Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Hello Constantin, As we don't have the sort of feature you need, we recommend not configuring a Password Lists with Authentication options which users cannot use. In the unlikely event somebody did this, Security Administrators can always turn it off/change it via the screen Administration -> Password Lists. For authentication into Passwordstate, all we can suggest for now is multiple User Account Policies - this will enforce it for you. If possible, and we certainly understand if it's not, but consolidating the number of 2FA methods you use may help as well - we find most of our customers try to do this as it does simplify things, and reduces your support costs. Regards Click Studios
  3. Yes I've seen this. But If we allow the users to choose their own authentication method via preferences, they could also set this to just "Manual AD" and bypass the second factor. And this would be an security risk. There must be an enforcement to have them choose an second factor option. On the other hand there is the disadvantag for users creating password lists and enforcing the password list to have the authentication method Manual + AD and SecureID for example. But what happens when a user without this method enabled - tries to access the password list? It shows the authentication window, but the user cannot authenticate because he does not support this method. So for single password lists there should be also the possibility to say: Hey normal AD authentication is not enough, we need a second factor. But Which one - doesnt matter - because this could be different per user. Is there maybe a workaround for this? Kind Regards, Constantin
  4. Last week
  5. Hi, Thanks for the feedback, but we think this approach would be problematic. We auto-populate a lot of the Authentication fields on users Preferences screen, even if they are not using those Authentication options i.e. SecurID Username is populated for all accounts. Do you know users can chose their own Authentication Method on their Preferences screen? I think this might be a better option for you, as you then would not need to worry about all those User Account Policies. Regards Click Studios
  6. Yes you are right, from technical view maybe this could be done with an check like: Which 2-FA Option is enabled for User XY? --- RSA --- OTP Multiple 2-FA Options detected -> Which one is set as Prefered? --- RSA Then display login form/window for this 2FA method. When only one 2FA Method is activated by the user then the prefered step is not needed and it is directly choosen.
  7. Chris Gribbin

    Issues adding passwords via webapi

    At least I'm not crazy! Thanks for all your hard work. -Grib
  8. Hi Constantin, Thanks for the clarification, and no that is not possible sorry. I'm not sure if we would consider this as a feature request sorry, unless we had many customers interested in it - an no-one has expressed an interest before. Technically we're not sure how this would event work - would we just randomly present a 2FA option to the user - what is they don't use SecurID, as an example. Regards Click Studios
  9. Hi there, i've seen this but this does not fit with our needs. For example I have a team of about 10 users. 2 are using google authenticator 1 is using rsa secure id 4 are using OTP 1 is using email and so one..... With the policy's I can force a user to use one specific authentication option. So i would have to manage 4 different user policys and add the users per their need to the right user policy based on their choosen second factor application. I would like to have the option to specify that the users have to authentication with ANY second factor option, so they can choose their favorite application. (Ensure that 2-Factor authentication is used, with no enforcement on a specific method) Is this possible? Or it looks like an Feature Request? Kind regards, Constantin
  10. Hi Constantin, With the user of User Account Policies, found under the Administration menu, you can have different authentication options for different sets of users. Can you investigate this, and let us know if this is what you need. Regards Click Studios
  11. support

    Issues adding passwords via webapi

    Hi Chris, Thanks for your help, and patience, in trying to troubleshoot this, and we can confirm we see the same thing if the Password List is for a Remote Site Location. So we'll look into getting this fixed for the next release, and test all other methods as well to make sure there are no other issues. Thanks again. Regards Click Studios
  12. support

    Improved Branding/Customisation

    Yes, that would work
  13. Sarge

    Improved Branding/Customisation

    Thats a lot of pages! Lets go with the custom.css for now, plus maybe a seperate one for login / log out page?
  14. support

    Improved Branding/Customisation

    Thanks Sarge. Per page CSS would require us to update all 492 pages in Passwordstate, so this is unlikely to happen sorry - unless we have a lot of customers who also need this level of customization for all pages in Passwordstate. Regards Click Studios
  15. Sarge

    Improved Branding/Customisation

    Found it.... We stopped with the custom CSS when we went to v8 because it become to difficult to keep verifying changes. So it would be nice to be able to get these changes back, but on a per-page basis. I understand its a lot of leg work and you've already got a lot in the pipeline for this year. /* Start Changes */ /* Changes made to adjust Logo TR to be White, while keeping existing base color specified in Admin Control Panel */ /* This ensures the logo fits the color scheme */ /* keeps the specified base color in Admin Control panel on the login and logout screens. This effectively overwrites what is set in Admin Control Panel. Ensure you update the color when you change base color in admin control panel.*/ td.BaseColor { background-color:#22428C !important; } /* sets the background color of the login and log out screens white, overwritting what we set in the admin control panel. */ body.BaseColor { background-color:white !important; } /* Hides the "Forms Based Authentication" text on the index page and the Company - Password Manager text on the loggedoutpopup.aspx page. */ div.title2 { font-size:0px !important; } /* The below changes target individual element IDs to adjust color. By default these where all white - which blended in with the Body.BaseColor change above */ #BuildDiv { color: #C0C0C0 !important; } #ActiveUsersTD { color: black !important; } #A2 { color: black !important; } #NewBuildLabel { color: #545454 !important; } #MaintenanceModeDiv { color: red !important; } #A5 { color: red !important; } #QueuedEmailsDiv a:link { color: red !important; } #QueuedEmailsDiv a:visited { color: red !important; } #PendingAccessRequestsDiv { color: black !important; } #A1 { color: black !important; } /* END Changes */
  16. Sarge

    Improved Branding/Customisation

    Yep it sure would be , however it would be my preference. There was other things we changed in the CSS on the login screens and log out screens. I'll try and find the old CSS we used as it was somewhat substantial changes, more than just BaseColor.
  17. Hi there, in password lists an for web authentication its possible to specify manual ad authentication and some other factor authentication. With many users and many other options like (Google, OTP, Mail, SMS, RSA) it is sometimes not nice to handle because we have to agree on one option. It is possible to specify "Manual AD Authentication + Any other Authentication Method" so we ensure that we have a 2-Factor Authentication but it does not matter which second factor option is used? Edit: Sorry this Thread should go to 8.X Support not 7.x..... Kind regards, Constantin
  18. Chris Gribbin

    Issues adding passwords via webapi

    OK it's been a long morning but I believe I have it nailed down - I created a brand new list that mirrors my ListID 30 in every single way - ID 710 - and the test was successful. I created a brand new list that mirrors those exactly except for a client remote site - and the test fails. I subsequently went hunting for other 3 digit lists under Internal site and those all succeeded, regardless of template link or permissions, and all attempts for any remote site regardless of permissions and template link failed. It just so happens that a majority of my 'internal' lists are 2 digits and the client ones are almost all 3 digits.. in fact I have one client with a 2 digit list only, and for grins I tried that one and it failed. So - not a 3 digit problem - now appearing to be a Remote Site Location Problem. I did try and add "SiteID":"4" to my json body like you use in /api/passwordlists and no luck.. I slowly read the documentation (I'm guilty of skimming most of the time) to see if there was mention of this and I didn't see it anywhere in the passwords section - I think it's implied that it should inherit site by the listID like when you add a new record in the webui.. but my new theory is that that is not working. Can anyone corroborate? Works for any list on 'Internal' Site - but not any of the lists tied to a remote site $jsonData = ' { "PasswordListID":"94", "Title": "North American Core Router 1", "UserName":"narouter1", "password":"StenS-Lun#3$2^yc", "APIKey":"putyourownglobalpapikeyhere" } ' $PasswordstateAPIURL = 'https://yourpwsinstance.com/api/passwords/' $result = Invoke-Restmethod -Method Post -Uri $PasswordstateAPIURL -ContentType "application/json" -Body $jsonData Write-Output $result #Return all properties of object(s) Remove-Variable result Cheers! -Grib
  19. support

    Improved Branding/Customisation

    Actually, maybe for the login screens we could change the name of the css from BaseColor to LoginScreenBaseColor, and then you can have different css for these screens as well. Also, did you know you can now also use a background image on all logins screens - this would negate the custom css on these screens if you would prefer to use that. Regards Click Studios
  20. support

    Improved Branding/Customisation

    I've just done some quick testing in the main site, and this should be possible with us adding one line of code into one of our classes. So if you were to include your own css file called /App_Themes/custom.css, then this would apply to all pages in the core product. You will need to include the '!important' rule on all your css attributes so they take precedence over ours, but it seems to work nicely. If we add this in though, it would be one css file for the whole site - so if you were to change the base color, it would change for all pages, just not the login screens. Trying to provide custom css for each individual page would be a considerable amount of work. The Self Destruct and Reset Portal would be the same concept with this custom.css file. Because you add this file yourself, no upgrades will touch this. Regards Click Studios
  21. Sarge

    Improved Branding/Customisation

    In the context of my post it was for the Passwordstate login screens. At one stage we were also hiding some elements on the login screens via the CSS as well as changing the headerTable to force a different background colour (thus overriding the base colour it inherits). Minimal at this stage because it becomes to difficult to verify lots of changes after each upgrade, but at this stage. Body Background, btn-info Background & Border Colour, btn-info:hover Background & Border Colour. body { padding: 3em 15px; background: #ffffff; /*background: rgb(93,101,144); Old browsers background: -moz-linear-gradient(-45deg, rgba(93,101,144,1) 0%, rgba(54,169,225,1) 100%); FF3.6-15 background: -webkit-linear-gradient(-45deg, rgba(93,101,144,1) 0%,rgba(54,169,225,1) 100%); Chrome10-25,Safari5.1-6 background: linear-gradient(135deg, rgba(93,101,144,1) 0%,rgba(54,169,225,1) 100%); W3C, IE10+, FF16+, Chrome26+, Opera12+, Safari7+ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#5d6590', endColorstr='#36a9e1',GradientType=1 ); IE6-9 fallback on horizontal gradient */ /* display: table;*/ font-family: "Raleway", sans-serif; } .btn-info { color: #fff; background-color: #003255; border-color: #003255; } .btn-info.focus, .btn-info:focus, .btn-info:hover { background-color: #00C8C8; border-color: #00C8C8; }
  22. support

    Improved Branding/Customisation

    Hi Sarge, Thanks for your request. Could you provide an example of the CSS code you are modifying here? When you refer to "Currently the base colour", are you referring to the Self Destruct or Password Reset Portal still, or the logins screens in Passwordstate? Thanks Click Studios
  23. support

    Multiple Authentication Types

    Hi Rob, If you close your Browser, and not just the tab, does that make any difference? Thanks Click Studios
  24. support

    Issues adding passwords via webapi

    Hi Chris, I've sent an email regarding this, and it does not have anything to do with a 3 digit PasswordListID - we need to keep investigating. Regards Click Studios
  25. Chris Gribbin

    Issues adding passwords via webapi

    Eureka! It fails going to my test list - which is ID 652 (tried 660 and a few others in that range previously) In wondering if it's the list.. common denominator and whatnot.. I tried against an internal list with ID 30 and it succeeds. More testing shows it fails on each try to a 3 digit list - I found ID 142 and it fails, but on ID 98 it succeeds. I sent an email back with more details too. Also, my script had one bug, in the $body creation I needed to change AccountType to AccountTypeID - then it worked and added all 3 good entries to list ID 30 as expected. See your North American Core Router and my 3: AllAtrib, NoType,NoUrl from the script. So it seems to me that the culprit is the 3 digit list IDs not being accepted. Wish I'd have thought of that sooner.. I honestly thought it was something simple I was doing wrong. Cheers! -Grib
  26. Hello, Could you please refer to our API Documentation under the help menu - there are more parameters required when creating Password Lists. e.g. where to place it in the Navigation Tree, what permissions to apply, what settings for the Password List, etc. Regards Click Studios
  1. Load more activity
×