Install and Configure the Endpoint Credential Manager

The Bomgar Endpoint Credential Manager (ECM) allows you to quickly configure your connection. The Endpoint Credential Manager must be installed on your computer to enable the Bomgar ECM service.

  1. To begin, download the Bomgar Endpoint Credential Manager (ECM) from Bomgar Support.
  2. Start the Bomgar Endpoint Credential Manager setup wizard.

Note: When multiple ECMs are connected to a Bomgar site, the Bomgar Appliance routes requests to the ECM that has been connected to the appliance the longest.

    ECM EULA

  1. Review the EULA terms and conditions. Mark the checkbox if you agree, and click Install.

Note: You are not allowed to proceed with the installation unless you agree to the EULA.

  1. If you need to modify the ECM installation path, click the Options button to customize the installation location.
  2. Click Install. Then click Next.
  3.  

    ECM Install Destination

  4. Choose a location for the ECM and click Next.
  5. On the next screen, you can begin the installation or review any previous step.
  6.  

    ECM Installer

  7. Click Install when you are ready to begin.
  8.  

    ECM Installation Finished

  9. The installation takes a few moments. Once complete, click Finish.

 

Note: To ensure optimal uptime, administrators can install up to five ECMs on different Windows machines to communicate with the same site on the Bomgar Appliance. A list of the ECMs connected to the appliance site can be found at /login > Status > Information > ECM Clients.

Configure the ECM

ECM Configurator exe File

  1. Locate the Bomgar ECM Configurator you just installed using Windows Search or by viewing your Start menu programs list.
  2. Run the program to establish a connection.
  3.  

    ECM Configurator Interface

  4. When the ECM Configurator opens, complete the fields. All fields are required.
  5.  

    Enter the following values:
    Field Label Value
    Client ID The Admin ID for your credential store.
    Client Secret The Admin secret key for your credential store.
    Site The URL for your credential store instance.
    Port The server port through which the ECM connects to your site.
    Plugin Click the Choose Plugin... button to locate the plugin.

    Endpoint Validation Vault Plugin

  6. When you click the Choose Plugin... button, the ECM location folder opens.
  7. Paste your plugin files into the folder.
  8. Open the plugin file to begin loading.

 

Configure the Vault Plugin

Now, you must configure the Vault plugin to connect to your Vault instance.

ECM Vault Plugin: Include Unavailable Credentials

  1. The Vault Hostname should be the URL for your Vault instance.

Note: Make sure you have an SSL certificate for your Vault server that has been signed by a certificate authority. The ECM does not accept self-signed certificates.

  1. Enter the Shared Key that you created in the Administration > Settings > Integrations section of Vault.
  2. Below the Shared Key field are two options. Check the box for the option that best fits your use case.
    • Include Unavailable Credentials: If checked, the ECM passes and returns both credentials that are available for use (i.e., meaning not checked out by another user) as well as credentials presently checked out by another user.
    •  

    • Enable Domain Matching Behavior: If checked, credentials configured as restricted in Bomgar Vault are not passed or returned via the ECM unless the credential comes from the Vault host domain.
  3.  

    ECM Vault Plugin: Default Security Provider for Local/Radius users

  4. Enter the name for your default security provider. This must match the security provider for your PA and Vault installations. The default security provider is used if you log into PA with a local account, ensuring that there is always a domain used with the integration when retrieving credentials from Vault.
  5. Next, map the security providers, translating the fully qualified domain name (FQDN) to the NetBIOS name expected in Vault. Enter one provider per line.
  6. Click OK.
  7. To apply the new settings, select to restart the ECM service.

Note: It is possible that you may see a certificate entry form or credential prompt when you open the plugin, depending on the system to which you are connecting.