Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Last week
  3. support

    Search for Compromised Passwords

    Hi Parrishk, You cannot search for the value of the passwords in Passwordstate, as it's an encrypted field. If you go to the screen Administration -> Reporting, and run the report 'Passwords Strength Compliance Status', the last column on this grid is 'Bad Password', and that will highlight if there is a bad password match - but we do not reveal the password here. If you need to search for the values of Passwords, then your only real option here is to export all password to the password protected zip file, and then search through the CSV - although, this would be for Shared Password Lists only, not Private. Regards Click Studios
  4. Hello, Seeking advise on what I am trying to accomplish. Thankful for the recent addition of HIBP and the value it provides moving forward but I am looking at: Running a report to list all accounts that have a "bad" password and is already stored in the DB Searching all accounts by password. For example, if we found out that Password123 is "weak"...how do I search for all accounts with the password "Password123" so they can be addressed? Thanks!
  5. Hi Team, We already able to hide/disable Password Lists and Password Folders in Administration menu for Security Administrators, but while my user want see how looks like the emergency access, then they saw menu of Password Lists and Password Folder. So the asking to request to support to able disable menu of Password Lists and Password Folders. Need your help to have menu same like in security administrators menu for Emergency Access, so we able to allow or disallow some list menu for Emergency menu especially for Password List and Password Folders. Having menu for emergency access will be great. I appreciate your assistance, thank you very much. Regards, Bobs
  6. support

    Authentication with Okta issues

    Hi Stephen, If you want all user to use SAML authentication, then you need to select this on the screen Administration -> System Settings -> Authentication Options tab - are you saying it's "greyed out" on this screen, as I'm not sure this is possible? Can you also explain a little further what you mean by 'Forms based authentication prompt'? Is this a browser prompt, or one of our login screen UI's? If it's a browser prompt, then possible the incognito mode is causing this, and if you like, you can enable Anonymous Authentication for the site in IIS - when this is enabled, you should never see a browser prompt at all. If you do not want SAML auth for everyone, then you can do the following: 1. Ensure Anonymous Authentication for the site in IIS is disabled, and only Windows Authentication is enabled 2. Then create a User Account Policy on the screen Administration -> User Account Policies, select the SAML Authentication option, and then apply permissions to the policy for the users who are to receive it. If you get browser prompts because of disabling Anonymous Authentication for the site, please reference the following forum post for this - https://www.clickstudios.com.au/community/index.php?/topic/152-why-am-i-being-prompted-to-enter-my-authentication-details/ We hope this helps. Regards Click Studios
  7. v8.6 (Build 8627) I have configured SAML authentication with Okta in our PWS server, and the SAML assertion from Okta to PWS seems to work, but it requires opening the link from Okta twice. Similar to the steps for reproduction here: , when logging in to Okta with a clean incognito session, clicking on the PWS tile in Okta will open the PWS site but will then load the forms based authentication prompt. If I close that tab and open the Okta tile again, it will login correctly with SAML. (It will login with SAML the first time I click into it from Okta if I've opened the PWS site in a separate tab and there's some sort of session cookies present). I think this may be because the System wide authentication is set to Manual AD authentication, and I tried but am unable to set the Authentication options to SAML2 authentication for the user I'm testing with (it's greyed out). Is this expected behaviour, and would SAML authentication work first time with a clean session if I set the system wide authentication settings to use SAML2 auth? Is there a way to eliminate the double hop without changing system wide auth for everyone? We have a large user base and I don't want to force enable SSO for everyone if it requires this double step
  8. Synopsis of Feature Request: Provide a restriction method either via user and/or group that allows assigning more granular permissions to users. Allowing restriction similar to client access where a user can only see one site, but extend that functionality to licensed users so you could have teams or users responsible for certain hosts, or client sites (MSP remote-site Locations) while still allowing them access to write, update and all other functions. Current Behavior: All licensed users can view all hosts When creating passwords and in various areas in the site, drop downs or selections allow users to select any site (internal, client 1, client 2) from menus Internal is the default for all licensed users and can not be removed Requested Behavior: Restrict users access to one or more sites User permissions can be set like currently, read, write, discover hosts, but all functions restricted only to site(s) they have access to. (internal, client 1, client 2, etc) Can only view or connect to hosts at sites they have permission for. No evidence or ability to view, see or access any other sites. - Won't be even able to see Client 2 as a drop down if they don't have permission for that site. Set different site as default, removing permission from internal and assigning to say Client 1 and Client 2, but not Client 3 or Internal. - Use case, help desk or third-party NOC you don't want in internal systems Benefit of Implementing Feature Request: MSPs or others managing passwords for clients or multiple offices would purchase additional licenses so that "end-users" or "client-admins" could add and edit records, providing additional revenue for passwordstate. While the free client licenses are an added benefit, there would be the ability to upgrade a client to a full user just for their site(s). This would reduce the time of the MSP updating records by allowing their clients to directly access, save or edit passwords. It would also allow them to provide Remote Session Launcher to end users reducing the cost of providing a third-party remote connection tool for clients to access their workstations / pc's remotely.
  9. We are using the Passwordstate Mobile website but would like to control access to this website as only staff members within IT will be needing access to the external mobile website. I would like to feature request the ability to enable/disable access to the mobile website on a per user basis in a similar way to the new 'Send Self-Destruct Message Permissions'. Thank.
  10. Hello TTumbler, Sorry, but we have not implemented this yet - you can vote on this feature request here if you like - https://www.clickstudios.com.au/community/index.php?/topic/2489-api-search-for-documents-by-name/ Regards Click Studios
  11. Hi Everyone, Today we have release build 8670, which includes 13 new updates, and 5 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  12. support

    Plugin documentation & test

    Hello tester22, Just letting you know that we have released build 8670 today, with the changes above. If you are yet to perform any upgrades of Passwordstate, you can use one of the methods described in this document - https://www.clickstudios.com.au/downloads/version8/Upgrade_Instructions.pdf. Probably section '5. Manual Upgrade Instructions' will be the quickest for you. We might also contact you directly to see if we can help you develop these scripts, with proper error capturing - if that is okay with you? Regards Click Studios
  13. Ferry Knol

    Secondary Radius server

    We would like to see that we are be able to add multiple Radius servers instead of just one. Hopefully this can be arranged easily and asap. kind regards, Ferry Knol
  14. support

    GET/PUT methods for Hosts

    Excellent, Glad this is all sorted now:) Regards, Support
  15. Hi ParrishK, We've just updated this in one of the latest builds, and the secret is no longer visible to Security Admins. Please see screenshot below. Security Admins can now clear the key, which will generate a new QR code the next time the user logs into Passwordstate. We've made this change to YubiKey, One Time Password and Google Authenticator authentication types. If you can perform an upgrade this issue will be fixed:) Regards, Support
  16. We are beginning to store system specific SSH keys in passwordstate for accounts were we use keys instead of passwords. We can search and find the password record via the api but I don't see any way to find the documents that are associated with that password record. Is there any way to do this still something we are waiting on as a feature (we are on 8.4 build 8449)?
  17. While looking through the HTML source I noticed that each user's "HiddenGoogleSecretKey" is displayed in plain text. Sure the admin already has privileged access to the system and "could" change/reset this value but I think it would be best practice for only the end-user to ever have access to the secret value. Was this intended or is there not a concern for this value being visible to administrators?
  18. tester22

    GET/PUT methods for Hosts

    Great found it now. At first I tried https://passwordstate:9119/api/hosts/<HostName> and I received all hosts. But https://passwordstate:9119/api/hosts/?HostName=<HostName> is working as expected. Thanks
  19. support

    Single password / password list recovery

    Thanks - we've been meaning to work on this for quite some time now, but it does require updating several hundred calls to the database, and testing them all, across all tiers and modules in Passwordstate. There just seems to be a lot more other request that seem to take up our time. Maybe we could improve the delete process here, so the user is well aware this is an irreversible process - we could make them acknowledge it by forcing them to tick a checkbox. Regards Click Studios
  20. support

    GET/PUT methods for Hosts

    Hi tester22, You can certainly do GET requests for Host records (your example above is searching by Host Name with a GET request), but we do not have the ability to do PUT (Update) requests at this time. Regards Click Studios
  21. Hi, Based on the documentation is ts not possible to make GET/PUT requests to Hosts. Preferably the hostname would be the input parameter for these requests: # PowerShell Request $PasswordstateURL = 'https://passwordstate/api/hosts/<HostName>' Invoke-Restmethod -Method Put -Uri $PasswordstateURL -Header @{ "APIKey" = "<apikey>" }
  22. tester22

    Plugin documentation & test

    Great, thanks. Thats exactly what I was after. I already made some changes on my end but will revert back. Will add plugins for SAP NW as soon as this ABAP version is done,
  23. Valentijn Scholten

    Make audit log read only / append only

    A feature requeset to have a recycle bin for password lists is (more or less) here: https://www.clickstudios.com.au/community/index.php?/topic/2311-single-password-password-list-recovery/&tab=comments#comment-5900
  24. Valentijn Scholten

    Single password / password list recovery

    +1, especially because deleting a password lists currently also deletes all associated audit logs.
  25. Valentijn Scholten

    Make audit log read only / append only

    Hi, Recently I noticed that when removing a password list all associated audit log records are also deleted. My opinion is: - An Audit log should be append only. I understand that at some point it might get truncated. - The message currently being displayed when deleting a password list is not making clear the audit log is being deleted as well. I understand that "all related records" is very broad, but in my experience users don't expect audit logs to be deleted. - I will also raise a recycle bin feature request (if not already present). A recycle bin could help if can only be 'cleared' by passwordstate admins. Valentijn
  26. support

    Plugin documentation & test

    Hi tester22, We've made some changes for our Test Script screens today, and hopefully below is what you are requiring - this will be available in the next build, which should be tomorrow?
  27. Earlier
  28. support

    Plugin documentation & test

    Hi tester22, Are you referring to our 'Test Script Manually' feature in the UI? If so, if you specify the parameters in the following format, then the Generic Field will show on the test script screen -GenericField1 '[GenericField1]' If you like we can change this so -Client '[GenericField1]' also works, but on the screen the field name would be called Generic Field 1 - maybe we can see if we can name this Field properly, based off -Client (we'd need to somehow extract this name from the script, and rename it). Let us check if this would be possible at all. Regards Click Studios
  1. Load more activity
×