Remote Identities

Last modified on January 10, 2024

Remote Identities enable your organization’s users to authenticate to RDP, SSH, or Kubernetes resources using their own individual username and role(s) rather than a leased credential.

A Remote Identity is an identifier—such as a username, profile, or alias—that is unique to an individual user or service account, that the user can use to authenticate to a Remote Identity-enabled resource. When logging in to a server via an SSH client, for example, users typically log in with a username and password that are not shared with anyone else. Their individual activities are written to the resource’s native logs under their username. When accessing Kubernetes resources, a user’s Remote Identity can be a both a username and role(s).

In contrast to a Remote Identity, a leased credential is shared across multiple users and service accounts. In a StrongDM organization that uses the leased credential method of authentication, all users authenticate with the same leased credential in order to access the resources that have been granted to their assigned role(s). Individual activities are written to the organization’s logs.

The option to authenticate with Remote Identity usernames is available for the following resource types only:

  • AKS cluster
  • AKS (Service Account) cluster
  • AWS Console
  • Elastic Kubernetes Service cluster
  • Elastic Kubernetes Service (Service Account) cluster
  • Google Kubernetes Engine cluster
  • Kubernetes cluster
  • Kubernetes (Service Account) cluster
  • RDP (Certificate Based) server
  • SSH (Certificate Based) server
  • Snowsight (default is Remote Identities; leased credential authentication not available for this resource type)

The option to authenticate with Remote Identity roles is available for the following cluster resource types only:

  • AKS cluster
  • AKS (Service Account) cluster
  • Elastic Kubernetes Service cluster
  • Elastic Kubernetes Service (Service Account) cluster
  • Google Kubernetes Engine cluster
  • Kubernetes cluster
  • Kubernetes (Service Account) cluster

For help setting up Remote Identities, see the documentation: