support

We agree, which is why we have not implemented this yet, but we keep getting requests for it So we would need to provide this as an option, so customers can enable/disable as required. Currently we do not have the ability to export all passwords the user has access to, and we think they would prefer a nicer option than a password protected zip file - not really that usable on mobile phones. Regards Click Studios

A customer has requested an offline version of Passwords a that you have access to, in the event you are out at a site with no internet access. The idea being your export some data to a local file on your phone, or tablet etc before you go to site, and you'll be able to search through this file for passwords with out having connectivity to your Passwordstate web site. We haven't thought ourselves about a secure way we can do this yet, but if we get enough interest in this we'll look into it sooner rather than later. If this is something that you think you'll benefit from, please give it a thumbs up here, or any comments you like to help us understand how our community could use a feature like this? Regards, Support

For anyone that is looking at setting up a Nginx proxy with Passwordstate, we have received some information below from another customer which may help. Big thanks to Brandon for this:) Here at Click Studios, we have never set up one of these proxies ourselves, but hopefully the information Brandon has provided us can help point you in the right direction, if you are running in to any issues. If anyone would like to add anything to this, please feel free to do so. Example of Config for Nginx: ------- server { listen 192.168.99.99:443 ssl http2; server_name passwordstate.proxy.com ; location / { proxy_pass https://10.10.10.99:9119; proxy_set_header Host internalpasswordstate.server.domain; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } ------- Brandon has given this detailed explanation of each of the above settings: " Listen 192.168.99.99 (this is the proxy IP, sits behind behind firewall on DMZ) Server_Name passwordstate.proxy.com (public domain with certificate, let's encrypt works fine, dons points to public IP of firewall, proxy server will look for this server name for any packet forwarded to it's ip from the firewall, only 80 and 443 are forwarded) Listen / (Just tells proxy to list on root of server name so passwordstate.proxy.com/ ) Proxy pass https://10.10.10.99:9119 (Internal IP of passwordstate server, if it's in different subnet firewall rules must allow traffic to and from proxy server to password state server to port 9119) Proxy_set_header Host internalpasswordstate.server.domain (This allows the passwordstate server to keep its existing dns name, just changes the packet headers to match, important otherwise you can't login) Last two lines are for forwarding the real IP address for logging. All the rest of nginx setup, like specifying ssl certificate and what not I didn't include but thats pretty standard. I'm happy to send more details on anything. Once I had set the X-Fordwarding in the Password state administrator and rebooted, IP's did start to show correctly for Web. "

Thanks for the forum post and the solution to this was to recover the emergency access password, and reverse out the changes using the emergency login. For anyone else reading this, we managed to work with olbaid over email to do this:) Regards, Support

Hi Sarge, We believe the customer's request was to export all passwords they have access to, in some sort of offline manner - so we don't think checking out all passwords would necessarily work in this instance. Not sure if there is any ideal solution for this. Regards Click Studios

Hello, We've just finished some testing on this, and while it picks up computer accounts when searching for AD users, it will not cause any issues with the Security Group Synchronization process - computer objects are not returned when we enumerate a Security Group. We'll look into what's involved to exclude these from the search, and for now, please don't add those objects into the database. Regards Click Studios

Hi Parrishk, You cannot search for the value of the passwords in Passwordstate, as it's an encrypted field. If you go to the screen Administration -> Reporting, and run the report 'Passwords Strength Compliance Status', the last column on this grid is 'Bad Password', and that will highlight if there is a bad password match - but we do not reveal the password here. If you need to search for the values of Passwords, then your only real option here is to export all password to the password protected zip file, and then search through the CSV - although, this would be for Shared Password Lists only, not Private. Regards Click Studios

Hi Stephen, If you want all user to use SAML authentication, then you need to select this on the screen Administration -> System Settings -> Authentication Options tab - are you saying it's "greyed out" on this screen, as I'm not sure this is possible? Can you also explain a little further what you mean by 'Forms based authentication prompt'? Is this a browser prompt, or one of our login screen UI's? If it's a browser prompt, then possible the incognito mode is causing this, and if you like, you can enable Anonymous Authentication for the site in IIS - when this is enabled, you should never see a browser prompt at all. If you do not want SAML auth for everyone, then you can do the following: 1. Ensure Anonymous Authentication for the site in IIS is disabled, and only Windows Authentication is enabled 2. Then create a User Account Policy on the screen Administration -> User Account Policies, select the SAML Authentication option, and then apply permissions to the policy for the users who are to receive it. If you get browser prompts because of disabling Anonymous Authentication for the site, please reference the following forum post for this - https://www.clickstudios.com.au/community/index.php?/topic/152-why-am-i-being-prompted-to-enter-my-authentication-details/ We hope this helps. Regards Click Studios

Hello TTumbler, Sorry, but we have not implemented this yet - you can vote on this feature request here if you like - https://www.clickstudios.com.au/community/index.php?/topic/2489-api-search-for-documents-by-name/ Regards Click Studios

Hi Everyone, Today we have release build 8670, which includes 13 new updates, and 5 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios

Hello tester22, Just letting you know that we have released build 8670 today, with the changes above. If you are yet to perform any upgrades of Passwordstate, you can use one of the methods described in this document - https://www.clickstudios.com.au/downloads/version8/Upgrade_Instructions.pdf. Probably section '5. Manual Upgrade Instructions' will be the quickest for you. We might also contact you directly to see if we can help you develop these scripts, with proper error capturing - if that is okay with you? Regards Click Studios

Excellent, Glad this is all sorted now:) Regards, Support

Hi ParrishK, We've just updated this in one of the latest builds, and the secret is no longer visible to Security Admins. Please see screenshot below. Security Admins can now clear the key, which will generate a new QR code the next time the user logs into Passwordstate. We've made this change to YubiKey, One Time Password and Google Authenticator authentication types. If you can perform an upgrade this issue will be fixed:) Regards, Support

Thanks - we've been meaning to work on this for quite some time now, but it does require updating several hundred calls to the database, and testing them all, across all tiers and modules in Passwordstate. There just seems to be a lot more other request that seem to take up our time. Maybe we could improve the delete process here, so the user is well aware this is an irreversible process - we could make them acknowledge it by forcing them to tick a checkbox. Regards Click Studios

Hi tester22, You can certainly do GET requests for Host records (your example above is searching by Host Name with a GET request), but we do not have the ability to do PUT (Update) requests at this time. Regards Click Studios

Hi tester22, We've made some changes for our Test Script screens today, and hopefully below is what you are requiring - this will be available in the next build, which should be tomorrow?

Hi tester22, Are you referring to our 'Test Script Manually' feature in the UI? If so, if you specify the parameters in the following format, then the Generic Field will show on the test script screen -GenericField1 '[GenericField1]' If you like we can change this so -Client '[GenericField1]' also works, but on the screen the field name would be called Generic Field 1 - maybe we can see if we can name this Field properly, based off -Client (we'd need to somehow extract this name from the script, and rename it). Let us check if this would be possible at all. Regards Click Studios

Hello, Yes, this article is definitely old now. You can no longer select an option for this, and instead you will return to the last selected Node in the tree prior to you logging off Passwordstate. Regards Click Studios

Purpose: When logging into Passwordstate, you can specify which Password List or Folder you would like to start your session from. How do I do This? Under the Preferences Menu -> home page, you have 2 options: 1. Return to the last Password List or Folder I was viewing 2. Return to the Password List or Folder selected below If you have selection #1 checked, Passwordstate will remember the last Password List you were actively looking at, and point your new session back to that List. As some companies have a mandatory Inactivity Time Out in Passwordstate, this option makes it easy to resume from where you left off. If you select Option #2, then you can force Passwordstate to start you from the same Password List every time you log in, like Passwords Home for example.

Hello, Sorry, we're not sure where in IIS you are seeing this restriction, but it is not a default setting for IIS. If you cannot move you install to a new web server, could you please log a support call with Microsoft and they might be able to help you with this - we're simply not sure sorry. Regards Click Studios

Hi Robert, Sorry, we're really not sure as no other customers are reporting this - it is very odd. Maybe we can remote in and take a look at your environment? With the Add Password List Wizard, there is a checkbox on this screen to disable the Wizard. Can you try checking this, cancel the wizard, and then try again to see if it duplicates? If you also use a different browser, does the same issue persist - I'm just trying to rule out any browser extensions which might be causing issues here? Thanks Click Studios

Step 1: Ensure you have prerequisites set up for your web server and hosts, as per this forum post (Once off process) Step 2: Add new Password Record configured as follows: Screen 1: Ensure you configure the below 5 options correctly and enter in the password for the account. If you configure an Expiry Date it will automatically change the password when that date is reached. Screen 2: Ensure you select the correct Privileged Account and the Reset SQL Password reset script. Also confirm the Password Reset Schedule is enabled if you want the password to automatically change when the Expiry Date occurs Screen 3: Confirm the Validate Password for SQL Account validation script is selected

Hello, You can do this on the following screen - we hope this helps.

Passwordstate can work with Azure MFA, using our One Time Passwords authentication option. Here's how to set this up: Step 1: Take note of your emergency password under Administration -> Emergency Access. If you make a mistake during this process, you can reverse out the changes using this password. This video shows how to use the Emergency Password: https://www.youtube.com/watch?v=yP0riGN5Ek4 Step 2: Under Administration -> System Settings -> Authentication Options, choose either Manual AD and One Time Password, or just One Time Password. Save this once you have confirmed your choice. If One Time Password is greyed out, you should consider turning off Anonymous Authentication in IIS. This forum post explains how to modify IIS to do this": https://www.clickstudios.com.au/community/index.php?/topic/2565-enabling-single-sign-on-into-passwordstate/ Step 3: Download and install the Microsoft Authenticator App in your phone from the App Store Step 4: Browse to your Passwordstate website, and on the login screen you should be presented with a QR Code. Scan this into your phone and you should have a functioning One Time Password code you can use to log into Passwordstate We hope this helps and please let us know if you have any questions about this. Regards, Support

Hi Greg, Sorry, but this is not possible - we only support the two fields for now, but are planning on looking into this in the future. Regards Click Studios