Launch your first session

Once a Safe includes you as a member, launching a session is the final step in the onboarding flow. VaultPAM shows the target, applies policy, and opens the right client for the protocol you chose.

Before you begin

• You are a member of the Safe you want to use.
• The Safe points to a Resource that is already online.
• If the Safe requires approval or MFA step-up, you are ready to complete those prompts.

Steps

1. Open the Safes list and select the Safe you want.
2. Click Launch.
3. If the Safe requires approval, wait for the approver to accept or deny the request.
4. For RDP, VaultPAM redirects you into the native RDP client.
5. For SSH, VaultPAM opens a browser terminal or hands off to the native client, depending on the connector and browser support.
6. Watch for the session recording indicator, the clipboard policy badge, and any MFA gate that appears before the session starts.
7. When you are done, close the window or click End in the app.

What to expect

• The session is recorded if the Safe policy requires recording.
• The connector injects the credential at the proxy, so you never handle the password directly.
• Audit events are emitted for session start and session end.

Related articles

• Add a Safe
• What is a Recording?
• Approve a pending session