Skip to main content

Managing stored credentials

Stored credentials are used to manage authorization and access to chassis and servers that are managed by Lenovo XClarity Administrator using local authentication.

Before you begin

You must have lxc-supervisor or lxc-security-admin authority to create, modify, or delete stored credentials.

About this task

A stored credential must be a local user account on a device or a user account in an Active Directory server.

If you choose to manage devices using local authentication instead of XClarity Administrator managed authentication, you must select a stored-credentials account during the management process. When managed authentication is enabled for a device, you cannot edit stored for that device using XClarity Administrator.

Important
XClarity Administrator does not validate the user name and password that you specify for the stored credential. It is your responsibility to ensure that specified information corresponds to an active user account on the local device or Active Directory (if the managed device is configured to use Active Directory for authentication).
Attention
The stored credentials must have supervisor access or sufficient authority to make configuration changes on the device. If you attempt to manage a server with stored credentials that do not have sufficient authority on the device, the manage process might succeed but additional administrative inventory actions on the device might fail due to access-denied errors, which could lead to perceived connectivity problems with the device.

Procedure

To add a stored credential to XClarity Administrator, complete the following steps.

  1. From the XClarity Administrator menu bar, click Administration > Security. The Security page is displayed.
  2. Click Stored Credentials under the Managed Authentication section to display the Stored Credential page.
  3. Click the Create icon (Create icon) to create a stored credential. The Create New Stored Credentials dialog is displayed
  4. Fill in the following information in the dialog.
    • Enter a user name and optional description for the stored credential.

      Note
      For the user name, use the format USER@DOMAIN. The format DOMAIN/USER is not supported.
    • Enter and then confirm the password for the stored credential.

    • Optionally enter and then confirm the password for the RECOVERY_ID stored recovery credentials.

  5. Click Create Stored Credential.

After you finish

The stored-credential account is displayed in the Stored Credential table. The table shows the associated ID and description for each stored-credential account.


Illustrates the SAML Settings page.

From the Stored Credentials page, you can perform the following actions on a selected stored-credential account:

  • Modify the user name, password, and description for a stored-credential account by clicking the Edit icon (Edit icon).

    Note
    If you manage a device using a stored credential and enable managed authentication, you cannot edit the stored credential.
  • Delete the stored-credential account by clicking the Delete icon (Delete icon).

To resolve stored credentials that have become expired or invalid, see Resolving expired or invalid stored credentials for a server.