Set User Permissions to Launch Applications and Use the Application Launcher
To launch an application a user must have one of the following sets of permissions:
- All Access
- Or View Accounts, Allow Remote Sessions, and permissions for the specific application being launched
Set Permission to Launch Applications
To define the additional permissions required to launch a specific application, follow the steps below.
- Open the management console.
- Choose Delegation > Web application remote application permissions.
- Click Add.
- Click OK.
- Select one or more applications the user can launch.
Use the Application Launcher
There are two types of application launching in Privileged Identity:
- Launching with a variable account and system information
- Launching with a predefined account and system information
If the Always use the specified account option is selected, the application appears in the Applications section of the website. If the option is not selected, the user must go to the Launch App section to connect.
Launch an App as a Pre-Configured Application
To launch an application pre-configured for a specific account and target, click Operations > Applications and select the application to launch. Only applications that are pre-configured to always launch as a specific user are displayed. If an application is not shown, it is a sign of at least one of two possible causes:
- The user does not have permission to launch an application.
- There are no apps configured to always run as a specific user.
Launch an App Using Variable Target and Account Information
Once the the target system and account are located in the Passwords > Managed Password section of the website, click the Play button.
All applications available to the user for the specific account type are shown. Use the filter options at the top of the page to search for applications, show only a set of applications, or change the layout of application launcher page. If the RDP icon appears, the application is configured to launch via the jump server. If the camera icon appears, the session will be recorded.
To launch the application, click Launch. The order of events will vary depending on whether the application is configured to launch locally or from a jump server and whether the user has previously performed this process or not. If connecting via a jump server, the system initiates a series of calls to the jump server and the LiebsoftLauncher on that host. This will be visible to the user. If the user has not previously launched an app from the machine/profile that they are currently logged into, they receive a couple of security prompts
Each application also has an Advanced launch configuration. Click the ear icon to allow the user to specify alternate credentials to connect to the target system. These could be static credentials or other stored credentials in Privileged Identity.