StrongDM Desktop

The StrongDM Desktop application (macOS and Windows) is the graphical component of the StrongDM client that you install on your local machine. The other component is the StrongDM command line interface (CLI). Both the desktop app and the CLI allow you to authenticate to and use StrongDM to access resources.

This page provides an overview of the desktop app and how to use it.

Authentication #

You can log in to StrongDM via one of the following methods.

• User: To log in as a user, enter your email address or user ID, followed by your password. Select Remember my email to avoid having to enter your email address for subsequent logins.
• Service Account: To log in as a service account instead of a user, enter a token into the Email field. Note that tokens are not remembered for subsequent logins. If an email address was previously remembered, that email is pre-populated on your next login.
• Single sign-on (SSO): If your organization has SSO enabled, log in by entering your email address. Your web browser then opens and handles the rest of the authentication. Note that if SSO is enabled for your organization, you must log in via SSO unless you are a non-SSO user.

User lock and unlock #

If your account is locked due to inactivity, the desktop app shows the locked screen. Click Unlock StrongDM and authenticate to proceed.

To lock your account, go to the Account menu and select Lock.

Resources #

The desktop app shows all the resources that you can access. Changes in access grants are shown in real time. If you are unassigned from a role that provides access to Postgres resources, for example, all such resources are immediately removed from your view in the desktop app.

If you do not have access to any resources, or if you have questions about what you can or cannot access, please ask your StrongDM administrator.

The status bar at the bottom of the desktop app window indicates whether you are connected to StrongDM. If the status remains in the reconnecting state indefinitely, please contact your administrator. In addition, the status bar indicates the number of resources available.

Display #

By default, resources are sorted first by the resource type and then by the resource name. Each resource is shown with its host address and port number.

The desktop app shows up to 25 resources at a time and supports infinite scroll. If you have access to 100,000 resources, for example, you can scroll through all of them until you reach the end of the list.

Connection to resources #

Click-to-connect capability lets you click on any resource name to connect immediately. The green lightning icon indicates that the resource is connected or that the port is now open. Once connected, you can proceed to use your existing database, SSH, or RDP client to connect.

Port overrides #

By default, every resource that is created is assigned a port override value, which is the port that you use to connect to the resource through StrongDM.

Websites #

The desktop app allows you to connect to any website resource with a single click.

To open any website resource in your browser, first make sure you have already configured a proxy. Then click the connect button next to the website resource name.

Saved resources #

You can save resources as favorites by selecting the star icon beside the resource name. Saving certain resources helps you to get to favorite resources quickly without having to search for them by name or type.

Saved resources persist and remain saved even after you log out of or quit the desktop app. You can view a list of all saved resources by clicking the Saved filter button.

To remove resoures from the Saved list, deselect the star icon beside the resource name.

Resource search #

You can search for and display specific resources by name. The Search field recognizes partial strings, allowing you to type just part of a resource’s name to find matching resources.

To return an exact match, encapsulate the resource name in quotation marks. Example: “azure-gateway”.

The same search rules apply when using the Search field within a Filter button.

Resource filters #

You can narrow the list of resources shown by using the Saved, Type, Health, and Connection filter dropdown buttons.

• Saved filters for resources that you have saved as favorites.

• Type filters for resources of a specific type, such as Google Kubernetes Engine.

  

• Health filters for healthy or unhealthy resources.

  

• Connection filters for resources that are connected (a local port is connected or open for that resource) or not connected (no ports are open for that resource).

  

Once you have made your selection, those resources are displayed.

To clear out your filter selection click Clear.

Account Menu #

This section describes the desktop app’s Account menu options.

Log Out #

Click the Log Out button to log out of the desktop app.

Quit #

Click the Quit button to close the desktop app. You remain logged in to StrongDM if you choose to use the CLI while the desktop app is closed.

Connect all #

The Connect all option lets you connect to all accessible resources simultaneously. Depending on your operating system, however, you may be limited in the number of resources to which you can connect. This limit is known as the file descriptor limit. Standard limits are as follows:

• Linux-based: 1,024 resources
• MacOS: 256 resources
• Windows: 512 resources

Note the following potential scenarios that may occur if you reach the limit for your OS:

• If you run sdm connect --all and the number of resources you currently have access to is greater than the standard limit for your OS, the operation may fail.
• If you run sdm connect --filter and the number of results for that filter is greater than the standard limit for your OS, the operation may fail.

Open app.strongdm.com #

Open app.strongdm.com opens the Admin UI (https://app.strongdm.com) in your web browser.

Documentation #

The Documentation option opens StrongDM documentation in your web browser.

Diagnostics #

The Diagnostics option uses the SDM Doctor Utility to check your system for potential problems. A new window launches, providing information that could be helpful if you need to troubleshoot or provide a copy of the output to Support.

The Copy diagnostics button lets you copy the diagnostic information to your clipboard.

The Reset StrongDM button allows you to rename the current SDM configuration directory and create a fresh one.

Diagnostic information includes but is not limited to the following.

If the desktop app is in a bad connection state, the diagnostics window loads the last cached diagnostics information.

If the desktop app is disconnected and then reconnected, the desktop app refetches the diagnostics.

Install sdm in PATH #

Use the Install sdm in PATH option to set up the StrongDM CLI in your system. You only need to install the CLI one time.

For detailed information about installing the CLI, please see the installation guide for your particular operating system.

Desktop app updates #

When an update is available, the desktop app displays the Update required message. Updates do not happen automatically, so you need to select this option to update the desktop app.

Update kubectl configuration #

If cluster resources are available to you, the Account menu provides the Update kubectl configuration option. This option adds StrongDM-specific sections to your existing ~/.kube/config file or creates a new one if it does not yet exist.

Note that you need kubectl to be in your PATH before starting the desktop app and/or CLI in order for this option to work.

You should see either a success message or an error message.

If there is a conflict that prevents the completion of the kubeconfig update, you can choose to force the update. The error message displays the exact text of the configuration conflict.

You can find resources and information about the following StrongDM topics in this section:

• Client Installation
• Versioning
• Connect to Resources
• TOTP Enrollment
• Virtual Networking Mode