Merge pull request #352 from netwrix/npws/release_9_3_0

Npws/release 9 3 0

Author: PSR-SMM

docs/passwordsecure/9.3/configuration/_category_.json

@@ -0,0 +1,10 @@
+{
+  "label": "Configuration",
+  "position": 40,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "configuration"
+  }
+}

docs/passwordsecure/9.3/configuration/advancedview/_category_.json

@@ -0,0 +1,6 @@
+{
+  "label": "Advanced View",
+  "position": 20,
+  "collapsed": true,
+  "collapsible": true
+}

docs/passwordsecure/9.3/configuration/advancedview/clientmodule/_category_.json

@@ -0,0 +1,10 @@
+{
+  "label": "Client Module",
+  "position": 20,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "client_module"
+  }
+}

docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/_category_.json

@@ -0,0 +1,10 @@
+{
+  "label": "Applications",
+  "position": 80,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "applications"
+  }
+}

docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md

@@ -0,0 +1,110 @@
+---
+title: "Applications"
+description: "Applications"
+sidebar_position: 80
+---
+
+# Applications
+
+## What are applications?
+
+Applications can be used to configure automated logins to various systems. Especially when combined
+with various protective mechanisms, the company benefits in terms of security because complex
+passwords are automated and entered in the login masks in concealed form. Various types are
+available, such as Remote Desktop (**RDP**), Secure Shell (**SSH**), general applications (**SSO**)
+and web applications. The Single Sign On Engine offers countless configuration options to enable
+automatic logon to almost any kind of software.
+
+![applications module](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_1-en.webp)
+
+- Automatic logins to websites are covered by the
+  [Autofill Add-on](/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md).
+
+## The four types of applications
+
+Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO and web
+applications.
+
+![new application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_2-en.webp)
+
+In terms of how they are handled, **RDP and SSH** applications can be covered together. Both types
+of application can be (optionally) "embedded" in Netwrix Password Secure. The relevant session then
+opens in its own tab in the [Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md).
+All other forms of automatic logins are summarized in the **SSO applications** and **web
+applications** categories. How exactly these logins are created and used is covered in the next
+section and in the web applications chapter. They include all forms of Windows login masks and also
+applications for websites. In contrast to RDP and SSH applications, they cannot be started embedded
+in Netwrix Password Secure but are instead opened as usual in their own window. These SSO
+applications need to be defined in advance. In Netwrix Password Secure, this is also described as
+[Learning the applications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). In contrast,
+RDP and SSH can be both completely defined and also started within Netwrix Password Secure.
+
+## RDP and SSH
+
+A new RDP/SSH application can be created via the ribbon or also the context menu that is accessed
+using the right mouse button. A corresponding form opens in each case where the variables for a
+connection can be defined.
+
+![new application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_3-en.webp)
+
+These variables also correspond precisely to those (using the example of RDP here) that can be
+configured when creating an RDP connection via “mstsc”. Whether the connections should be started in
+a tab, full screen mode or in a window can be defined in the field **"window mode"**.
+
+## Working with RDP and SSH applications
+
+If you have created e.g. an RDP connection, this can now also be directly started via the ribbon.
+The connection to the desired session can be established via the icon **Establish RDP connection**.
+
+![estabish RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_4-en.webp)
+
+Netwrix Password Secure now attempts to log in to the target system with the information available.
+Data that are not saved in the form will be directly requested when opening the session. It is thus
+also possible to only enter the IP address and/or the password after starting the Netwrix Password
+Secure application. If all data has been retrieved, the RDP session will open in a tab – if so
+defined (Window mode field in the application):
+
+![RDP session](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_5-en.webp)
+
+## Logging in via SSH certificates
+
+It is also possible to complete the authentication process using SSH certificates. For this purpose,
+the certificate is saved as a document in .ppk format. (It may be necessary to firstly approve this
+file ending in the settings). The document is then linked to the record via the footer. The record
+does not need to have a password. However, it is necessary for the record to be linked to a SSH
+application.
+
+## Linking records and applications
+
+The application defines the requirements for the desired connection and also optionally for the
+target system. By linking records with applications, the complete login process can be automated. If
+the record now also supplies the user name and password, all of the information required for the
+login is available. Applications and records are linked via the "Start" tab in the ribbon. If this
+link to a record is established, a 1-click login to the target system is possible.
+
+![linking RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_6-en.webp)
+
+The following example illustrates this process using an RDP connection:
+
+![RDP Connection](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_7-en.webp)
+
+A record can also be linked to multiple target systems in this manner. The user name and record are
+supplied by the record, while all other information necessary for the login is supplied by the
+different applications. In the following example, a record (user name and password) is linked to
+multiple access points.
+
+![multiple access points](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_8-en.webp)
+
+This is generally a very common scenario. Nevertheless, it should be noted that accessing multiple
+servers with one single password is questionable from a security standpoint. It is generally
+recommended that a unique password is issued for every server/access point.
+
+NOTE: It is possible to leave the **IP address** field empty in the application. If an **IP
+address** field exists in the linked record then this address will be used. If there is also no IP
+address in the record, a popup window will appear in which the desired IP address can be entered
+manually.
+
+Alternatively, it is possible to connect several records with one RDP connection. In this way, you
+can combine different users with an RDP connection and register them straightforward.
+
+![connect RDP sessions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_9-en.webp)

docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/_category_.json

@@ -0,0 +1,10 @@
+{
+  "label": "Example Applications",
+  "position": 40,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "example_applications"
+  }
+}

docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md

@@ -0,0 +1,11 @@
+---
+title: "Example Applications"
+description: "Example Applications"
+sidebar_position: 40
+---
+
+# Example Applications
+
+In this section you'll find examples for applications.
+
+- [SAP GUI logon - SSO Application](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md)

docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md

@@ -0,0 +1,42 @@
+---
+title: "SAP GUI logon - SSO Application"
+description: "SAP GUI logon - SSO Application"
+sidebar_position: 10
+---
+
+# SAP GUI logon - SSO Application
+
+## Fundamental information
+
+Logging into SAP can be achieved via the usage of
+[Start Parameter](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). The
+prerequisite here is for the login process to be carried out via the "SAPshortcut". All available
+parameters are listed in the [SAP-Wiki](https://wiki.scn.sap.com/wiki/display/NWTech/SAPshortcut).
+
+Form Firstly, a [Forms](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md) should be created with the required fields. This
+could look like this:
+
+![SAP form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_1-en.webp)
+
+## Record
+
+A corresponding record is then created via the form:
+
+![SAP record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_2-en.webp)
+
+## Application
+
+A corresponding SSO application now needs to be created.
+
+![SAP Application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_3-en.webp)
+
+## Link
+
+The record now needs to be linked with the application. To do this, open the context menu by right
+clicking on the record. The previously created application can then be selected here via
+**Applications** and **Connect application**.
+
+![link record/application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_4-en.webp)
+
+The link is then displayed in the ribbon. Clicking on the link will now open SAP, whereby the
+parameters for logging in to the application are directly transferred.

docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/_category_.json

@@ -0,0 +1,10 @@
+{
+  "label": "Learning the applications",
+  "position": 10,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "learning_the_applications"
+  }
+}

docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md

@@ -0,0 +1,89 @@
+---
+title: "Learning the applications"
+description: "Learning the applications"
+sidebar_position: 10
+---
+
+# Learning the applications
+
+## Which applications need to be learned?
+
+As already indicated in the previous section, RDP and SSH applications are completely embedded in
+Netwrix Password Secure. These applications thus do not need to be specially learned. All other
+applications in Windows need to be learned once.
+
+## What does learning mean?
+
+The record contains the user name and password. Learning involves defining the steps required. The
+result is equivalent to a script that defines where precisely the login data should be entered. In
+Netwrix Password Secure, the completed instructions themselves are also known as an "application".
+
+## Relevant rights
+
+The following options are required.
+
+### User right
+
+- Can add new RDP applications
+- Can add new SSH applications
+- Can add new SSO applications
+- Can add new web applications
+
+## Configuration
+
+First, a new SSO application is created via the ribbon.
+
+![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_1-en.webp)
+
+Various properties for the application can now be defined in the tab that opens. The fields **Window
+title**, **Application** and **Application path** are not manually filled. This is done via the
+**Create application** button in the ribbon:
+
+![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_2-en.webp)
+
+A crosshair cursor now appears. It enables the actual "mapping" or assignment of the target fields.
+You can see the field assignment for the user name below using a login to an SQL server as an
+example. All of the other fields that should be automatically entered are assigned in the same way.
+The process is always the same. You select the field that needs to be automatically filled and then
+decide which information should be used to fill it.
+
+![mapping fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_3-en.webp)
+
+In parallel to the previous step, all of the already assigned fields will be displayed on the right
+edge of the screen. In this example, the VMware vSphere Client has a total of 4 assigned fields: IP,
+user name, password and clicking the button to subsequently confirm the login.
+
+![connected fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_4-en.webp)
+
+NOTE: "Graphical recognition:" The graphical recognition function provides additional protection. It
+can be used to define other factors for the SSO. An area is defined that then serves as the output
+for the comparison (e.g. for login masks with an image). In order to activate the graphical
+recognition function, click on the eye at the top right after assigning the fields! The area that
+will serve as the output point is then marked.
+
+Once you have assigned all of the fields, you can exit the application process using the enter
+button. The fields "Window title", "Application" and "Application path" mentioned at the beginning
+are now automatically filled.
+
+![filled fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_5-en.webp)
+
+As you can see, the .exe file is directly referenced. If the application is saved to the same
+storage location for all users, it can then also be accessed by all other users.
+
+## Linking records with applications
+
+In the [Passwords](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md), the newly created application can now be directly
+linked. To do this, mark the record to be linked and open the "Connect application" menu in the
+"Start" tab via the ribbon. This will open a list of all the available applications. It is now
+possible here to link to the previously created application "VMware".
+
+![connect application with record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_6-en.webp)
+
+When the link has been established, this application can then be directly started via the ribbon in
+future. Pressing the button directly opens the linked application.
+
+![start application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_7-en.webp)
+
+**CAUTION:** With respect to permissions, applications are subject to the same rules as for
+passwords, roles or documents. It is possible to separately define which group of users is permitted
+to use each application.