18.4. Using credential stores for server-side authentication

Credential Stores offer a way to store user credentials (for example, passwords, private keys, certificates) and use them to log in to the target server, without the user having access to the credentials. That way, the users only have to perform gateway authentication on PSM with their usual password (or to an LDAP database), and if the user is allowed to access the target server, PSM automatically logs in using the Credential Store. For details on gateway authentication, see Section 18.2, Configuring gateway authentication.


Keyboard-interactive authentication is not supported when using credential stores.

Figure 18.11. Authenticating using Credential Stores

Authenticating using Credential Stores

Credential Stores can be stored locally on PSM, or on a remote device. For remote Credential Stores, PSM currently supports the Lieberman Enterprise Random Password Manager (ERPM).


After performing a successful gateway authentication, if the credential store does not contain a password for the user, the user is prompted for the server-side password as a fallback.

In case of authenticating to RDP servers using Network Level Authentication (NLA), the server-side password is prompted at the start of the connection. If there is no password in the credential store for the user and the server-side password is incorrect, the connection is terminated.