentials using the Credentials Manager
Use the Credentials Manager to create and manage ipMonitor credentials.
Credentials allow the ipMonitor Service to execute under the context of an account with the least amount of privileges. ipMonitor can impersonate accounts with elevated permissions when necessary.
When you create your credentials using the Credentials Wizard, the credentials are stored in Credential Manager. ipMonitor uses AES 256-bit encryption internally to store all sensitive parameters and data.
The interface is restricted to Administrators only. The access control options allow administrators to specify users who can user the credentials and determine their use.
To use Credentials Manager, log in over an SSL-secured connection or a local HTTP connection. If you log in through a non-secure, non-local channel, the Credentials Manager will only permit you to view the credentials and not allow you to make configuration changes.
Add a credential
You can add credentials using the Credentials Manager or the Credentials Wizard. The Credentials Wizard allows you to create a new credential while you configure a Monitor, Alert, or Recovery Action, and apply it immediately. You cannot use the Credentials Wizard to edit or manage credentials.
- Log in to ipMonitor.
- Click Configuration in the toolbar.
- In the Configuration page, click Credentials List.
- Click Add Credential.
Under Identification, enter a credential name and owner of the administrator account responsible for creating and administrating the credential.
The credential name identifies the owner. The owner is the administrator account responsible for creating and administrating the credential.
- Under Sensitive Data, configure the account name and password.
Click Account and enter the account name. The name can be a Windows Domain, local machine, email, or another type of account.
Valid formats include:
- Click Password and enter the account password.
- (RADIUS monitor only) Click Secret (for RADIUS) and enter a secret word. This will be used when creating a credential for a RADIUS monitor.
Under Usage Restrictions, select an authentication method to validate the client identity.
By default, you can only apply a credential to monitors configured by the credential owner. If required, you can allow credentials to be used by any account.
After you create a credential, you may need to modify your local security policies before the ipMonitor service can properly impersonate another account.
If you are setting up a credential for a VMware monitor, select Always allowed when over SSL. If you choose another setting, the integration between ipMonitor and the ESXi host will be broken.
- Under Monitors using this credential for monitoring, associate one or more monitors that will use this credential. After you assign a credential to a specific monitor, the usage restrictions you set up in the previous step determine the specific authentication methods it supports.
- Click Add Monitors.
Select all monitors that require this credential for monitoring, and then click Continue.
- Under Monitors using this Credential for recovery, select all monitors that require this credential for recovery.
- Click Add Monitors.
- Select all required monitors, and then click Continue.
- Under Actions using this Credential, associate this credential for alerting.
- Click Add Actions.
- Select one or more actions from the actions list, and then click Continue.
Under Display Categories, select one or more categories that apply to the credential. This process helps you identify a credential when you configure a new monitor.
If you are setting up a credential for a VMware monitor, select HTTP (HTTP and HTTPS). If you choose another setting, the integration between ipMonitor and the ESXi host will be broken.
Click OK to save the credential.
The credential is added to the Credential List page.
- (Optional) Add a custom tag to a credential.
When a credential is not associated with an administrator account, it is considered to be orphaned. This is a security precaution. It occurs when the administrator account that created the credential was deleted, or when the password for the administrator account was force-changed through the account configuration page.
Administrators can change the password in another account in the Accounts List page located in the Configuration view. Force-changing your password or another user password in this configuration area orphans any credentials owned by the user. This is a security precaution that prevents another ipMonitor administrator from hijacking another account's credentials for his own use. If you use the My Settings configuration panel to change your password, this issue will not occur.
A warning message displays at the top of the Edit Credential page for any Orphaned Credential.
Reinitialize an orphaned credential
- Click Enable to reenter the Account Name and Password information.
- Click OK to save your changes and associate this credential with the current ipMonitor administrator account.