Administration Guide

This guide covers SPSA administration through the SPSA Portal web interface.

Accessing Administration

Login

  1. Navigate to: https://spsa.yourdomain.com/
  2. Log in with administrator credentials
  3. Complete MFA verification (enter TOTP code)
  4. Click your username (top right) > Settings

SPSA Portal Overview

The SPSA Portal is based on Apache Guacamole 1.6.0 with SPSA-specific customizations. Administration is organized into tabs:

Tab Purpose
Active Sessions Monitor and manage current sessions
History View session history and audit logs
Users Manage user accounts
Groups Manage user groups
Connections Configure remote connections
Settings System configuration

Active Sessions

Monitor Sessions

The Active Sessions tab shows all currently connected users:

Column Description
Username Connected user
Session active since Session start time
Remote host Target system
Connection name Connection name

Terminate Sessions

Administrators can terminate active sessions:

  1. Select one or more sessions (checkbox)
  2. Click End Session
  3. Confirm termination

User Impact

Ending a session immediately disconnects the user from their remote session.

Session History

The History tab provides audit logging for compliance:

  • Session start and end times
  • User who connected
  • Connection used
  • Remote host accessed

Session Recording (Pro)

SPSA Pro stores session recordings that can be played back for audit purposes.

User Management

Create User

  1. Go to Users
  2. Click New User
  3. Configure:

Account Settings:

Field Description
Username Login username (required)
Password User password (required)
Confirm password Confirm password

Profile (Optional):

Field Description
Full name Display name
Email address Email address
Organization Organization
Role Role/job title

Account Restrictions:

Setting Description
Login disabled Disable the account
Password expired Force password change on next login
Allow access after time Allow login only after this time (e.g., 08:00)
Block access after time Block login after this time (e.g., 17:00)
Enable after date Enable account after date
Disable after date Auto-disable after date
Timezone User's timezone
  1. Click Save

User Permissions

Permission Description
Administer system Full administrative access
Create new users Can create users
Create new user groups Can create groups
Create new connections Can create connections
Create new connection groups Can create connection groups
Change own password Can change own password

Standard Users

For regular users, only enable Change own password.

Assign Connections to User

  1. Edit the user
  2. Scroll to Connections section
  3. Switch between Current Connections and All Connections
  4. Check the connections to grant access
  5. Click Save

Connection Management

Create Connection

  1. Go to Connections
  2. Click New Connection
  3. Configure basic settings:
Field Description
Name Connection display name
Location Parent group (ROOT for top level)
Protocol Protocol (RDP, SSH, VNC, Telnet)
  1. Configure connection-specific parameters (see Connection Types)
  2. Click Save

Connection Groups

Organize connections into logical groups:

  1. Click New Connection Group
  2. Configure:
Field Description
Name Group name (e.g., "Production Servers")
Location Parent group
Type Organizational or Balancing

Group Types:

Type Description
Organizational Folder for organizing connections
Balancing Load balance across connections in group

Connection Settings

Connection Limits:

Setting Recommendation
Maximum number of connections Max concurrent connections (e.g., 10)
Maximum connections per user Max per user (e.g., 2)

Load Balancing (Pro):

Setting Description
Connection priority Priority for load balancing
Failover only Use only for failover

Guacamole Proxy Parameters (GUACD) - Pro Only:

For SPSA Pro deployments with distributed SPSA Proxies connected via integrated VPN:

Setting Description
Hostname SPSA Proxy address (leave empty for local)
Port Proxy port
Encryption Encryption mode

User Groups

Create Group

  1. Go to Groups
  2. Click New Group
  3. Configure:
  4. Group name
  5. Member users
  6. Connection permissions
  7. Click Save

Benefits of Groups

  • Assign connections to groups instead of individual users
  • Easier permission management at scale
  • Logical organization of users

Connection Templates

SPSA includes pre-configured templates for common connection types:

Template Protocol Pre-configured Settings
RDP Template RDP NLA security, certificate handling
SSH Template SSH Standard terminal settings

Using Templates

  1. Go to Connections
  2. Expand Templates folder
  3. Select a template connection
  4. Click to copy and customize

Best Practices

User Management

  • Create individual accounts per user (no shared accounts)
  • Implement least privilege access
  • Use time-based restrictions for temporary access
  • Review access regularly
  • Remove unused accounts promptly

Connection Security

  • Use NLA for RDP connections
  • Prefer SSH keys over passwords where possible
  • Limit connection access by user/group
  • Use descriptive connection names
  • Set connection limits to prevent resource exhaustion

Security Settings

For high-security environments:

Setting Recommendation
Disable copying from remote Prevent data exfiltration
Disable file download Block file transfers
Disable file upload Block file transfers
Disable audio Reduces bandwidth

General Security

  • Change default passwords immediately
  • Use strong passwords (12+ characters)
  • Configure trusted SSL certificates
  • Review session history regularly
  • Keep the appliance updated

SPSA CLI Commands

For console-based administration, see Troubleshooting for:

  • getip - Display IP addresses
  • sshping / rdpping - Test connectivity
  • sudo kbmap - Change keyboard layout
  • sudo sshon / sudo sshoff - SSH access control

Support

For assistance:
Email support@skill-plan.com
Website https://www.skill-plan.com