Managing Accounts and Passwords
Overview
This document discusses the different ways in which users can manage accounts in Password Manager Pro such as, viewing, editing, copying, moving accounts and also to change password, view password history and check integrity of passwords stored in Password Manager Pro.
- Viewing accounts
- Copying passwords
- Changing passwords
- Verifying passwords
- Viewing password history
- Copying passcard link
- Editing accounts
- Copying accounts
- Moving accounts
1. Viewing Accounts
Follow the below steps to view an account that is part of a resource.
- Navigate to the Resources tab.
- Click on the particular resource name whose account details you want to view.
- The accounts of the respective resource would be displayed in a new dialog box.
- By default, passwords are shown in hidden form behind asterisks; to view the passwords in plain text, just click on the respective asterisks. The passwords will be shown for 10 seconds only. After that, they will be automatically hidden. You can also view the passwords by clicking the asterisks again.
You can modify the default 10 seconds from the General Settings page.
1.1 Enforcing Users to Provide a Reason for Viewing Passwords
By default, when a user tries to retrieve the password of a resource, on clicking the asterisks, the passwords appear in plain text. If you want to force your users to provide a reason why access to the password was needed, you can enable the option Enforce users to provide reason when retrieving the passwords in General Settings. Follow the below steps:
- Navigate to Admin >> Settings >> General Settings.
- In the UI that opens with a list of options, select Password Retrieval.
- Click the checkbox Enforce users to provide reason when retrieving the passwords.
- Click Save.
- After enabling this option, when you click on the asterisks, a pop-up window will open. In that pop-up window, provide a reason for retrieval and click Proceed.
1.2 Allowing password users and auditors to retrieve passwords for which auto logon is configured
Through the auto logon feature, Password Manager Pro provides the option to establish direct connection to the resource eliminating the need for copy-paste of passwords. By default, password users and auditors will be able to retrieve the passwords that are shared with them. However, if auto logon is configured, they might not need access to the passwords. In such cases, you can take a decision to either allow or restrict access to passwords and implement the same through the option "Allow password users and auditors to retrieve passwords for which auto logon is configured" in General Settings.
To enable this option,
- Navigate to Admin >> Settings >> General Settings.
- In the UI that opens with a list of options, select Password Retrieval.
- Click the checkbox Enforce users to provide reason when retrieving the passwords.
- Click Save.
2. Copying Passwords
Password Manager Pro leverages clipboard utility of browsers to copy passwords when you intend to copy and paste passwords.
Follow the below steps to copy passwords:
- Navigate to the Resources tab.
- Switch to the Passwords tab and click the copy icon present against the desired passwords to copy.
- The copied passwords will be available to paste for 30 seconds.
3. Changing Passwords
To change the passwords of user accounts,
- Navigate to the Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
- Click the Account Actions icon against the resource whose password you want to change and choose Change Password from the drop-down list.
- In the pop-up form that appears, enter the new password and confirm the same.
- Click Save.
- While entering the new password, the password policy set by the administrator for this resource will get enforced, if any.
- If your account belongs to any of the types - Windows, Windows Domain, Linux, IBM AIX, HP UNIX, Solaris, Mac OS, MS SQL server and Cisco Devices (IOS, CatOS, PIX), you have the option to synchronize the new password in the remote resource too. In such cases of remote synchronization, if there is a failure in updating the password in the resource, password changes will not be saved locally as well.
4. Verifying Passwords Stored in Password Manager Pro
(Feature available only in Premium and Enterprise Editions)
Passwords of resources such as servers, databases, network devices and other applications are stored in Password Manager Pro. It is quite possible that someone who has administrative access to these resources could access the resource directly and change the password of the administrative account. In such cases, the password stored in Password Manager Pro will be outdated and not be of any use to the users who access Password Manager Pro for the password. To deal with such possibilities,Password Manager Pro provides an option for checking the validity of passwords at any point of time, both on demand and also at periodic intervals. On demand verification for password validity can be performed for a single account or for all the resources/accounts stored in the Password Manager Pro application.
4.1 Verifying Individual Passwords
Follow the below steps to verify the integrity of the password of a single account:
- Navigate to the Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
- Click the Account Actions against the resource whose password you want to verify for synchronization and select Verify Password from the drop-down list.
- Password Manager Pro will try to establish connection with the target system. Once the connection is established, it tries to log in with the credentials stored in Password Manager Pro. If login does not succeed, Password Manager Pro concludes that the password is out of sync.
Notes:
- Password verification will work only for the accounts for which Remote password reset has been enabled.
- If Password Manager Pro cannot establish a connection with the system due to some network problem, it will not be considered that the password is out of sync.
4.2 Verifying Passwords in Bulk
Check if the passwords stored in Password Manager Pro are in synchronization with the actual passwords of the resources by running this check.
Follow the below steps to verify the integrity of the passwords in bulk:
- Navigate to Groups >> Group Actions >> Find Out of Sync Passwords. A window shows up.
- Click Start Now. A success message 'Integrity check scheduled successfully' will be displayed. Now, all the passwords of the selected group will be checked and email notification will be sent to the administrator.
Note: If Password Manager Pro cannot establish a connection with the system due to some network problem, it will not be considered that the password is out of sync.
4.3 Scheduled Verification of Passwords in Bulk
(Applicable from build 13000 and above only)
Password Manager Pro allows you to create a schedule for verifying the integrity of the passwords stored in the repository. To do so, follow the below steps:
- Navigate to Groups >> Actions >> Periodic Integrity Check. A window shows up with the current and upcoming status of the schedule of the selected group.
- Schedule the integrity check or modify the existing schedule by choosing any of the below options:
- Once, on a specific day and time
- On an interval based on the specified days, from a specific day and time
- Monthly, on a specific day and time
- Never
- Click Schedule.
Now, the integrity check will run based on the configured schedule, and Password Manager Pro will try to establish connection with the target systems for all the accounts in the selected group for which remote password reset has been enabled. To establish the connection, Password Manager Pro tries to log in with the available credentials. If the credentials fail to establish the connection, Password Manager Pro concludes that the passwords are out of sync. Upon verification, a consolidated notification will be emailed to all the administrators and auditors.
4.4 Verifying All Passwords Stored in Password Manager Pro
This option is to perform the integrity check for all the passwords stored in Password Manager Pro. Once done, an email will be sent to the administrators. Follow the below steps:
- Navigate to Reports >> Password Out of Sync.
- Under that report, click the link Find Out of Sync Passwords. In the dialog box that opens, click Start Now.
- Once you schedule the check, Password Manager Pro will try to establish connection with the target systems for all the accounts for which remote password reset has been enabled. Once the connection is established, it tries to log in to each resource with the credentials stored in Password Manager Pro respectively. If login does not succeed, Password Manager Pro concludes that the password is out of sync. In case, Password Manager Pro is not even able to establish connection with the system due to some network problem, it will not be taken as password out of sync. A consolidated notification would be emailed to all the administrators and auditors.
5. Viewing Password History
The history of changes done to the passwords are captured in the form of password history. Information such as the old password, modified by whom, from which machine and the time at which it was modified are all captured in history.
To view password history of an account,
- Navigate to the Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
- Click the Account Actions icon against the resource whose password history you want to view and select Password History from the drop-down list.
- In the pop-up for that appears, password history will be displayed.
6. Copying Passcard Link
A passcard typically contains details such as Resource Name, Account Name, Password of the account, Owner of the resource and the DNS name, along with any additional resource or account attributes that might be added to it. To view the passcard of an account, you must be logged into Password Manager Pro and the corresponding resource must be owned by you or shared to you. The Passcard link provides consolidated details of an individual account in Password Manager Pro as a shareable link. The link can be accessed by only those to whom the passcard is shared with the relevant privilege (read-only, read-write, or manage).
Follow the below steps to copy the Passcard of an account:
- Navigate to the Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
- Click the Account Actions icon beside the required resource name and choose Copy Passcard Link from the drop-down list.
- The Passcard link will be copied to the clipboard and will remain there until you click the Click Here to Clear Clipboard option to erase it. The Click Here to Clear Clipboard option will appear in the top- right corner of the page as soon as you copy the Passcard link.
- Paste the copied Passcard URL in a new browser window to view its contents. The Passcard will also contain a QR code from which the URL can be scanned and extracted.
7. Editing Accounts
At any point of time, you can edit the details of any of the accounts.
To edit an account,
- Navigate to the Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
- Click the Account Actions icon against the resource whose password you want to edit and select Edit Account from the drop-down list.
- In the pop-up form that appears, edit the required property of the account.
- Select the checkbox Use Private Key for Login to authorize remote connections using SSH keys instead of account credentials. Click here to know more about remote connection using SSH keys.
- Once you're done, click Save. The changes you made will be applied.
8. Copying Accounts
One or more accounts can be copied and added under one or more resources. The replicated accounts could then be edited to suit your requirements. Copy Account feature will help in situations where you might have to have identical accounts under several resources. The copying operation does not affect the account being copied in anyway.
Follow the below steps to copy one or more accounts:
- Navigate to the Resources tab and switch to Passwords tab. Select the account(s) to be copied.
- To copy a single account, go to the Resources tab, click a required resource name to open the Account Details dialog box.
- Then, click the Account Actions icon beside the required account and select Copy Account from the drop-down list.
- In the Copy Account dialog box, select the resources under which you want the accounts to be copied. Move the required resources to the Destination Resources pane using the arrows.
- Select the Inherit Share Permissions option for the new copies inherit the selected account's share permissions i.e., the new account will also be shared with all those who had permission to view the parent account.
- Select the Access Control Settings option to retain the access control configuration done for the selected account, during the copy operation. Please note that this copy operation will retain only the Account-level access control configuration. If this option is unchecked during the copy operation (OR) if the selected account does not have any individual access control settings configured, then the resource level access control settings of the destination resource will be applied to this account as well.
- Select the Copy Password History option to retain the selected account's password history. Click here for more information on password history.
- You can also specify the number of copies required. Click Save. The account(s) will appear under the selected resource(s).
9. Moving Accounts
One or more accounts that are part of one resource can be moved to another resource. When you do so, the selected account(s) will be removed from the present resource.
Follow the below steps to move one or more accounts:
- Navigate to the Resources tab and switch to the Passwords tab. Select the account(s) to be moved.
- To move a single account, go to the Resources tab, click a required resource name to open the Account Details dialog box.
- Then, click the Account Actions icon and choose Move Account from the drop-down list.
- In the Move Account dialog box, choose a resource from the Move the Selected Account(s) to dropdown.
- Select the Inherit Share Permissions option to move the selected account's share permissions i.e., the new account will also be shared with all those who had permission to view the parent account.
- Select the Access Control Settings option to retain the access control configuration done for the selected account, during the move operation. Please note that this move operation will retain only the Account-level access control configuration. If this option is unchecked during the move operation (OR) if the selected account does not have any individual access control settings configured, then the resource level access control settings of the destination resource will be applied to this account as well.
- Select the Move Password History option to retain the selected account's password history. Click here for more information on password history.
- Click Save. The account(s) will be removed from the present resource and it will appear under the selected resource(s).