We have recently used the ManageEngine PAM360 solution. The primary reason for adopting this platform is to eliminate direct external RDP and SSH access into our internal corporate network.

Instead of providing access through VPN connections or exposing RDP/SSH ports via port forwarding, we aim to use a centralized, web-based access gateway that also enables IT governance and access control management.

However, to properly implement this solution, we require that users enter their own credentials when logging into their personal PCs or accessing internal systems. All authentication is based on Active Directory, and we do not want to manually store or manage user credentials within PAM360. Additionally, in some cases multiple users may access the same server, each needing to authenticate with their own individual credentials.

In summary, our intended scenario is as follows: the IT department defines and manages access to server and workstation IPs through PAM360, allowing each user (e.g., User A) to access only the services assigned to them—such as Windows RDP sessions, web-based administrative panels for different departments, or even personal workstation access. However, when initiating a connection, the system should always prompt the user to enter their own username and password, as all employees already authenticate against LDAP/Active Directory across most services.

Based on our internal testing and research, we observed that when creating a resource in PAM360, it is mandatory to define at least one username and password. Furthermore, when this resource is shared with users, they all connect using the same preconfigured credentials, which does not align with our security requirements and intended use case.

We would appreciate your guidance on how to achieve this requirement within PAM360.