Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 04/20/2023 in Posts

  1. Arturs

    Dark mode in UI

    Hello, From time to time users are asking if there is a "Dark Mode" available in Passwordstate themes. It would be a nice feature for improving the user experience.
    5 points
  2. support

    Passkeys

    Hi Everyone, Build 9849 of Passwordstate has been released, along with a new version of our Browser extensions for Chrome, Edge and Firefox that now supports Passkeys. The browser extension versions are also 9849 and should have automatically updated in your browser. Currently this is a beta build of the Passkeys functionality, and we'd appreciate if you notice any bug to please log a support call with Click Studios via this page: https://www.clickstudios.com.au/support.aspx You'll need to upgrade your core Passwordstate application tot he latest build by following this guide: https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf Once upgraded, you'll find a new section in the Help -> Browser Extensions Manual called "Web Authentication Passkeys" that will help understand how to use this new feature. Supported website can be found at this link: https://passkeys.directory/ Thanks to all for your feature request, and if you run into any issues with it, or have any questions, please let us know! Regards, Support
    3 points
  3. Hi Guys, We've finished this feature, and it will be available in the next build - about 1 to 2 weeks time. Regards Click Studios
    3 points
  4. I request a Passwordstate add-on for Splunk. The add-on should aid organisations in parsing the syslog ingested from Passwordstate, in line with Splunk Common Information Model (CIM).
    2 points
  5. We would like the ability to use our Yubikey (FIDO 2) to authenticate with the browser add-on instead of a Master Password set in Passwordstate. Our users get confused having their domain credentials for logging into Passwordstate portal then separate master password for the browser addon. Would like to replace master password with yubikey auth.
    2 points
  6. Hi Guys, We will be making this change for version 10, which we're currently working on. Regards Click Studios
    2 points
  7. support

    Host Folders via API

    Hello, This functionality will be coming in version 10, which we are currently working on. Specifically, the following - at this stage we do not have a release date for V10 though. Hosts 1. Adding a Host record 2. Deleting a Host record 3. Searching for Host records Host Folders 1. Add Host Folder 2. Delete Host Folder 3. Search Host Folder 4. Add Host Folder Permissions 5. Delete Host Folder Permissions 6. Add Host Records into Folder 7. Remove Host Records from Folder Remote Session Credentials 1. Add Remote Session Credential 2. Update Remote Session Credential 3. Delete Remote Session Credential 4. Search Remote Session Credentials 5. Add Remote Session Credential Permission 6. Delete Remote Session Credential Permission 7. Search Remote Session Credential Permissions Regards Click Studios
    2 points
  8. Sarge

    Custom Reporting

    It would be fantastic to be able to customise what fields are included in the reports that can be scheduled. For example a Password List used to store SSL certificates with a number of custom fields; currently the report only shows the title and expiry date as we don't use any of the other default fields - we'd love to be able to select which fields to show on the report (exclude empty fields and include custom fields). If they could be scheduled from the administration area as well rather than in a specific users context that would be great as well so all administrators can see/modify the reports easily. If the wording of the report email could be customised in the same manner other email templates are. Ability to allow users to run reports without giving them the reporting security administrator role. (We have separate accounts for security administrator roles).
    2 points
  9. Just heads up we are hoping to get Version 10 out by the end of quarter 2, 2024 now. This date may still change, depending on development hurdles. Regards, Support.
    2 points
  10. support

    Passkeys

    Just a heads up everyone, we are currently working on this feature, and will report back here once complete. Thanks, Click Studios Support.
    2 points
  11. Hi Everyone, We have released a new build of Passwordstate today, build 9823 which should fix this issue. We have also had to submit a new extension to each of the stores, so you'll need to wait until your browser automatically updates those extensions before testing this again. Chrome and Firefox seem to be pretty instant in terms of approving the new extensions, but Edge seem to work on a 7 day schedule...Date of writing this post is 19th October in Australian time. Please let us know if this doesn't help! Regards, Support
    2 points
  12. Hello Valentijn, This feature will be coming in version 10. Regards Click Studios
    2 points
  13. Hi Guys, We are working on synchronizing Azure AD user accounts and security groups in version 10, which we believe will somewhat help with this feature request. With SAML authentication, you can also use Azure MFA for this already as well. Regards Click Studios
    2 points
  14. It would be great to be able to include attachments in self-destruct messages. For example, send an SSL certificate and the password to access it both in a self-destruct message.
    2 points
  15. I would very much like to have a complete list of configurable default settings in a spreadsheet format listed by feature/section. This would enable the opportunity to document and keep track of all changes over time. Thank you, Rene
    1 point
  16. Within Password State it would be handy to be able to publish a broadcast message which will placed on a logic visible location, like in the top bar of the password state UI, this way all password state users will be able to see the message. For example, to heads-up on an upcoming password state maintenance window due to application upgrade and/or OS updates. Currently maintenance window outage notifications can only be send using email, but, this is less and less being used as a common communication method. Example is how gitlab has introduced this feature Broadcast messages | GitLab which you can utilize within GitLab Maintenance Mode | GitLab
    1 point
  17. Hi there! Is there any roadmap for upcomming Passwordstate releases/features for 2024? I've read a few times there is upcomming a Passwordstate V10 Major Version. Are there any plans for that? Greetings!
    1 point
  18. Inevitably someone had to bring this one up. In the current interface, the tab bar with the "Passwords", "Hosts", "Administration", doesn't play nice with the most pervasive Dark Reader extension, so just making that play nice would make it look okay for Dark Reader users. But a native dark theme would be wonderful.
    1 point
  19. A customer has requested the following functionality: "Would be great to be able to manage\modify and delete password lists via API.". Specifically fields and settings on Password Lists. Regards Click Studios
    1 point
  20. API Keys - Timestamp them at creation so that we can report on the age of each API Key (It will help us ensure we rotate API keys as per our company policy)
    1 point
  21. Folders can only be created via the system wide API key, same goes for adding Password Lists from a Template to the folder. We need a way via API to add folders, add password lists from template, add/modify/remove password list permissions and have the API user NOT be able to read/change any passwords in existing password lists. We tried the Windows Integrated Auth API, unfortunately to be able to see if the folder already had a password list required us to give that API user View permissions on the Password List Template or Password List which also allows them to view any password records in that list. As a large organization, we try our best to follow the least privilege model including API users.
    1 point
  22. Please add TOTP secret key change history to Passwords. Please add audit logging for when the TOTP secret key is revealed/viewed/copied (just like passwords are) This is important because in a system with 700+ users, if someone accidentally edits the TOTP secret key or removes it, there is no way to recover it and you might be permanently locked out of an account, if that account does not have any other 2FA methods configured. Some enterprise systems like Microsoft Entra do not issue TOTP one-time account recovery codes. When users share passwords that have TOTP enabled on them, the TOTP secret key could be copied to a different authenticator app. Since the TOTP secret key is sensitive it should be treated like a password from an auditing and who knows it perspective.
    1 point
  23. Hello Robert, Yes, we have information in the following manual - just search for kerberos - https://www.clickstudios.com.au/downloads/version9/Passwordstate_Remote_Session_Management_Manual.pdf Regards Click Studios
    1 point
  24. Hi Ralph, The following in the API documentation will help with this. Regards Click Studios
    1 point
  25. We would like to see native authentication options within the browser extension as on Passwordstate Web Portal. To be more specific, the browser extension should perform the exact same authentication flow as when trying to login to the web portal. Users within an organization should generally not handle any kind of "Master Passwords" with some very rare exceptions. Instead most (and probably all larger companies) try to create a unified authentication experience with some IDPs like AzureAD. In our case we integrate using SAML2 with AzureAD, where authentication, SSO, MFA, device compliance check and so on is performed. We do this for all internal applications in our organization and it´s the best suitable and manageable way with a great user acceptance. Handling master passwords would be a security concern because users could simply store those password in an text file on the desktop f.e. which is practically impossible to control / audit. As we are humans, something like this will happen. It is also a security concern as this eliminates the MFA / device compliance process in our case. Also this is not a comfortable way and user acceptance of the browser extension is very limited. In our organization users prefer to login to Passwordstate web portal and copy the credentials they instead of managing a master password. I understand that changing this behaviour is a lot of work because of existing API architecture and so on, but at least in my opinion this is the most needed feature from all.
    1 point
  26. Feature request: Master list, not necessarily per-user based, whereby aliases / "Similar" URL's can have access to the same password. For example, Office 365 can use those credentials across MANY different URLs, including: office.com office365.com live.com outlook.com sharepointonline.com microsoft.com - These all point to various Microsoft pages / portals, and are frequently be based on the same Microsoft ID (same password entry). - In some cases, you might use one URL to get into a site, and depending how you log out, you might end up at a different URL for re-entry in. Request is to be able to map these aliases across the entire password system as a default. There is always a concern that this list be compromised - if the overall system considered a fraudulent site as an acceptable alias, there would be deep concerns of compromised credentials.
    1 point
  27. 1 point
  28. Hello, Thanks for your request. Please be aware though that under no circumstances do we send credentials to any third party services, including Have I Been Pwned. Please see there documentation here, for how their API works - https://haveibeenpwned.com/API/v3 Regards Click Studios
    1 point
  29. Digital Dynamics

    Passkeys

    Passkey adoption, Passkey Manager and integration into the App would be fantastic!
    1 point
  30. Issue: You are trying to configure the Passwordstate browser extension but are getting a Connection error, server not available error message, or Error, connection timed out and the browser extension icon stays Red in colour Troubleshooting Steps: Please follow this process below to capture the network traffic when this issue occurs, and forward that onto Click Studios support for analysis. Step 1: Click on the Manage Extensions button Step 2: Enable the Developer Mode option, and then click Background.html link, and this will open a separate browser window with the developer tools Step3: Log into Passwordstate, then try Logging into the extension Step 4: This will generate some traffic under the Network tab in the Developer tools window. Save the output to a .har file and forward that onto Click Studios support to look at. Regards, Support
    1 point
  31. support

    Host Folders via API

    Hi Mordecai, The only other API functionality we think we'll be adding at this stage is related to documentation, specifically searching for documents. No changes will be made to existing API code so your existing scripts won't be affected, and we'll be releasing the first build of Passwordstate 10 as a beta to all users. Normally we'll run the beta for about 2 months and fix any issues that were reported before the first stable version is released. Regards, Click Studios.
    1 point
  32. There is a STIG requirement to reset KRBTGT password every 180 days: The password for the krbtgt account on a domain must be reset at least every 180 days. (stigviewer.com) It would be nice to be able to have Passwordstate handle this in the recommended manner; which is to reset the password twice with at least a 10 hour pause between each reset. AD Forest Recovery - Resetting the krbtgt password | Microsoft Learn We're currently doing this through a custom script and the API; but native support would be appreciated.
    1 point
  33. Unfortunately, that's what I thought - hence, feature request! In a MSP environment, or when handling multiple clients, this feature would be crucial for usefulness. Eg: We've got approx 60 Office 365 accounts in our Passwordstate intsance. Having to create and maintain the appropriate aliases for each of these accounts would be a challenge. Same with some multi-domain vendor sites, partner sites, toolsets, etc....
    1 point
  34. Hello, The follow feature on password records should help with this - this is a feature we use internally quite a bit as well. Regards Click Studios
    1 point
  35. support

    Dark mode in UI

    We are trying to work on this for version 10 guys. It's an enormous amount of work, with over 400 pages to update and test, tweaking of all the Telerik controls, as well as a series of new icons. We are going to need to also limit some UI customizations in V10 for this new theme, so it does not alter the aesthetic of it. Regards Click Studios
    1 point
  36. Hello, We do have a feature for this already. If you have specified generic fields on your Password Lists to store additional data, you can map these fields in the browser extension. Please see following document which describes the field mappings - https://www.clickstudios.com.au/downloads/version9/Browser_Extension_Manual.pdf Regards Click Studios
    1 point
  37. Hi Everyone, This unfortunately is a bug in 9811. In this build, we upgraded the .dll library we use to zip up the backups, and for some reason this new library won't zip the file because it found a new file that is in use within the Passwordstate install folder. Only some of our customers are seeing this. We'll have this patched in the next build of Passwordstate we release, but for now please contact support and we can give you the custom instructions that KC_BREC mentioned above: https://www.clickstudios.com.au/support.aspx Regards, Support
    1 point
  38. support

    Free license no response

    Hello mfc, We've just responded to your request, asking for the desired Registration Name for your license keys - below is an example of what we request from all customers, and we need you to fill out these details. "I would like to continue using the Free 5 User version of Passwordstate, and are requsting a license key made out to the following Registration Name: Registration Name: <Enter Your Desired Registration Name Here> " Regards Click Studios
    1 point
  39. support

    Export One Time Codes

    As of build 9360 One Time Codes cannot be exported from the system, when exporting passwords from a List. This feature request is to add in OTP codes when performing an export to CSV.
    1 point
  40. We think the current method of alerting when a specific password is used/accessed has some limitations: The description field is easily edited and engineers may not realise that changing the description will break alerting. It seems you need to select each password list – which is difficult to remember when adding new password lists. As an MSP where we add new password lists for customers all the time, this is again prone to human error and being missed. A better approach would be to: Enable the report for all password lists, even newly added ones. Filter the alert based on either specifically selected password list entries, or based on the username of the entry, allowing for the fact that across different customers, the UPN suffix would be different.
    1 point
  41. We use PasswordState with the Devolutions product Remote Desktop Manager and have spent about a year working with them on changes to incorporate the new OTP API call you integrated last year. They have pointed out a shortcoming between the two products that they are asking me to pass along. Because the OTP is a time sensitive response, the time in which it can be used or injected into a session causes an issue for useability. Could the API pass two details back: 1. The OTP result (As it is now) 2. The time remaining for valid use? #2 s subjective on the return, milliseconds may be better since its far more accurate than second, a time code to expiration would work but any differential in the time on the system making the request could make this a problem. I'm worried about backwards compatibility so we are not sure if it would be an entirely new endpoint, whatever you come up with will be helpful!
    1 point
  42. OA1

    Get folderpermissions

    Can you create an API endpoint to get the permissions of a folder?
    1 point
  43. support

    App server uninstallation

    Hello Mark, We need to update the wording on this screen, as it has not been done since we've added the App Server feature. The message is referring to the 'Primary Server' Server Role, you see on this screen. So there are no issues with you deleting the App Server role here. Regards Click Studios
    1 point
  44. Hello, The forums is designed for customers to help each other out, and please log your support ticket here if you require some help from us - https://www.clickstudios.com.au/support.aspx Regards Click Studios
    1 point
  45. Sarge

    Custom Reporting Mails

    +1 Would be great to have far more flexibility in Email Templates & Reports so that they can adhere to the organisations standard email template for things such as notifications, outages etc. Being able to use HTML in the templates so we can embed images.
    1 point
  46. Hi Guys, We plan on working on this for version 10, which we're currently working on. Regards Click Studios
    1 point
  47. I would like to request the option to silently install PasswordState so I can incorporate it into an automated deployment. There used to be a PowerShell Script Clickstudio provided to make this happen in the past but sounds like it is no longer supported with the new MSI installer. Once the unattended options are worked out and can be passed to the MSI installer, then it can easily be added to a Chef cookbook, packaged up in a Chocolatey package, or any automated packaging system. I rely on being able to quickly build out test environments to test new features of passwordstate. Maybe a more futuristic request is to provide a VM appliance of the passwordstate that we can drop into our environment and wire back into our existing DB data....or maybe create a container version of the service would be cool. This may already be in your roadmap for the product eventually but I'm seeing allot of our IT tooling starting to be available as containers options. Just incase you got that crazy dev that wants to do that you should let them investigate that setup. 🙂
    1 point
  48. Topic: In this forum post we'll describe how you can update multiple records with the same password, by using a Password Reset Dependency and a Powershell API script. Passwordstate has the ability to copy and link password records between two Password Lists, but this means everything with these two records is identical, including the username. If you have some requirement to have the same password to log into two different systems, but with different usernames, this forum post will guide you how to do this. First, let's take a look at these two Password Records. Our goal here is to trigger a reset on "Passwordstate Service Account" record, and then have our API script automatically update the "Passwordstate Sharepoint Account" password to be the same value. Take note of the PasswordID for this second record: Now, let's browse to the Powershell Password Resets page: Add a new Blank Script: And then click on this new script to open the editor. Paste in the code of your choice. The code in this screenshot below will be copied in at the end of this post for your reference. In the screenshot below, you can see you have a number of Variables you can insert into your script. These values are pulled directly from the master Password Record, and in this example, I'll be using the [NewPassword] variable. This just means, when the password for the master record is reset through the User Interface, then that new password it is reset to will be passed to your script: We'll now add in a new Password Reset Dependency on the master record: Click the Add Dependency button: And select the Custom Script you wrote. Also, ignore the Windows Account Dependency type, and Save this config: The Master Password now has "1" dependency, and triggering a Password Reset on this master record will proceed as per normal and queue up the reset. In this example, it's also going to reset the password for the account in Active Directory: Once the master password has successfully reset, it will trigger your Powershell API Script, which in turn triggers a new password reset on the Sharepoint account: And the end result of the two successful Password Resets, means these two separate accounts, will have the same password: Powershell Code to Update an Existing Password, using the Standard API (Requires API Key) $PasswordstateUrl = "https://passwordstate.clickdemo.com" # Define values for the Password List in below array $Body = @{ PasswordID = "1045" Password = [NewPassword] } # Convert Array to Json $jsonData = $Body | ConvertTo-Json # Execute the command $FullUrl = "$PasswordstateUrl/api/passwords" Invoke-Restmethod -Method Put -Uri $FullUrl -ContentType "application/json" -Body $jsonData -Header @{ "APIKey" = "8c5423d3e9a7bf6ad6cf8e457392b3d6" } Regards, Support
    1 point
  49. We would like to request the same. We have been using PasswordState for a long time (8 or 9 years?), and have added it to our SIEM for correlation. The major issue is that the Syslog messages are far too "English" to be easily parsed with Regular Expressions. Having an option to send the data in a structured, machine parsable, way would make ingestion into a SIEM much easier. We don't really care which standard is followed, so long as it is consistent. Formats typically supported by SIEMs are: LEEF CEF JSON Key Value Pairs (key1='value1' key2='value2' or key1: value1; key2: value2) We would be looking for the following information in the logs (not necessarily in this order): For password operations: Operation Performed Who performed it (domain\user or user@domain.net, display name is optional, or API) Client IP/hostname Result (Success/Fail) Full path to password list (group/folder structure) PasswordList ID PasswordEntry Title PasswordEntry ID PasswordEntry Username For authentication events: Authentication could be split across multiple logs Authentication against Primary Authentication Server Authentication against additional Authentication server (eg. MFA, token, etc) For these we would expect Authentication Server Name Authentication Method (AD, LDAP, SAML, OAuth, etc) Auth status (success/fail) Auth status reason (if available) eg. account locked, account disabled, account does not exist, etc For host operations: Operation Performed Who performed it (domain\user or user@domain.net, display name is optional, or API) Client IP/hostname Result (Success/Fail) Full path to host (group/folder structure) HostEntry ID HostEntry Hostname HostEntry Site HostEntry IP Connection Port Some additional information may be useful, but this would be among the minimum critical information. Hopefully enough people are interested in this to make it happen. Regards, JohnB
    1 point
  50. Hi Folke My final solution (workaround) in this case was to update the guide directly in the database, below some snippets from my Powershell script. I have to say, that this is very dangerous and can lead to a corrupt database if you're doing something wrong! So be very careful with this!! $global:PasswordstateSystemWideAPIKey = ''; Import-Module SQLPS -DisableNameChecking Push-Location cd SQLSERVER:\SQL\localhost\DEFAULT\Databases\passwordstate Function UpdateGuideOfPasswordstatePasswordlistOrFolder() { Param ( [Parameter(Mandatory=$True,ValueFromPipeline=$False,ValueFromPipelinebyPropertyName=$False)] [String]$Id, [Parameter(Mandatory=$False,ValueFromPipeline=$False,ValueFromPipelinebyPropertyName=$False)] [String]$Guide ) Begin { $Guide = ConvertTextToHtml -text $Guide } Process { $Header = @{ APIKey = $global:PasswordstateSystemWideAPIKey } try { $query = $("UPDATE PasswordLists SET Guide = '" + $Guide + "' WHERE PasswordListID = " + $ID) Invoke-Sqlcmd -Query $query } catch { Write-Host $_ -ForegroundColor Red Write-Host $_.GetType() -ForegroundColor Red Write-Host $_.Exception -ForegroundColor Red throw $_.Exception } } End { Write-Output ($result | Where-Object { $_.TreePath -eq $Tree }).PasswordListID } } Function ConvertTextToHtml() { Param ( [Parameter(Mandatory=$True,ValueFromPipeline=$False,ValueFromPipelinebyPropertyName=$False)] [String]$text ) Begin { } Process { $html = $($text -replace "\n", "<br>") } End { Write-Output $html } } $dummyGuide = @" This Is A Test Guide Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. "@ UpdateGuideOfPasswordstatePasswordlistOrFolder -Id 123456789 -Guide $dummyGuide Pop-Location Best regards, Fabian
    1 point
×
×
  • Create New...