Credential Cache Pane

Getting there

From the server console, click Configuration > Authentication > Credential Cache.

You can use cached credentials to manage access to network resources. Credentials are stored in an encrypted file in the Reflection for Secure IT data folder The default data folder location is: C:\ProgramData\Micro Focus\RSecureServer .

To add credentials to the cache you can:

Configure the server to record Windows credentials when users log in.
Manually add user credentials to the cache.

You can use cached credentials for any or all of the following:

Cached passwords for client access

Use cached passwords to give users access to domain resources using their own Windows credentials. This option is needed only when users log into the server without using their Windows credentials (for example using public key authentication). Without cached credentials, users who log in with public key authentication have access to folders on local drives, but don't have access to network resources. For more information, see Record and Use Cached Credentials.
SFTP directories and mapped drives

Use a specified account to connect to SFTP-accessible network resources or mapped drives. This option allows you to provide access that wouldn't be available to a user based on that user's own Windows account privileges.
Active Directory access

Use a specified account to give the server access to Active Directory. The server uses this account when it queries Windows Active Directory for user attributes and group membership. For more information, see Active Directory Access Pane.
Reflection Gateway user access account

Use a specified account to provide access to Reflection for Secure IT Gateway users. Reflection Gateway users run under the privileges of the specified account. This option is relevant only if you have installed and configured Reflection for Secure IT Gateway and have enabled connections from Reflection Gateway Users on the Reflection Gateway Users Pane.

The options are:

Record passwords in the cache when users log in

	When this item is selected:
If a user authenticates using a Windows password, this credential is added to the cache. If a user is configured to authenticate using public key authentication (or any other method that doesn't require entering Windows credentials) and there's no credential for that user in the cache, the server authenticates the user the first time by requesting a password and then adds this credential to the cache. On subsequent logins, the server authenticates the user with the public key (or other method). If a user uploads a public key to the server using the Reflection for Secure IT Client for Windows upload utility and is prompted for a password during the upload, the credential is added to the cache at that time.
Use cached passwords to give users access to domain resources
	When this item is selected, users who authenticate using public keys (or any other authentication method that doesn't require entering Windows credentials) have access to domain resources using their own cached credentials. NOTE:If Record passwords in the cache when users log in is disabled when a user’s password changes, this setting must be enabled to record the updated password the next time the user connects or the password must be updated manually in the server console.

Cache contents

Filters	Opens the Filters dialog box, which you can use to configure which credentials are listed. You can use a filtered view to manage your stored credentials. For example, if you want to remove all credentials last used before a specified date, you can set that filter, then remove all items in the filtered list.
Refresh	Refresh the display to match the current contents of the cache. (The display is also updated automatically when you launch the console, open this pane, or make edits to the cache contents.)
Export	Exports data from the credential cache to a CSV (comma-separated value) file. The exported file includes user names and last used values; passwords are not exported.
Current filter	The default is All credentials. Click Filters to change this filter. You can filter the list based on allowed uses and/or the last used date.
User	Shows the user account name in domain\user format.
Last used	Shows the date this account was last used for user authentication. NOTE:The Last Used date is not updated when a cached credential is used for mapped drives, SFTP directories, or Active Directory access. (The date is updated when a cached credential is used because Use cached passwords to give users access to domain resources is selected.)
Allowed uses	The possible values are Cached passwords, SFTP directories/Mapped drives, Active directory, and Reflection Gateway user. These options are described above. Click Edit to change the allowed uses for a user.