Security
Security features of PowerShell Universal.
Local accounts are created and stored in the PowerShell Universal database. By default, credentials are stored in the local database vault.
To create a local account, you can navigate to Security \ Identities and create a new identity. Ensure that the Local Account switch is enabled and set a password.

If you have a licensed instance of PowerShell Universal, you can use a different credential vault.
The forms authentication script is only called when users login through the login page. If you use any other authentication method, this script is not called. Role policy scripts are called for all authentication types.
By default, the forms authentication script is configured to accept the user Admin and a password of Admin. You can configure this authentication policy to interact with whatever system you like. The script will receive a
PSCredential
object that contains the user name and password entered by the user at the login page.Authentication settings are also stored with
authentication.ps1
To update forms authentication, click Security (below Settings) then Authentication. Click the 'Edit Details' button from there to review (or update) the forms authentication code.

You can update the PowerShell script found in settings to configure how the user is authenticated. You'll need to return a
New-PSUAuthenticationResult
from the script to indicate whether the user was successfully authenticated.param(
[PSCredential]$Credential
)
#
# You can call whatever cmdlets you like to conduct authentication here.
# Just make sure to return the $Result with the Success property set to $true
#
if ($Credential.UserName -eq 'Admin')
{
New-PSUAuthenticationResult -Success -UserName 'Admin'
}
else
{
New-PSUAuthenticationResult -ErrorMessage 'Bad username or password'
}
You can check the password of the credential by using the
GetNetworkCredential()
method of PSCredential
.param(
[PSCredential]$Credential
)
#
# You can call whatever cmdlets you like to conduct authentication here.
# Just make sure to return the $Result with the Success property set to $true
#
if ($Credential.UserName -eq 'Admin' -and $Credential.GetNetworkCredential().Password -eq 'MySuperSecretPassword')
{
New-PSUAuthenticationResult -Success -UserName 'Admin'
}
else
{
New-PSUAuthenticationResult -ErrorMessage 'Bad username or password'
}
During forms authentication, you can set claims that will be available within role policies. This can provide a performance benefit when interacting with remote systems since you can perform a single claim lookup and then evaluate the claims locally rather than having to make additional calls to the remote system.
This example uses Active Directory to look up group membership and assign the as claims that will be available within the roles scripts.
param(
[PSCredential]$Credential
)
#
# You can call whatever cmdlets you like to conduct authentication here.
# Just make sure to return the $Result with the Success property set to $true
#