Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by support

  1. If you are a Managed Service Provider, please consider the below information which can help you design your Folder and Password List structure, and Permissions. Every company is different so please adjust this to suit your needs. What to consider for Permissions: First thing we’d recommend is using our propagating permission model, which means you set permissions at a top level folder, and those permissions filter down to all nested folders and passwords lists. More info about this can be seen here: https://www.youtube.com/watch?v=7aDttATBA38. Next , consider the three different permission levels you can apply: 1. View permissions allows the users to only view Password Records in a List 2. Modify permissions allows them to view and change the passwords in a list 3. Admin access gives users both of the above but also allows users to change settings on the Password List. This is can be too much access for some companies, as users with admin access could then go in a change permissions, or other sensitive settings like the password strength policy. **Note** A Passwordstate Security Administrator, who has access to the Administration tab, can always administer permissions and settings for folders and Password Lists, even if they do not have access to those items under the Passwords tab. We recommend using Security Groups to apply permissions throughout the software. This ensure better performance and makes it easier to manage permissions instead of applying access for individual users. More information about Security Groups can be seen in this video: https://www.youtube.com/watch?v=iMeslOfz2Rs With this in mind, you could create three different security groups, one for each level of access, as per screenshot below: Setting up Folders and Password Lists: An example folder structure you could use would be to create one top level folder for each customer, and then nest Password Lists underneath that folder which are similar in nature. Then apply View, Modify and Admin access as follows - This means people in the View Security group can see all Passwords, for all customers, and Modify can change passwords for all customers etc: An alternative design you could consider, if you would prefer your permissions to be set up based on Teams, would be to create one security group for each team, such as Help Desk, Desktop Support, Network Support, and apply those permissions to a relevant folder nested beneath the Customer. For this to work, you should set Manual Permissions on the Top Level Customer Folder for all users to have View Access, and then apply Propagating Permissions for each team below. Below are a couple of screenshots to help explain this: Now if I log into Passwordstate as a member of the "Desktop Team", this is what they will see - Notice they only have access to their own folder in each of the Customer folders: More Hints and Tips to help control your folder structure: Tip #1: You could consider locking down the ability to create Folders, or Password Lists in the root of Passwords home. This way, your users will only have the ability to work within their own folder. This can be configured under Administration -> Feature Access -> Folder Options and Password List Options: Tip #2: You can deny users from creating Folder and Password Lists completely, if you want to delegate this control to the Passwordstate Security Admins. This can be set under Administration -> Feature Access -> Menu Access: Tip #3: One tip to save you a lot of time is to plan building one Folder structure with all Password Lists and Permissions set correctly, and then clone that folder for all other customers. This video describes how to do this: https://www.youtube.com/watch?v=g7-j90z4Amc This should help get you started, and if you have any questions about setting up Passwordstate, please don't hesitate to contact Click Studios on support@clickstudios.com.au. Regards, Support.
  2. Hi Bob, Thanks for your request. Wouldn't it be that Tenable needs to integrate with our software? We do have two types of API(s) that they could possibly make calls to for this purpose. We're happy to have a discussion with Tenable if you wish to put them in contact with us. Regards Click Studios
  3. Hi Rene, I just tested this and it works fine in our environments. If a folder is not manually managed, you should get a response that says "Folder of ID 6617 is not configured to have its permissions managed manually...." - do you not see that message either? Maybe contact us via our support page so you can share your script with us? Are you able to get any error information at all with the response? Regards Click Studios
  4. A Passwordstate Security Administrator has access to the "Administration" tab, which allows you to control many of the backend settings in Passwordstate. To get access to this tab, someone must grant your one or more Security Administrator Roles from this menu: If you do not have another Security Administrator that can grant you these roles, then you must log in as Emergency and unlock a restricted feature, which will allow the Emergency Account to grant you these roles. By default this feature is locked down for security reasons. To unlock this feature, please follow these steps: Step 1: Log in as emergency account by appending /emergency to your Passwordstate URL and entering the Emergency password. An example of this URL would look something like this: https://passwordstate.contoso.com/emergency. If you do not know your emergency password, Click Studios can help you recover it by following this forum post: https://www.clickstudios.com.au/community/index.php?/topic/1887-recover-emergency-access-password/ Step 2: When you are logged in as Emergency, go to Feature Access -> Restricted Features and generate a code for this setting: Step 3: Email that code to support@clickstudios.com.au and CC in your manager. We require at least two people from your company knowing that this feature is about to be unlocked, to mitigate against a rogue employee trying to gain access to sensitive information in the system. Step 4: Click Studios support will email you a return code with some instructions on where to set this unlock code. Now you will be able to log in as Emergency again, and go to Security Administrators menu, and grant yourself the required Roles. There is one role for every menu you see under the Administration tab.
  5. Hi CVG, To elaborate a little on the above answer we h=gave, there's no way to edit existing Password Lists your users have, but we do have an option where any new user that is added into the system can automatically get a Private Password List created for them, with the title that you are after. This setting can be found under Administration -> System Settings -> Password List Options: I hope this helps! Regards, Click Studios.
  6. Hello Cvg, Sorry, but you cannot do this on behalf of the user - they need to configure this themselves, as it is a personal choice. Regards Click Studios
  7. Hello Rene, I've had a quick look, and it does seem a couple of properties are missing from the documentation, which we'll fix for the next release. When creating Password List via the API, we do not expose the majority of atttributes, as there are many of them - and then there is also all the different types of fields, and how they can be configured. Because of that complexity, we instead provide options to copy all these settings/fields either from an existing Password List, or Password List Template. Looking at the class definition for this method, the only property that is missing from the documentation was the Guide field. Regards Click Studios
  8. Hi btadams, Unfortunately the script we have for KeePass can't import documents from KeePass, these would have to be done a s a second phase using the API. If you look under the Help -> Web API Manual page, you'll find some instructions on how to upload documents to an existing password record. If you only have a few documents, it may be quicker to manually upload them? Regards, Support
  9. Hi cvg, We do not have an option to move a password record from a shared password list to t private password list. This is for security reasons, as a lot of customers expressed concerns with allowing users to store company passwords in private lists, as they are not visible to management. This was just one way to prevent that from happening. Are you referring to the Browser Extensions by any chance? So a user has accidently saved a website password into a shared list, using our Browser Extension? If so, and if they are using the latest build of the extension, they can set the default password list from their personal preferences: Regards, Support
  10. We're glad you're all back up and running now. For anyone else reading this forum post, those instructions mentioned above are to be followed when moving either your web install or database, and then you should not run into any issues like SOrlando has. We also have much more documentation on the following page as well - https://www.clickstudios.com.au/documentation/default.aspx Regards Click Studios
  11. Hello, With the following instructions to move your web server https://www.clickstudios.com.au/documentation/move-new-web-server.aspx it looks like you missed this step "Now you need to copy the web.config file from your existing installation (found in the root of the Passwordstate folder) to your new installation - this file includes settings for the database connection string, and as of Build 7580, split secrets which form part of the encryption keys". And once the file is copied across, you would modify the database connection string, as explained in this document - https://www.clickstudios.com.au/documentation/move-new-database-server.aspx We hope this helps. Regards Click Studios
  12. Hi Guido, We have customers using this feature all the time, and we've never had this reported before sorry - so we do believe it is generating a proper csv file - if you open in Notepad, you should be able to confirm this. Maybe you could create your own CSV file based off the columns names you see in the one we export? Do any other customers have issues like this in Excel? Regards Click Studios
  13. Hi Guido, Thanks, but we do not see that in the standard version of Excel - each field is separated into different columns. So any other customers using Office 365 see this problem? Regards Click Studios
  14. Hello Guido, That csv template file you provided opens okay for us in Excel. CSV files are meant to be comma separated, and I'm wondering what sort of formatting issue you are seeing? With your import below, I believe you are doing this on the screen Administration -> Password Lists. This is intended to bulk insert into multiple different Password Lists at a time, and you have to specify the correct PasswordListID values here, which it does not look like you have done. If you want to instead import into just one single Password List, you can do this from the Password List itself, under the Passwords tab. Look in the List Administrator Actions dropdown list beneath the grid, and you can import from there - and please use the CSV template from there as well, as you do not need to specify the PasswordListID values in this manner. Regards Click Studios
  15. Hello Tvarvais, We are using update code obfuscation in build 8903, and that DLL is one of our files. Some AV software does flag obfuscated assemblies like this, as they cannot read the contents of the file - which is by design. Can you please setup an exclusion for this file, otherwise you will have issues using Passwordstate. Regards Click Studios
  16. Purpose: You have a list of passwords that are used for higher privileged purposes, and you need to ensure that the passwords being set on those accounts are extra strong. Step 1: As a Security Administrator, go to Administration -> Password Strength Policies, and Add a new policy. Step 2: Under Policy Settings tab, set your policy requirements and ensure the Password Strength Compliance is set to Excellent and the Compliance is Mandatory should be set to Yes. Save your policy. Step 3: Go to Administration -> Password Generator Policies and Add a new policy. Step 4: Ensure this Password Generator Policy meets the minimum requirements of your Password Strength Policy that you created above. ie, minimum of 15 characters, at least one lowercase, upper case and one number. Step 5: On your Password List, assign both your Password Generator Policy, and the Password Strength Policy that you created, and now you will be guaranteed that any password set on any password in this list will meet your requirements. Regards, Support
  17. Hi Scott, We're sorry, but this does appear to be a bug and we will need to fix it in the next release. And we do not have an option to disable AD Synchronization sorry. You could stop the Passwordstate Windows Service, but this would also prevent other processes like sending emails, performing password resets, etc, etc. Regards Click Studios
  18. Hello Rene, Yes we could possibly look at this in a future release for you. We do prioritize our features on customers voting on them, so could you please request this in our Feature Requests section of this forum? Thanks very much. Regards Click Studios
  19. Hi Senzo, We're not exactly sure about AWS for this sorry, but we have had gmail servers working in the past, as well as office 365, so I would guess that it should work. Are there any other customers who have been able to get this to work? Regards Click Studios
  20. Hi Guys, We've just tested SAML autehentication with Azure AD, where the authenticating account was configured for Push Notifications - and it worked nicely Based on that, we are moving this request to Feature Requests - Completed. Regards Click Studios
  21. Hello, Sorry, but we cannot change which Password List is selected as the default when you enter this screen. But there might be a couple of System Settings option to help with this - on the screen Administration -> System Settings -> Password List Options tab. The options are: Hide the Inbuilt Password List Templates from all users - so you can add your own Templates, and not use ours if you don't want to On screens which shows Password List Templates - you can chose to only show Templates that you grant users access to We hope this helps. Regards Click Studios
  22. Hi scottp, No this is not a bug - basically we are synchronizing what's in AD, which is a blank email address. But we do have a feature for this - go to the screen Administration -> System Settings -> Active Directory Options tab, and change the following setting to No - When performing an AD Sync, synchronize the email field for the user (AD attribute is called mail). Now restart the Passwordstate Windows Service to pick up the change immediately. Regards Click Studios
  23. Hello hatface13, We're really sorry, but we cannot explain the inconsistencies you're seeing here, and we've never witnessed it ourselves. The only sort of debugging we have for this is either the Windows Application Event Log on your web server, or the Error Console in Passwordstate - which is within the Administration screen. Regards Click Studios
  24. Hello, Below is the format we are sending syslog messages across, which should be inline with teh RFC for this. strParams = System.[String].Format("<{0}>{1} {2} {3} {4}", priority, AuditDate.ToString(SystemSettings.SyslogDateFormat), IPAddress, " ", "Passwordstate: " & Description & " Client IP Address = " & IPAddress) Regards Click Studios
  25. Hi Guys, I've just tested this again in 3 different environments, and I get logged out each time as expected - I was testing with the inactivity timer set to 2 minutes. Are you on any specific page on Passwordstate when you navigate to other open tabs? Is anyone else in the community able to reproduce this at all? Regards Click Studios
  • Create New...