Syteca Web Connection Manager
Syteca Web Connection Manager is an alternative and simplified method to using the desktop version of Syteca Connection Manager.
This functionality consists of the following 2 options for use, available directly from the Management Tool to users with any administrative permission (who have been granted the corresponding Role Type permissions to use each secret to connect to the corresponding account):
• Launch in browser (also known as agentless PAM): Allows Active Directory account, Windows account, and Unix account (SSH) secrets to be launched in the browser on any computer, and does not require the Syteca Client to be installed, since user activity cannot be monitored and recorded.
• Launch locally: Allows all types of secrets to be launched locally on a Windows computer, which requires the Syteca Client to be installed (in a specific way by clicking the Install Syteca Client button when using the Launch locally option only - see below), and allows user activity to be monitored and recorded.
Prerequisites:
• The following browsers are supported (for the Launch in browser option only): MS Edge and Google Chrome.
• To be able to configure Syteca Web Connection Manager, the computer where the Mangement Tool is installed must be running on Windows Server 2019 or Window Server 2022 (for the Launch in browser option only).
The following secret types are supported for the Launch in browser and Launch locally options:
| # | Secret Type | Launch in Browser | Launch Locally |
|---|---|---|---|
| 1 | Active Directory account |  | |
| 2 | Windows account | | |
| 3 | Unix account (SSH) | | |
| 4 | Unix account (Telnet) |  | |
| 5 | Web account | | |
| 6 | MS SQL account | | |
NOTE: The "Launch in browser" option is not available if the "Record user activity while the secret is in use" option is enabled in the secret.
Table of Contents
1. Configuring the "Launch in Browser" Option for Secrets
1.1. Prerequisites
The following browsers are supported: MS Edge and Google Chrome.
To be able to configure Syteca Web Connection Manager, the computer where the Mangement Tool is installed must be running on Windows Server 2019 or Window Server 2022.
Furthermore, before Syteca Web Connection Manager can be used to launch secrets in the browser, the WSL (Windows Subsystem for Linux) feature on Windows Server 2019 (as well as the Hyper-V role on Windows Server 2022) first need to be installed on the computer where the Management Tool is installed, by doing the following:
1. Use Windows Server Manager to install the WSL feature and Hyper-V role (to be able to enable the Enable Syteca Web Connection Manager toggle, so as to use the Launch in browser option), as shown in the following screenshots (examples for using Windows Server 2022):
• Hyper-V (for Windows Server 2022 only).
• WSL (Windows Subsystem for Linux).
• Continue, and wait until installation is complete.
2. After installing WSL (and Hyper-V), restart the computer where Syteca Application Server is installed.
1.2. Configuring the "Launch in Browser" Option
To be able to launch secrets in the browser, Syteca Web Connection Manager first needs to be configured, by doing the following:
1. Log in to the Management Tool as a user who has both the administrative Privileged Accounts Management and Tenant Management and System Configuration permissions (e.g. as a user in the default Administrators group, or as the default "admin" user of the system).
2. Click on the Cog (
NOTE: The “Web Connection Manager” tab is only available if the Password Management (PAM) toggle is enabled in the license serial key.
3. On the Web Connection Manager tab, do the following:
a) Move the Enable Syteca Web Connection Manager toggle to the right to enable this functionality.
NOTE: This toggle cannot be enabled unless the WSL feature (and Hyper-V role) is first installed (see above).
b) Either:
- Select the Use an auto-created trusted self-signed certificate checkbox (which is selected by default, in which case a default self-signed certificate is automatically generated and used for connecting to the Apache Guacamole server).
- In the Import certificate and Import private key fields, upload the required files to use a custom certificate and private key (if used) respectively (by clicking the Choose File buttons).
c) Enter the required Port number to be used for Apache Guacamole (or use the default value of “4822”).
d) Click the Validate and Set Up button to automatically both:
- Check whether Apache Guacamole is installed, and automatically install it if not.
- Check whether the Web Connection Manager is configured correctly (i.e. that all the connection parameters specified on the page above are valid), and save the parameters.
e) Wait for the Validation Results to be displayed in the pop-up window that opens.
NOTE: In High-Availability mode, the “Validate and Set Up” button needs to be clicked in each Management Tool (i.e. on each node for each Application Server instance).
f) If the connection validation and set up fails, the message “Setup incomplete or failed.” is displayed, and the Validation Results pop-window displays one of the following error messages (in which case this issue needs to be fixed before proceeding as described below):
- “The certificate or private key is invalid or not supported”: Import a valid certificate (i.e. with valid contents) and also the private key (if used).
- “Port <4822> is in use by another application”: Free up the port specified, or enter another port number,
- “Insufficient disk space available for Web Connection Manager installation”: At least 220 MB of free disk space is required.
- “The required Windows features for WSL are not enabled”: The Windows WSL feature needs to be installed (see above).
- “An unknown error occurred.”: An error occurred for any other reason (except for the above).
4) Optionally, in the Browser Connection Settings section, move the Resource Optimization Mode toggle to left to disable it, and then click the Save button (in the bottom right).
NOTE: The “Resource Optimization Mode” toggle is enabled by default, where the amount/quality of visual effects is reduced to improve connection stability and decrease resource usage. Disabling it (by moving the toggle to the left) means all effects are enabled, which may impact performance in some environments.
NOTE: In Multi-Tenant mode, the specified settings are applied to all tenants, but can only be enabled by a user of the built-in default tenant.
2. Configuring the "Launch Locally" Option for Secrets
2.1. Prerequisites
If recording user activity is required, the Record user activity while the secret is in use checkbox needs to be selected to enable this functionality in all the required secrets.
NOTE: The "Launch in browser" option is not available if the "Record user activity while the secret is in use" option is enabled in the secret.
The following third-party applications need to be installed (on the computer where the Management Tool is being used) to be able to use the corresponding types of secrets:
| # | Secret Type | Application Required (to be Installed) |
| 1 | Active Directory account | Microsoft Remote Desktop Connection (i.e. the Windows native mstsc.exe application) |
| 2 | Windows account | Microsoft Remote Desktop Connection (i.e. the Windows native mstsc.exe application) |
| 3 | Unix account (SSH) | PuTTY |
| 4 | Unix account (Telnet) | [No third-party application required] |
| 5 | Web account | Google Chrome browser (in Incognito mode) |
| 6 | MS SQL account | Microsoft SQL Server Management Studio (SSMS) v. 18.0 or higher |
2.2. Configuring the “Launch Locally” option
To be able to use the “Launch locally” option, the Syteca Client application first needs to be downloaded and installed, in the following specific way:
1. Log in to the Management Tool as a user with a PAM seat license (and any administrative permission) assigned to them.
2. Hover over the required secret displayed in the grid (that the user has been granted the required Role Type and Advanced permissions to use), and click the Launch button (that is displayed in the floating bar).
3. In the drop-down list that is displayed, select the Launch locally option to connect to the secret in the third-party application that is then launched locally.
4. After clicking the Launch locally option, the following page opens (in a new browser tab):
5. If the Syteca Client has not yet been installed in this specific way, click the Download Syteca Client button to download it, and then install it (in the usual way).
NOTE: If the Syteca Client was previously installed on the computer from which the Web Connection Manager is being used in the Management Tool, but not by way of the Download Syteca Client button, it needs to be re-installed by clicking the Download Syteca Client button (and does not need first to be uninstalled and deleted in the Management Tool).
6. After installing the Syteca Client, it is automatically added to the default PAM Clients group (only) in the Management Tool.
NOTE: The PAM Clients group is a special Clients group used only for the "Launch locally" option in the Web Connection Manager, and allows user activity to be recorded (if the "Record user activity while the secret is in use" option is enabled in the secret), unlike when using the "Launch in browser" option.
NOTE: Clients in the PAM Clients group (i.e. those downloaded using the Download Syteca Client button, and installed) cannot be added to any other Client groups, and can only be removed from this group by uninstalling and then deleting them on the Clients page, and the PAM Clients group cannot be deleted.
3. Using Secrets in Syteca Web Connection Manager
3.1. Launching Secrets
To use Syteca Web Connection Manager to launch secrets in the browser or locally, do the following:
1. Log in to the Management Tool as a user with a PAM seat license (and any administrative permission) assigned to them.
2. On the Password Management page (on the Secrets tab) that opens, hover over the required secret displayed in the grid (that the user has been granted Role Type and Advanced permissions to use), and click the Launch button (that is then displayed in the floating bar).
3. In the drop-down list that is displayed, connect to the required account by selecting either of the following (if available):
- Launch locally: To connect the account in the required application that opens locally.
NOTE: The "Launch locally" option allows user activity to be monitored and recorded (if the "Record user activity while the secret is in use" option is enabled in the secret).
- Launch in browser: To connect to the account in a new browser tab that opens.
NOTE: The "Launch in browser" option is not available if the "Record user activity while the secret is in use" option is enabled in the secret, since user activity cannot be monitored and recorded.
3.2. Other Functionality Available (for Using Secrets)
Other options available for using secrets on the Password Management page (on the Secrets tab) in similar way as in the Desktop Connection Manager (if the user has the required Role-Type and Advanced permissions to use them in the corresponding secrets), include the following:
• Password (column): The View Password (
NOTE: After logging in to the Management Tool, the secret's password can be viewed and copied for the first 5 minutes without the user needing to re-enter their password, and for 5 minutes each time after re-entering their password.
• Details (column): Additional information is displayed if various features are enabled to indicate their status.
• File Transfer: Can be selected by clicking the 
NOTE: For more information about using (and managing) secrets in the Web Connection Manager on Password Management page (on the Secrets tab), please also refer to the Managing Secrets section, particularly the Viewing and Managing Secrets and Folders page.