Help CenterGet A DemoTry It Free

Identity Aliases

Learn about how Identity Aliases can be used to proxy authentication with certificate-based RDP resources or your SSH resources.

You can use an Identity Alias, instead of a leased credential, with StrongDM to proxy authentication with your certificate-based RDP resources or your SSH resources. Actions are executed via the user’s account (that is, the Identity Alias) with the resource, while user-level auditing and monitoring occur on the resource side via native logging.

Utilizing an Identity Alias results in your native server logs identifying the particular user performing an action, rather than identifying all actions conducted via StrongDM connections as being performed by the single leased user account. The username employed is the user’s Identity Alias set in their StrongDM user account.

Identity Alias for RDP or SSH

In StrongDM, the resource types that supports the use of Identity Aliases are:

The RDP (Certificate Auth) resource type authenticates users to the server with a certificate provided by StrongDM or a supported third-party Certificate Authority (CA). For RDP, Identity Aliases are supported for Microsoft Entra ID (formerly Azure AD) and on-premises AD deployments.

The SSH (Certificate Based) resource type authenticates users to the server with a certificate provided by StrongDM or a supported third-party CA. In contrast, the SSH (Customer Managed Key) resource type authenticates users to the server using a certificate that you provide and import during configuration.

How to Set Up Identity Aliases

To use Identity Aliases, follow our setup instructions for either certificate-based RDP servers or SSH servers. The setup process generally involves the following steps:

  1. Set up your server.

  2. Create or identify an account on the server to use.

  3. Add the server as a resource in StrongDM.

  4. Add the Identity Alias to the user's settings in StrongDM.

After setup is complete, you can use Identity Aliases to authenticate with your resource.

Please see our guides for complete configuration steps:

Last updated

Was this helpful?