Secret launchers
Secret launchers allow users to remotely gain access to a target without the need to know, view, or copy the passwords stored in FortiPAM.
A secret launcher stores an executable and the parameters needed to start a connection to a target. |
In proxy mode, browsing triggers ZTNA tunnel between the FortiClient and FortiPAM server. The FortiPAM chrome extension may have compatibility issues for some specific login pages and cannot fill in the user name and password. |
For each secret launcher; name, type, executable, parameter, and references are displayed.
The following default launchers are available in FortiPAM:
-
PuTTY: A basic SSH client using PuTTY.
-
Remote Desktop- Windows: A basic RDP client using remote desktop.
-
TightVNC: A basic VNC client using TightVNC.
The TightVNC client does not support connecting to a macOS server in non-proxy mode.
-
VNC Viewer: A basic VNC client using VNC Viewer.
-
Web Launcher: A basic web launcher using Fortinet’s FortiClient web extension.
-
Web RDP: A basic browser based RDP launcher.
-
Web SFTP: A basic browser based SFTP web launcher.
-
Web SMB: A basic browser based SMB web launcher.
-
Web SSH: A basic browser based SSH web launcher.
-
Web VNC: A basic browser based VNC web launcher.
-
WinSCP: A basic WinSCP client using SSH.
-
FortiClient Web extension FortiClient Web Launcher
-
RDP over Web RDP over Web Launcher
-
SSH over Web SSH over Web Launcher
-
VNC over Web VNC over Web Launcher
-
SMB over Web SMB over Web Launcher
-
SFTP over Web SFTP over Web Launcher
The following launchers should not be used for customized launcher:
These launchers will be removed in a future FortiPAM version. |
Chrome, Edge, and Firefox are the supported browsers. |
The default launchers cannot be edited. |
Web SSH, Web RDP, Web VNC, Web SFTP, and Web SMB default launchers always work in proxy mode irrespective of the Proxy Mode setting. |
PuTTY and WinSCP launchers are not supported when the secret is in non-proxy mode, and the secret uses an SSH key for authentication. TightVNC launcher is not supported when the secret is in non-proxy mode and requires a username for authentication. |
In proxy mode, the following launchers are available to all users:
-
Web SSH
-
Web RDP
-
Web VNC
-
Web SFTP
-
Web SMB
-
Web Launcher
-
PuTTY
-
WinSCP
-
RDP
-
VNC Viewer
-
TightVNC
In non-proxy mode, the following launchers are available to all users:
-
Web SSH (always in proxy mode)
-
Web RDP (always in proxy mode)
-
Web VNC (always in proxy mode)
-
Web SFTP (always in proxy mode)
-
Web SMB (always in proxy mode)
In non-proxy mode, the following launchers are only available to users with the permission to view secret password:
-
PuTTY
-
WinSCP
-
RDP
-
VNC Viewer
-
TightVNC
In proxy and non-proxy mode:
|
The Secret Launchers tab contains the following options:
Create |
Select to create a new launcher.Creating a launcher. |
Edit |
Select to edit the selected launcher. |
Delete |
Select to delete the selected launchers. |
Clone |
Select to clone the selected launcher. |
Search |
Enter a search term in the search field, then hit |