Remote Identities

Last modified on October 30, 2023

Remote Identities enable your organization’s users to authenticate to RDP, SSH, or Kubernetes resources using their own individual identifier rather than a leased credential.

A Remote Identity is like a username, profile, or alias that is unique to an individual user or service account. When logging in to a server via an SSH client, for example, you typically log in with credentials that are not shared with anyone else. Moreover, your individual activities are written to the resource’s native logs under your username.

A leased credential is shared across multiple users and service accounts. In a StrongDM organization that uses the leased credential method of authentication, all users authenticate with the same leased credential in order to access the resources that have been granted to their assigned role(s). Individual activities are written to the organization’s logs.

The option to authenticate with Remote Identities is available for the following resource types only:

  • AKS cluster
  • AKS (Service Account) cluster
  • AWS Console
  • Elastic Kubernetes Service cluster
  • Elastic Kubernetes Service (Service Account) cluster
  • Google Kubernetes Engine cluster
  • Kubernetes cluster
  • Kubernetes (Service Account) cluster
  • RDP (Certificate Based) server
  • SSH (Certificate Based) server
  • Snowsight (default is Remote Identities; leased credential authentication not available for this resource type)

For help setting up Remote Identities, see the documentation: