Delinea - Third Party Vendor Access

Getting Started with Delinea Privileged Access Management (PAM) - Third Party Vendors

The Delinea PIM/PAM solution can be used by external users -- outside vendors or consultants.  Users will need three things:

  1. A UWIn Account (with MFA)
  2. Membership in the Delinea access group (Entra ID)
  3. Permission to access secrets or folders within Delinea.

Delinea users are not provisioned in advance. A new Delinea user will need to log in for the first time, and that will create the Deline account. After that, secrets or folders can be created for the new user.

Request Access

  • If the external user does not have a UWin Account, a UWindsor staff member can create one with an onboarding ticket request
    Service Offering - Account Creation / Onboarding
    This procedure will be done through the Service Desk and will require the external user to choose a username, setup a password and define MFA methods. Communication will be through email.
    The account type for external consultants without University-issued devices, and who do not need a UWIndsor Microsoft 365 account is TYPE L - Non-Student Affiliation

  • UWindsor staff members can request Delinea account access by completing the form available at the following link:
    Service Offering - Delinea Account Creation / Onboarding

Log In

  • https://uwindsor.delinea.app/
    Format: Use your full UWinID@uwindsor.ca as the username

    Uploaded Image (Thumbnail)

  • After initial login permissions will be updated and subsequent secrets created. Please note this requires the user account to conform with University of Windsor Conditional Access policies.

  • External vendors and third parties may be granted temporary access on a case-by-case basis.

  • External vendors and third parties do not require their devices to be enrolled in Intune. If you are a vendor or consultant, and choose to use SSO and add your UWin Account to your computer, make sure that you uncheck the box "Allow organization to manage this device".

How to access secrets

  • After initial login, permissions will be updated by a Delinea administrator, and the administrator will create the secrets. Please wait approx. 24 hours for this to complete.

  • After permissions and secrets have been configured, and a valid password saved in it, you can now access your secret.

    Uploaded Image (Thumbnail)

How to use secrets

  • Select the appropriate secret from the Secret Server app (left menu) and folder.

  • Update your password if needed

  • Launch the secret (note there are two methods)RDP launcher & Open with Remote Access
    RDP launcher requires you have a VPN connection whereas Open with Remote Access does not require VPN. External users should use the Open with Remote Access method in must cases.

    Uploaded Image (Thumbnail)
  • If you are accessing a Windows Server via the remote access, the format of the username should be userid@uwinad.uwindsor.ca
     

 

 

Print Article

Related Articles (1)

Known Issue: MacOS Keychain - wants to sign using key "Microsoft Workplace Join Key" from your keychain
Users accessing Microsoft SSO applications on a registered macOS device may encounter a Microsoft Workplace Join Key error due to misconfigured keychain access settings. This issue can be resolved by ensuring the key is trusted and adjusting the ACL to permit Google Chrome.

Related Services / Offerings (1)

Delinea Privileged Access Management (PAM)
Delinea Platform is a set of cloud-based services that deliver PAM (Privileged Access Management) solutions including storage and rotation of passwords, and remote access management to servers and Web portals.