Getting Started with Delinea Privileged Access Management (PAM) - Third Party Vendors
The Delinea PIM/PAM solution can be used by external users -- outside vendors or consultants. Users will need three things:
- A UWIn Account (with MFA)
- Membership in the Delinea access group (Entra ID)
- Permission to access secrets or folders within Delinea.
Delinea users are not provisioned in advance. A new Delinea user will need to log in for the first time, and that will create the Deline account. After that, secrets or folders can be created for the new user.
Request Access
-
If the external user does not have a UWin Account, a UWindsor staff member can create one with an onboarding ticket request
Service Offering - Account Creation / Onboarding
This procedure will be done through the Service Desk and will require the external user to choose a username, setup a password and define MFA methods. Communication will be through email.
The account type for external consultants without University-issued devices, and who do not need a UWIndsor Microsoft 365 account is TYPE L - Non-Student Affiliation
-
UWindsor staff members can request Delinea account access by completing the form available at the following link:
Service Offering - Delinea Account Creation / Onboarding
Log In
-
https://uwindsor.delinea.app/
Format: Use your full UWinID@uwindsor.ca as the username

-
After initial login permissions will be updated and subsequent secrets created. Please note this requires the user account to conform with University of Windsor Conditional Access policies.
-
External vendors and third parties may be granted temporary access on a case-by-case basis.
-
External vendors and third parties do not require their devices to be enrolled in Intune. If you are a vendor or consultant, and choose to use SSO and add your UWin Account to your computer, make sure that you uncheck the box "Allow organization to manage this device".
How to access secrets
-
After initial login, permissions will be updated by a Delinea administrator, and the administrator will create the secrets. Please wait approx. 24 hours for this to complete.
-
After permissions and secrets have been configured, and a valid password saved in it, you can now access your secret.

How to use secrets
-
Select the appropriate secret from the Secret Server app (left menu) and folder.
-
Update your password if needed
-
Launch the secret (note there are two methods) - RDP launcher & Open with Remote Access
RDP launcher requires you have a VPN connection whereas Open with Remote Access does not require VPN. External users should use the Open with Remote Access method in must cases.

- If you are accessing a Windows Server via the remote access, the format of the username should be userid@uwinad.uwindsor.ca