Activation type comparization

Carillon provides different ways for activating temporary access on client. This documents describes activation types and list common benefits and limitations of each type. By default only Credential provider activation types are usable on client because in these types user can handle whole activation process in Windows login window or UAC (User Account Control) window.

Activation typeUser interfaceBenefitsLimitations
Legacy request password (disabled by default)Centero Agent icon in Windows notification area
  • User gets local user account and password so user can use login to computer and use Run as Administrator functionality without Carillon credential provider
  • Service Desk can select how long time user can use the user account/password combination
  • Works in offline
  • Works in Windows XP and older
  • Local account used so no access to other devices on network
  • User need to use Request activation code functionality (disabled by default) or contact Service Desk to get activation code
  • Password hard to remember (random generated password) and Windows 10 does not allow copy/paste in UAC window
Use activation codeCredential provider in login screen and/or UAC window
  • Service Desk can select how long time same activation code can be used
  • Works in offline
  • Local account used so no access to other devices on network
  • User need to use Request activation code functionality (disabled by default) or contact Service Desk to get activation code
  • Activation code (20 characters) must be typed in Windows 10 UAC window (copy/paste does not work when UAC in Secure Desktop)
Run with local accountCredential provider in UAC window
  • User can perform without contacting Service Desk by typing reason
  • Local account used so no access to other devices on network
  • Alternative credentials can be used when logged on user does not have permissions to use this activation type
  • Carillon administrator can configure who and where can be used (for example all users on their primary devices)
  • Requires connection to Carillon server
Run with domain accountCredential provider in UAC window
  • User can perform without contacting Service Desk by typing reason
  • Network resources can be accessed (because using domain account)
  • Carillon administrator can configure who and where can be used (for example Service Desk users on workstations)
  • Requires connection to Carillon server
  • Requires connection to On-Premises domain controller or used account must exist in cached credentials