Manage Access to Resources¶
Resource access via Fudo ShareAccess is administered in Fudo Enterprise through its objects, including Users, Servers, Accounts, and Safes. This section explains the fundamental workflow for resource management.
Note
In Fudo ShareAccess, visibility of configurations depends on specific conditions. Below is a summary of the prerequisites and conditions that must be met for configurations to be visible:
User Requirements: The user must be paired with or invited to Fudo ShareAccess.
Supported Protocols: The following protocols are available for use within Fudo ShareAccess:
- RDP
- SSH
Account Types: Only the following account types are supported:
- Regular accounts with properly configured credentials
- Forward accounts
Safe: The server must have the following options enabled:
- Fudo ShareAccess enabled
- OTP enabled
- Webclient enabled
*Listener is not required object for giving access to resources to Fudo ShareAccess.
To grant a user access to a specific server via Fudo ShareAccess, follow the steps below:
Create user and invite them to join Fudo ShareAccess. Refer to the Manage Fudo ShareAccess Members section for detailed instructions.
Create the server you want to grant access to via Fudo ShareAccess.
- Select > and then click .
- Enter server’s unique name.
- In the Settings section on the list of available protocols select
RDPorSSH. - From the Bind address drop-down list, select Fudo Enterprise IP address used for communicating with this server.
- In the Destination section select
Host,IPv4orIPv6. Enter server’s IP address.
- Click .
Create account which points to that server:
- Select > and then click .
- Define object’s name.
- In the Settings tab, in the Type field, press the button.
- In the Target section, click the button to assign the account to a specific server, then choose the server created in the previous step from the Server drop-down list.
- In the Credentials section, enter the login for the account on the server.
- In the Replace secret with section, click the button for the desired option, such as Password, and enter the account password in the Secret field.
- Click .
Create safe:
- Select > and then click .
- Enter object’s name.
- Click to save the object and proceed with further configuration.
In the General tab:
- The OTP in Access Gateway option is enabled by default and is responsible for generating OTP in the Access Gateway (required).
- Select Web Client option to allow connecting to the session using the built-in browser client (required).
- Select Fudo ShareAccess option option to enable the Safe for use with Fudo ShareAccess (required).
- Select Just in time option and provide a number of the voters. This feature allows defining and scheduling the time when a user is allowed to access specific resources for a set period of time. The user sends requests via the Access Gateway, and the voters accept or reject them on in the Admin Panel. Read more about the Just-In-Time feature in a Access requests section (optional).
- Click .
Add created user and account to safe:
- Go to the Users tab to assign users allowed to access accounts assigned to this safe.
- Click .
- Mark the checkbox in front of the users’ names to enable their server access through the monitored safe.
- Click to close the modal window.
- Select Accounts tab to add accounts accessible through this safe.
- Click .
- Mark the checkbox in front of the accounts’ names to add it.
- Click to close the modal window.
- Click to close the modal window.
Ensure the user is trusted:
- Select > .
- Find the desired user in the members list and verify that their status is TRUSTED.
After completing this guide, the user assigned to the safe can now log in to Fudo ShareAccess and access the server linked to the safe. For more information please follow the ShareAccess documentation.
Related topics: