Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


support last won the day on April 16

support had the most liked content!

About support

  • Rank

Contact Methods

  • Google Plus Account

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

6168 profile views
  1. support

    Offline Access

    We agree, which is why we have not implemented this yet, but we keep getting requests for it So we would need to provide this as an option, so customers can enable/disable as required. Currently we do not have the ability to export all passwords the user has access to, and we think they would prefer a nicer option than a password protected zip file - not really that usable on mobile phones. Regards Click Studios
  2. For anyone that is looking at setting up a Nginx proxy with Passwordstate, we have received some information below from another customer which may help. Big thanks to Brandon for this:) Here at Click Studios, we have never set up one of these proxies ourselves, but hopefully the information Brandon has provided us can help point you in the right direction, if you are running in to any issues. If anyone would like to add anything to this, please feel free to do so. Example of Config for Nginx: ------- server { listen ssl http2; server_name passwordstate.proxy.com ; location / { proxy_pass; proxy_set_header Host internalpasswordstate.server.domain; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } ------- Brandon has given this detailed explanation of each of the above settings: " Listen (this is the proxy IP, sits behind behind firewall on DMZ) Server_Name passwordstate.proxy.com (public domain with certificate, let's encrypt works fine, dons points to public IP of firewall, proxy server will look for this server name for any packet forwarded to it's ip from the firewall, only 80 and 443 are forwarded) Listen / (Just tells proxy to list on root of server name so passwordstate.proxy.com/ ) Proxy pass (Internal IP of passwordstate server, if it's in different subnet firewall rules must allow traffic to and from proxy server to password state server to port 9119) Proxy_set_header Host internalpasswordstate.server.domain (This allows the passwordstate server to keep its existing dns name, just changes the packet headers to match, important otherwise you can't login) Last two lines are for forwarding the real IP address for logging. All the rest of nginx setup, like specifying ssl certificate and what not I didn't include but thats pretty standard. I'm happy to send more details on anything. Once I had set the X-Fordwarding in the Password state administrator and rebooted, IP's did start to show correctly for Web. "
  3. support

    How to disable SAML while locked out ?

    Thanks for the forum post and the solution to this was to recover the emergency access password, and reverse out the changes using the emergency login. For anyone else reading this, we managed to work with olbaid over email to do this:) Regards, Support
  4. support

    Offline Access

    Hi Sarge, We believe the customer's request was to export all passwords they have access to, in some sort of offline manner - so we don't think checking out all passwords would necessarily work in this instance. Not sure if there is any ideal solution for this. Regards Click Studios
  5. support

    Offline Access

    A customer has requested an offline version of Passwords a that you have access to, in the event you are out at a site with no internet access. The idea being your export some data to a local file on your phone, or tablet etc before you go to site, and you'll be able to search through this file for passwords with out having connectivity to your Passwordstate web site. We haven't thought ourselves about a secure way we can do this yet, but if we get enough interest in this we'll look into it sooner rather than later. If this is something that you think you'll benefit from, please give it a thumbs up here, or any comments you like to help us understand how our community could use a feature like this? Regards, Support
  6. support

    Added AD Users for password Reset portal

    Hello, We've just finished some testing on this, and while it picks up computer accounts when searching for AD users, it will not cause any issues with the Security Group Synchronization process - computer objects are not returned when we enumerate a Security Group. We'll look into what's involved to exclude these from the search, and for now, please don't add those objects into the database. Regards Click Studios
  7. support

    Search for Compromised Passwords

    Hi Parrishk, You cannot search for the value of the passwords in Passwordstate, as it's an encrypted field. If you go to the screen Administration -> Reporting, and run the report 'Passwords Strength Compliance Status', the last column on this grid is 'Bad Password', and that will highlight if there is a bad password match - but we do not reveal the password here. If you need to search for the values of Passwords, then your only real option here is to export all password to the password protected zip file, and then search through the CSV - although, this would be for Shared Password Lists only, not Private. Regards Click Studios
  8. support

    Authentication with Okta issues

    Hi Stephen, If you want all user to use SAML authentication, then you need to select this on the screen Administration -> System Settings -> Authentication Options tab - are you saying it's "greyed out" on this screen, as I'm not sure this is possible? Can you also explain a little further what you mean by 'Forms based authentication prompt'? Is this a browser prompt, or one of our login screen UI's? If it's a browser prompt, then possible the incognito mode is causing this, and if you like, you can enable Anonymous Authentication for the site in IIS - when this is enabled, you should never see a browser prompt at all. If you do not want SAML auth for everyone, then you can do the following: 1. Ensure Anonymous Authentication for the site in IIS is disabled, and only Windows Authentication is enabled 2. Then create a User Account Policy on the screen Administration -> User Account Policies, select the SAML Authentication option, and then apply permissions to the policy for the users who are to receive it. If you get browser prompts because of disabling Anonymous Authentication for the site, please reference the following forum post for this - https://www.clickstudios.com.au/community/index.php?/topic/152-why-am-i-being-prompted-to-enter-my-authentication-details/ We hope this helps. Regards Click Studios
  9. Hello TTumbler, Sorry, but we have not implemented this yet - you can vote on this feature request here if you like - https://www.clickstudios.com.au/community/index.php?/topic/2489-api-search-for-documents-by-name/ Regards Click Studios
  10. Hi Everyone, Today we have release build 8670, which includes 13 new updates, and 5 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  11. support

    Plugin documentation & test

    Hello tester22, Just letting you know that we have released build 8670 today, with the changes above. If you are yet to perform any upgrades of Passwordstate, you can use one of the methods described in this document - https://www.clickstudios.com.au/downloads/version8/Upgrade_Instructions.pdf. Probably section '5. Manual Upgrade Instructions' will be the quickest for you. We might also contact you directly to see if we can help you develop these scripts, with proper error capturing - if that is okay with you? Regards Click Studios
  12. support

    GET/PUT methods for Hosts

    Excellent, Glad this is all sorted now:) Regards, Support
  13. Hi ParrishK, We've just updated this in one of the latest builds, and the secret is no longer visible to Security Admins. Please see screenshot below. Security Admins can now clear the key, which will generate a new QR code the next time the user logs into Passwordstate. We've made this change to YubiKey, One Time Password and Google Authenticator authentication types. If you can perform an upgrade this issue will be fixed:) Regards, Support
  14. support

    Single password / password list recovery

    Thanks - we've been meaning to work on this for quite some time now, but it does require updating several hundred calls to the database, and testing them all, across all tiers and modules in Passwordstate. There just seems to be a lot more other request that seem to take up our time. Maybe we could improve the delete process here, so the user is well aware this is an irreversible process - we could make them acknowledge it by forcing them to tick a checkbox. Regards Click Studios
  15. support

    GET/PUT methods for Hosts

    Hi tester22, You can certainly do GET requests for Host records (your example above is searching by Host Name with a GET request), but we do not have the ability to do PUT (Update) requests at this time. Regards Click Studios