PAM › User Guide

Overview

Overview of how to securely connect to servers and applications through the GAccess Platform

Connecting to Remote Targets

GAccess provides access to remote servers and applications without requiring you to know or store credentials. All authentication is handled transparently by the gateway, using credentials managed in the vault.

How to Connect

Using the web interface, you can navigate through the left-side menu depending on the type of target you want to access:

  • Infrastructure: Select this option to access infrastructure devices such as servers, routers, firewalls, and databases.
  • Applications: Select this option to access web applications.

After navigating to the desired page, you will see a list of all assets you have been granted access to. If you have the appropriate permissions, a Connect button will be displayed.

When clicking this button, you can select the connection method and the credential you want to use, based on your permissions.

When you initiate a connection, GAccess retrieves the stored credentials for the target, establishes the session on your behalf, and streams it to you. You interact with the remote system normally — typing, clicking, and transferring files — while GAccess handles the security layer in the background.

Warning: The available options depend on how your administrator has configured targets and granted permissions to your user or groups. Options may vary accordingly.

Connection Methods

There are three ways to connect to a target, depending on how your administrator has configured access and which tools you prefer.

Web Connection

Connect directly from your browser — no software installation or configuration required. GAccess renders the remote session inside the browser using a secure, real-time protocol.

Supported session types:

Session type Description
RDP Full Windows desktop session rendered in the browser
SSH Linux/Unix terminal session rendered in the browser

Native SSH Client

Connect to Linux targets using any standard SSH client (Terminal, PuTTY, etc.) pointed at the GAccess Gateway. Your credentials are injected automatically — you never need to know the target password or key.

How to connect:

Use the following username format when your SSH client prompts for a username:

your_gaccess_username@your_domain@target_username@target_hostname

Example:

ssh john@acme.com@root@10.0.1.50 -p 2222 -h gateway.yourcompany.com

When prompted for a password, enter your GAccess account password (not the target's). GAccess authenticates you, retrieves the target credential from the vault, and connects you transparently.

The gateway SSH proxy listens on port 2222 by default. Check with your administrator if you are unsure of the address or port.

Native RDP Client

Connect to Windows targets using any standard RDP client (Remote Desktop Connection, Microsoft Remote Desktop, etc.) pointed at the GAccess Gateway. As with SSH, credentials are injected automatically.

How to connect:

Point your RDP client to the gateway address on port 3389. When prompted for credentials, enter your GAccess account details. GAccess handles authenticating to the Windows target on your behalf.

Reach out to your administrator for the exact gateway address and any VPN or network requirements.

MFA and Federated Authentication with Native Clients

When using native SSH or RDP clients, the way you authenticate depends on your account type and whether MFA is enabled.

Local Users with MFA

If your account has MFA enabled, append a pipe character (|) followed by your one-time password (OTP) to your GAccess password when prompted:

password|OTP

Example: if your password is MyPassword and your authenticator app shows 482931, enter:

MyPassword|482931

Entra ID Federated Users

Federated users authenticate through Entra ID and cannot provide their credentials directly to the native client. Instead, GAccess generates a short-lived temporary credential token that you can use in place of your password.

To obtain your token:

  1. Open the GAccess web interface and navigate to the target you want to connect to.
  2. Click Connect and select your native client connection method.
  3. The connection dialog will display a temporary credential token.
  4. Use that token as your password when your SSH or RDP client prompts for one.
Note: Temporary tokens will expire shortly after being generated (Depending on the organization settings). Request a new token for each connection attempt.

Session policies

Depending on how your administrator has configured the target, certain capabilities may be restricted during your session:

  • Copy / Paste — clipboard access between your machine and the remote may be limited or disabled in one or both directions.
  • File transfer — uploading or downloading files may not be available.
  • Session duration — sessions may have a time limit, after which you will be disconnected automatically.
  • Recording — sessions may be recorded for audit and compliance purposes. You will be notified at the start of the session if recording is active.