Password Action Notification

(Feature available only in Premium Edition)

Any action performed on a password, be it just a password access or modification or changing the share permission or when the password expires or when password policy is violated, notifications are to be sent to the password owners and/or to those who have access to the passwords or to any other users as desired by the administrators. The 'Password Action Notification' feature helps in achieving this.

You can configure E-mail notification on the occurrence of specific events as mentioned above. When password shares are changed and when passwords expire, in addition to notifications, there is option for password reset action to be performed by the PMP server. When a password belongs to multiple groups and each group has different actions configured, every distinct action will be performed once.

To add a schedule for rotating passwords of the resources of a group

  • Go to "Resources" tab in the web interface
  • Click "Resource Groups" tab (alternatively, you can launch this page directly through the "Add Resource Group" link under the "Links" tab)
  • Click the icon present against the resource group for which password action notification is to be enabled
  • In the UI that opens up, select the condition upon which you wish to send notifications and click the button at the end

When passwords are accessed

As mentioned earlier, when a user views a password, email notification (informing the access) could be sent to desired recipients.

If you want to make use of this action,

  • Specify the recipients of the notification -
    • Owner - the owner of the password
    • Users having access to the passwords - users who possess any one of the share permission (read only, read and write, manage) for the password, at the time when notification is generated
    • Other Users/ User Groups - any other specific user(s) as selected from the list
    • Email ids - to generate notifications to specified list of email aliases or email addresses. If you want to enter multiple ids, you may do so by separating each address with a comma
    • Click "Save"
    • You can also generate a SNMP Trap and/or Syslog Message to your network management system. Before selecting an option here, make sure you have carried out SNMP Trap/Syslog settings.

When passwords are changed

As mentioned above, when a password is changed, notification (informing the change) could be sent to desired recipients.

If you want to make use of this action,

  • Specify the recipients of the notification -
    • Owner - the owner of the password
    • Users having access to the passwords - users who possess any one of the share permission (read only, read and write, manage) for the password, at the time when notification is generated
    • Other Users/ User Groups - any other specific user(s) as selected from the list
    • Email ids - to generate notifications to specified list of email aliases or email addresses. If you want to enter multiple ids, you may do so by separating each address with a comma
    • Click "Save"
    • You can also generate a SNMP Trap and/or Syslog Message to your network management system. Before selecting an option here, make sure you have carried out SNMP Trap/Syslog settings.

When password share is changed

In multi-user environments, passwords are shared among multiple persons. In such a scenario, when a password permission of a password is changed, notification (informing the change) could be sent to desired recipients.

If you want to make use of this action,

  • Specify the recipients of the notification -
    • Owner - the owner of the password
    • Users having access to the passwords - users who possess any one of the share permission (read only, read and write, manage) for the password, at the time when notification is generated
    • Other Users/ User Groups - any other specific user(s) as selected from the list
    • Email ids - to generate notifications to specified list of email aliases or email addresses. If you want to enter multiple ids, you may do so by separating each address with a comma
    • You have the option to reset passwords in addition to sending notifications. For example, when the share for a password is removed, if you wish to automatically reset the password, you may do so by selecting the checkbox 'Reset the password when a share is removed'. Password reset action is applicable and performed only for passwords for which it is currently supported and correctly configured, using one of remote or agent modes
    • Click "Save"
    • You can also generate a SNMP Trap and/or Syslog Message to your network management system. Before selecting an option here, make sure you have carried out SNMP Trap/Syslog settings.

When passwords expire

To enhance password security, passwords of sensitive accounts would be rotated periodically. In such a scenario, validity period is set for a password. When the validity ends, the password expires and a notification (informing the expiry) could be sent to desired recipients.

How do I set Password Expiry for a resource?

Password Validity Period could be set through password policies. After the validity period, the password would expire and it has to be reset.

If you want to make use of this action,

  • Specify the recipients of the notification -
    • Owner - the owner of the password
    • Users having access to the passwords - users who possess any one of the share permission (read only, read and write, manage) for the password, at the time when notification is generated
    • Other Users/ User Groups - any other specific user(s) as selected from the list
    • Email ids - to generate notifications to specified list of email aliases or email addresses. If you want to enter multiple ids, you may do so by separating each address with a comma
    • You have the option to reset passwords in addition to sending notifications. For example, when the share for a password is removed, if you wish to automatically reset the password, you may do so by selecting the checkbox 'Reset the password when a share is removed'. Password reset action is applicable and performed only for passwords for which it is currently supported and correctly configured, using one of remote or agent modes
    • Click "Save"
    • You can also generate a SNMP Trap and/or Syslog Message to your network management system. Before selecting an option here, make sure you have carried out SNMP Trap/Syslog settings.

When password policy is violated

If you have defined a password policy and if the passwords are in violation to the policy defined, notifications (informing the violation) could be sent to desired recipients. The notification would be sent everyday.

If you want to make use of this action,

  • Specify the recipients of the notification -
    • Owner - the owner of the password
    • Users having access to the passwords - users who possess any one of the share permission (read only, read and write, manage) for the password, at the time when notification is generated
    • Other Users/ User Groups - any other specific user(s) as selected from the list
    • Email ids - to generate notifications to specified list of email aliases or email addresses. If you want to enter multiple ids, you may do so by separating each address with a comma
    • You have the option to reset passwords in addition to sending notifications. For example, when the share for a password is removed, if you wish to automatically reset the password, you may do so by selecting the checkbox 'Reset the password when a share is removed'. Password reset action is applicable and performed only for passwords for which it is currently supported and correctly configured, using one of remote or agent modes
    • Click "Save"
    • You can also generate a SNMP Trap and/or Syslog Message to your network management system. Before selecting an option here, make sure you have carried out SNMP Trap/Syslog settings.

When passwords in PMP go out of sync with those in the resource

When the passwords stored in PMP differ with those in the resource, notifications (informing the out of sync) could be sent to desired recipients. Every night at 1 AM, PMP tries to establish connection with the target systems for which remote password sync has been enabled. Once the connection is established, it tries to login with the credentials stores in PMP. If login does not succeed, PMP concludes that the password is out of sync. In case, PMP is not even able to establish connection with the system due to some network problem, it will not be taken as password out of sync.

The out of sync notification would be sent everyday.

If you want to make use of this action,

  • Specify the recipients of the notification -
    • Owner - the owner of the password
    • Users having access to the passwords - users who possess any one of the share permission (read only, read and write, manage) for the password, at the time when notification is generated
    • Other Users/ User Groups - any other specific user(s) as selected from the list
    • Email ids - to generate notifications to specified list of email aliases or email addresses. If you want to enter multiple ids, you may do so by separating each address with a comma
    • Click "Save"
    • You can also generate a SNMP Trap and/or Syslog Message to your network management system. Before selecting an option here, make sure you have carried out SNMP Trap/Syslog settings.

See also "Running Integrity Check on demand".

Changing the Email Notification Content

In all the above cases, email notifications are sent to the specified recipients. PMP provides the option to customize the email content. Refer to the "Email Templates" section for complete details.

©2014, ZOHO Corp. All Rights Reserved.

Top