Fortinet black logo

Administration Guide

Home FortiPAM 1.0.0 Administration Guide
1.0.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Secret launchers

Secret launchers

Secret launchers allow users to remotely gain access to a target without the need to know, view, or copy the passwords stored in FortiPAM.

A secret launcher stores an executable and the parameters needed to start a connection to a target.

In proxy mode, browsing triggers ZTNA tunnel between the FortiClient and FortiPAM server.

The FortiPAM chrome extension may have compatibility issues for some specific login pages and cannot fill in the user name and password.

For each secret launcher; name, type, executable, parameter, and references are displayed.

The following default launchers are available in FortiPAM:

  • PuTTY: A basic SSH client using PuTTY.

  • Remote Desktop- Windows: A basic RDP client using remote desktop.

  • TightVNC: A basic VNC client using TightVNC.

    The TightVNC client does not support connecting to a macOS server in non-proxy mode.

  • VNC Viewer: A basic VNC client using VNC Viewer.

  • Web Launcher: A basic web launcher using Fortinet’s FortiClient web extension.

  • Web RDP: A basic browser based RDP launcher.

  • Web SFTP: A basic browser based SFTP web launcher.

  • Web SMB: A basic browser based SMB web launcher.

  • Web SSH: A basic browser based SSH web launcher.

  • Web VNC: A basic browser based VNC web launcher.

  • WinSCP: A basic WinSCP client using SSH.

  • FortiClient Web extension FortiClient Web Launcher

  • RDP over Web RDP over Web Launcher

  • SSH over Web SSH over Web Launcher

  • VNC over Web VNC over Web Launcher

  • SMB over Web SMB over Web Launcher

  • SFTP over Web SFTP over Web Launcher

The following launchers should not be used for customized launcher:

  • FortiClient Web extension FortiClient Web Launcher

  • RDP over Web RDP over Web Launcher

  • SSH over Web SSH over Web Launcher

  • VNC over Web VNC over Web Launcher

  • SMB over Web SMB over Web Launcher

  • SFTP over Web SFTP over Web Launcher

These launchers will be removed in a future FortiPAM version.

Chrome, Edge, and Firefox are the supported browsers.

The default launchers cannot be edited.

Web SSH, Web RDP, Web VNC, Web SFTP, and Web SMB default launchers always work in proxy mode irrespective of the Proxy Mode setting.

PuTTY and WinSCP launchers are not supported when the secret is in non-proxy mode, and the secret uses an SSH key for authentication.

TightVNC launcher is not supported when the secret is in non-proxy mode and requires a username for authentication.

In proxy mode, the following launchers are available to all users:

  • Web SSH

  • Web RDP

  • Web VNC

  • Web SFTP

  • Web SMB

  • Web Launcher

  • PuTTY

  • WinSCP

  • RDP

  • VNC Viewer

  • TightVNC

In non-proxy mode, the following launchers are available to all users:

  • Web SSH (always in proxy mode)

  • Web RDP (always in proxy mode)

  • Web VNC (always in proxy mode)

  • Web SFTP (always in proxy mode)

  • Web SMB (always in proxy mode)

In non-proxy mode, the following launchers are only available to users with the permission to view secret password:

  • PuTTY

  • WinSCP

  • RDP

  • VNC Viewer

  • TightVNC

In proxy and non-proxy mode:

  • Web launcher is available to users who have the permission to view the secret.

  • Web launcher is disabled for users who do not have the permission to view the secret.

The Secret Launchers tab contains the following options:

Create

Select to create a new launcher.Creating a launcher.

Edit

Select to edit the selected launcher.

Delete

Select to delete the selected launchers.

Clone

Select to clone the selected launcher.

Search

Enter a search term in the search field, then hit Enter to search the launchers list. To narrow down your search, see Column filter.
Previous
Next

Secret launchers

Secret launchers allow users to remotely gain access to a target without the need to know, view, or copy the passwords stored in FortiPAM.

A secret launcher stores an executable and the parameters needed to start a connection to a target.

In proxy mode, browsing triggers ZTNA tunnel between the FortiClient and FortiPAM server.

The FortiPAM chrome extension may have compatibility issues for some specific login pages and cannot fill in the user name and password.

For each secret launcher; name, type, executable, parameter, and references are displayed.

The following default launchers are available in FortiPAM:

  • PuTTY: A basic SSH client using PuTTY.

  • Remote Desktop- Windows: A basic RDP client using remote desktop.

  • TightVNC: A basic VNC client using TightVNC.

    The TightVNC client does not support connecting to a macOS server in non-proxy mode.

  • VNC Viewer: A basic VNC client using VNC Viewer.

  • Web Launcher: A basic web launcher using Fortinet’s FortiClient web extension.

  • Web RDP: A basic browser based RDP launcher.

  • Web SFTP: A basic browser based SFTP web launcher.

  • Web SMB: A basic browser based SMB web launcher.

  • Web SSH: A basic browser based SSH web launcher.

  • Web VNC: A basic browser based VNC web launcher.

  • WinSCP: A basic WinSCP client using SSH.

  • FortiClient Web extension FortiClient Web Launcher

  • RDP over Web RDP over Web Launcher

  • SSH over Web SSH over Web Launcher

  • VNC over Web VNC over Web Launcher

  • SMB over Web SMB over Web Launcher

  • SFTP over Web SFTP over Web Launcher

The following launchers should not be used for customized launcher:

  • FortiClient Web extension FortiClient Web Launcher

  • RDP over Web RDP over Web Launcher

  • SSH over Web SSH over Web Launcher

  • VNC over Web VNC over Web Launcher

  • SMB over Web SMB over Web Launcher

  • SFTP over Web SFTP over Web Launcher

These launchers will be removed in a future FortiPAM version.

Chrome, Edge, and Firefox are the supported browsers.

The default launchers cannot be edited.

Web SSH, Web RDP, Web VNC, Web SFTP, and Web SMB default launchers always work in proxy mode irrespective of the Proxy Mode setting.

PuTTY and WinSCP launchers are not supported when the secret is in non-proxy mode, and the secret uses an SSH key for authentication.

TightVNC launcher is not supported when the secret is in non-proxy mode and requires a username for authentication.

In proxy mode, the following launchers are available to all users:

  • Web SSH

  • Web RDP

  • Web VNC

  • Web SFTP

  • Web SMB

  • Web Launcher

  • PuTTY

  • WinSCP

  • RDP

  • VNC Viewer

  • TightVNC

In non-proxy mode, the following launchers are available to all users:

  • Web SSH (always in proxy mode)

  • Web RDP (always in proxy mode)

  • Web VNC (always in proxy mode)

  • Web SFTP (always in proxy mode)

  • Web SMB (always in proxy mode)

In non-proxy mode, the following launchers are only available to users with the permission to view secret password:

  • PuTTY

  • WinSCP

  • RDP

  • VNC Viewer

  • TightVNC

In proxy and non-proxy mode:

  • Web launcher is available to users who have the permission to view the secret.

  • Web launcher is disabled for users who do not have the permission to view the secret.

The Secret Launchers tab contains the following options:

Create

Select to create a new launcher.Creating a launcher.

Edit

Select to edit the selected launcher.

Delete

Select to delete the selected launchers.

Clone

Select to clone the selected launcher.

Search

Enter a search term in the search field, then hit Enter to search the launchers list. To narrow down your search, see Column filter.
Previous
Next