Using Group Managed Service Accounts (gMSA) for Network Shares

Reflection for Secure IT Windows Server supports the use of Group Managed Service Accounts (gMSA) for secure access to network shares: SFTP directories and Mapped Drives.

Before configuring the use of a Group Managed Service Account, you will first have to create and configure the accounts in the desired domain. Refer to Setting up a Group Managed Service Account (gMSA).

To configure access to a share using a Group Managed Service Account

1. In the credential cache, select Add.

2. In the Add Credential popup window, enter the name of the Group Managed Service Account with the domain name and a trailing dollar sign, for example domain.com\rsitgmsa$.

3. Check the box for SFTP Directories and mapped drives.

   Leave the password empty.

   Note

   The Test button cannot be used for Group Managed Service Accounts (gMSA). The Reflection for Secure IT Windows Server Console does not have the required permission to retrieve the password.

4. Next, follow the same steps as outlined for normal accounts.

   • For SFTP Directories, see Customize Directory Access for File Transfers.

   • For Mapped drives, see Configure Mapped Drives for Terminal Sessions.

5. When selecting an account, choose the Group Managed Service Account you created previously in step 2.

Please make sure to review the Best Practices for Using Cached Credentials. These practices and warnings apply to any account, including Group Managed Service Accounts.