Passwordstate allows teams of people to access and share sensitive password credentials through the concept of Shared Password Lists. This enables your organization to implement granular control over who has access to your privileged account credentials through Role Based Access Control. This in turn enables built-in auditing and compliance capabilities to track who has accessed credentials and when.
Equally important is the concept of Private Password Lists, where individuals can securely record and manage credentials that are used for private use. The ability to create and use Private Password Lists is free and provided as part of the named User Licensing Model that Passwordstate uses. But what does this mean? It means that if a user has access to login to Passwordstate, they are enabled and have a Named User License automatically applied to their account, license count permitting.
Organizations that don’t allow the use of Private Password Lists for their users typically struggle with enforcing the use of Shared Password Lists. This is understandable as you are in effect stating that credential management is only important for business use and not personal use. On the other hand, organizations that adopt and promote the use of Private Password Lists typically build a healthy cybersecurity awareness in their workforce with employees embracing credential management for both personal and organizational use.
So how do you minimize the impact on Security Administrators having to setup Private Password Lists for all your employees.
Automatically create Private Password Lists for New Users
To reduce the workload on your Passwordstate Security Administrators, and make life easier for your users, you can automatically create Private Password Lists for all new user accounts as they are added to Passwordstate. This is done by enabling the option to automatically create a Private Password List for new users. To do this navigate to Administration->System Settings->password list options and click the Yes radio button underneath When a new User Account is added to Passwordstate, automatically create a Private Password List for the user option. You can also specify the name of the Private Password List using the variables FirstName and Surname shown below,
In doing this all new users that are added will have a Private Password List created in the root of the Passwords Tab. If you decide to not use the variables in the name then all Private Password Lists will look to have the same name, however they will all have a unique PasswordListID that is used to identify them at a system level. And of course, each Private Password List will only have Administrator permissions assigned to the appropriate user.
Customize Private Password List Fields with User Account Policies
It is possible to create all Private Password Lists with additional fields that the user may want to use. For example, these could be fields for a support email, PIN for 2FA, a phone number, or an address. By default, automatically created Private Password Lists include the URL field, however they aren’t based on any of the templates located under Administration->Password List Templates.
In order to add specific additional fields, you’ll need to create a User Account Policy for all users, that references a custom Password List Template. First, you’ll need to create a template that contains the fields that you want to provision for new users. To do this navigate to Administration->Password List Templates and click on Add New Template,
Give the template a Name, Description, choose an image and define the required Password Strength Policy, Password Generator Policy and any Additional Authentication you require. Then select the customize fields tab and specify the additional fields you want to provision. In the example below I’ve created the following text fields email, PIN, Phone Number and Address,
Now create a User Account Policy that will use the new Password List Template. In my example I’ve named it “Private Password Lists”. Navigate to Administration->User Account Policies and click on Add to create a new User Account Policy,
Supply a Policy Name, Description and on the password list options tab, for Setting ID E4, select the name of the Password Lists Template you wish to reference,
Then click Save. Now click on the Actions icon and select Apply Policy to Users, selecting All Users and Security Groups,
Now every time a New User is added to Passwordstate they will have an automatically created Private Password List with all the Fields that you’ve selected. Each individual user will be the Administrator of their Private Password List and will be able to edit it as desired.
Don’t forget, we welcome your feedback via support@clickstudios.com.au.