Jump to content

support

Administrators
 View Profile  See their activity

  • Posts

    5,085

  • Joined

  • Last visited

  • Days Won

    318

 Content Type 

Posts posted by support

    Can't retrieve password from API Key

    in Community Support

    Posted

    Hello,

     

    Please see responses below:

     

    - how can I only allow the System API key to read passwords from one certain folder? or is it possible? Unfortunately not

    - do we support multiple system-wide Generic API keys? No we do not have a feature for that sorry

    - is it possible to only grant the `retrieve passwords` permission to the System API key? - you can change those settings on the properties of each Password List

     

    Have you had a look at the Windows Integrated API - can you instead use that in your environment?

    Regards

    Click Studios

    Can't retrieve password from API Key

    in Community Support

    Posted

    Hello,

     

    APIKeys on folders are not used to retrieve passwords from Password Lists nested beneath the folder. They are only used for managing permissions on the Folders.

     

    To retrieve passwords, you can create a APIKey per Password List, or use the System Wide API Key.

    Or you can use the Windows Integrated API, which does not need API Keys.

    Regards

    Click Studios

    Under what conditions can Passwordstate reach out to the internet?

    in General Hints and Tips

    Posted

    There are a few conditions Passwordstate may want to reach out to the internet, all of which can be disabled if desired:

     

    Scenario #1: It can contact our clickstudios.com.au website (13.75.255.213), to check an xml file for any new builds available.

    Configure Location: Administration -> System Settings -> Check for Updates

     

    Scenario #2: If you use DUO Authentication to authenticate into Passwordstate, this can reach out to the DUO API which is duosecurity.com

    Configure Location: Authentication for DUO is found under Administration -> System Settings -> Authentication Options

     

    Scenario #3: If you use SAML for authentication, this can reach out to the internet. Examples are using Azure or Google as your SAML provider, and the locations Passwordstate need to reach out to are dependent on which SAML provider you use.

    Configure Location: Authentication for SAML is found under Administration -> System Settings -> Authentication Options

     

    Scenario #4: If you use the HaveIBeenPwned feature in Passwordstate, to check for known bad passwords, Passwordstate can reach out to https://haveibeenpwned.com/ API via the following URL: https://api.pwnedpasswords.com/range/

    Configure Location: Administration -> Bad Passwords

     

    Scenario #5: If you use Yubico One Time Passwords  for authentication, which will need to reach out to yubico.com

    Configure Location: Authentication for Yubico OTP is found under Administration -> System Settings -> Authentication Options

     

     

    As long as you do not require connection to any of the options above, then you welcome to block access to the internet from your Passwordstate server.

     

    Regards,

    Support

    Load on Demand - Passwordstate performance tweak

    in General Hints and Tips

    Posted

    Issue:

    one or more users logs into Passwordstate, and they notice a long delay for the initial webpage to render.  You many notice this delay of up to 30 seconds or more before all the folder and Password Lists are displayed.

     

    Cause:

    Each folder of Password List you see in the navigation tree requires a small bit of HTML to render.  The more Folders and Password Lists requires more HTML, and with thousands of these objects, your browser could be rendering 10 to 20 megabytes of data each time you log in.

     

    Fix:

    For an affected user, get them to go to their Personal Preferences page, and enable Load On Demand.  Log out and log back in again, and the performance of their initial load times should increase drastically:

    2024-03-28_11-54-11.png

     

     

    Apply Load on Demand to All Users:

    It's possible to use a User Account Policy to force some, or all users to use Load on Demand.  If you have not used the User Account Policy feature before, this blog post explains what they are, and how to set them up:  https://blog.clickstudios.com.au/develop-user-account-policies/

     

    In your User Account Policy, setting #A11 is where you enable Load on Demand:

    2024-03-28_11-57-25.png

     

     

     

    Regards,

    Support

     

      

    Update Field IDs for all shared password records with matching URLs

    in Passwordstate API

    Posted

    This API script in Powershell is designed to update the Field IDs for any password records with a matching URL.  It designed as a quick way to bulk update multiple records that are used with the Browser extension, instead of manually updating every record you have in the system.  This will help with the autofill feature in the browser extensions. 

     

    2024-03-14_13-14-12.png

     

    The script will return all shared passwords in the system, and filter only the records with the URL of your choice.  It will then update those records with the Field ID value of your choice.

     

     

    You only need to modify the first four lines in the script. 

     

    Line 1 is your Passwordstate URL

    Line 2 is your System Wide API key which can be found/generated under Administration -> System Settings -> API tab

    Line 3 is the value of the URL in any password records that you want to update

    Line 4 is the value of the FieldID that you will be updating any password record with

     

    --------------------------------------------------------------------------------------------------------------------------------------------------------

     

    $PasswordstateURL = "https://passwordstate.clickdemo.com"
    $APIKey = "5347c386f9bad2edc2ef9563a874b33e"
    $MatchingURL = "amazon.com"
    $FieldValue = "ap_email"


    $QueryAllPasswordsURL = "$PasswordstateURL/api/passwords/?QueryAll&PreventAuditing=false"
    $passwords = Invoke-Restmethod -Method GET -Uri $QueryAllPasswordsURL -Header @{ "APIKey" = $APIKey }

    foreach ($password in $passwords)
    {  
      $passwordID = $password.PasswordID
      $URL = $password.URL

      if ($URL -match $MatchingURL)
      {
        $Body = @{
        
             PasswordID = $passwordID
             WebUser_ID = $FieldValue
                 }
        
        # Convert Array to Json
        $jsonData = $Body | ConvertTo-Json


    $UpdateURL = "$PasswordstateURL/api/passwords"
    $result = Invoke-Restmethod -Method Put -Uri $UpdateURL -ContentType "application/json" -Body $jsonData -Header @{ "APIKey" = $APIKey }

       }

    }

     

    --------------------------------------------------------------------------------------------------------------------------------------------------------

     

     

    Regards,

    Support

     

     

     

     

     

    Turn off Active Directory Security Group Debugging

    in General Hints and Tips

    Posted

    Issue:

    There are a couple of pages in Passwordstate where you can turn on debugging, to help troubleshoot issues.  Leaving this turned on will increase the size of your database, so best practice is to turn this off if not using the feature.  You can also purge all debugging data to clean up your database.  Below are the areas you can turn off debugging:

     

    Main Passwordstate Security Groups:

    2024-03-14_10-41-32.png

     

    On this page turn the debugging off, and purge the data is desired:

    2024-03-14_10-42-03.png

     

     

    Password Reset Portal Security Groups - This is an additional module that you may not have purchased:

    2024-03-14_10-42-47.png

     

     

     

    Regards,

    Support

     

     

    iOS app

    in Community Support

    Posted

    Hi MikaV,

     

    We've just tested this with the latest iOS version, and we do not see any crashes when trying to sync data.  We think this might be some sort of corrupt data in your system, or possibly a bug in the version of Passwordstate you are running.  If you are not running the latest build of Passwordstate, can you upgrade by using this guide and test again?  https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf.  (Specifically in build 9753 the App would crash if you had individual permissions to passwords in Passwordstate, so if you are running an older build than that, an upgrade could certainly help)

     

    If the upgrade doesn't help, do you know if this is happening for all users?  Or are you able to add in a test user into Passwordstate, and try pairing that user to your phone?  Does that work?

     

    You are more than welcome to log a support call with our us via this page below, and we can work with you to get this resolved in a more private setting, if you like?

     

    https://www.clickstudios.com.au/support.aspx

     

    Regards,

    Support

     

     

    User-based API Keys

    in Feature Requests

    Posted

    Hi Ben,

     

    Thanks very much for your request.

     

    We assume our Windows Integrated version of the API is not appropriate for you, as this does not require API Keys, and gives the user the exact same permissions as per when they are logged into the UI?

    Regards

    Click Studios

    Use browser Developer Tools to capture network traffic for Browser Extension

    in General Hints and Tips

    Posted

    Issue:

    You are trying to configure the Passwordstate browser extension but are getting a Connection error, server not available error message, or Error, connection timed out and the browser extension icon stays Red in colour

     

    Troubleshooting Steps:

    Please follow this process below to capture the network traffic when this issue occurs, and forward that onto Click Studios support for analysis.

     

    Step 1:

    Click on the Manage Extensions button

    2024-02-23_9-50-05.png

     

     

    Step 2:

    Enable the Developer Mode option, and then click Background.html link, and this will open a separate browser window with the developer tools

    2024-02-26_9-19-19.png

     

     

    Step3:

    Log into Passwordstate, then try Logging into the extension

    2024-02-23_9-52-23.png

     

     

    Step 4:

    This will generate some traffic under the Network tab in the Developer tools window.  Save the output to a .har file and forward that onto Click Studios support to look at.

    2024-02-23_9-52-42.png

     

     

    Regards,

    Support

     

     

    Host Folders via API

    in Community Support

    Posted

    Hi Mordecai,

     

    The only other API functionality we think we'll be adding at this stage is related to documentation, specifically searching for documents.  No changes will be made to existing API code so your existing scripts won't be affected, and we'll be releasing the first build of Passwordstate 10 as a beta to all users.  Normally we'll run the beta for about 2 months and fix any issues that were reported before the first stable version is released.

     

     

    Regards,

    Click Studios.

     

     

     

    Run Pwned Compromised Report across the whole Organization (including private lists)

    in Feature Requests

    Posted

    Hi Guys,

     

    On the screen Administration -> Reporting, you can run this report across all shared Password Lists, but not private. Please be aware this report can take a very long time to run, dependent on how many password records you have.

     

    The reason we do not allow this for Private Password Lists, is because we do not wish to expose any information to Security Admins for private lists i.e. Title, Username, etc. This is also why you cannot see auditing data for Private Lists.

     

    Owners of Private Lists can run this report themselves, from the List Administrators Actions dropdown list on each Password List.

     

    Regards

    Click Studios

×
×
  • Create New...