Managing Accounts and Passwords

Overview

This document discusses the different ways in which users can manage accounts in PAM360 such as viewing, editing, copying, moving accounts and also to change password, view password history and check integrity of passwords stored in PAM360.

  1. Viewing accounts
  2. Copying passwords
  3. Changing passwords
  4. Verifying passwords
  5. Viewing password history
  6. Copying passcard link
  7. Editing accounts
  8. Copying accounts
  9. Moving accounts

1. Viewing Accounts

Follow the below steps to view an account that is part of a resource.

  1. Navigate to Resources tab.
  2. Click on the particular resource name whose account details you want to view.
  3. The accounts of the respective resource would be displayed in a new dialog box.
  4. By default, passwords are shown in hidden form behind asterisks; to view the passwords in plain text, just click on the respective asterisks. The passwords will be shown for 10 seconds only. After that, they will be automatically hidden.You can also view the passwords by clicking the asterisks again.

You can modify the default 10 seconds from the General Settings page.

1.1 Enforcing Users to Provide a Reason for Viewing Passwords

By default, when a user tries to retrieve the password of a resource, on clicking the asterisks, the passwords appear in plain text. If you want to force your users to provide a reason why access to the password was needed, you can enable the option Enforce users to provide reason when retrieving the passwords in General Settings. Follow the below steps:

  1. Navigate to Admin >> Settings >> General Settings.
  2. In the UI that opens with a list of options, select Password Retrieval.
  3. Click the checkbox Enforce users to provide reason when retrieving the passwords.
  4. Click Save.
  1. After enabling this option, when you click on the asterisks, a pop-up window will open. In that pop-up window, provide a reason for retrieval and click Proceed.

1.2 Allowing password users and auditors to retrieve passwords for which auto logon is configured

Through the auto logon feature, PAM360 provides the option to establish direct connection to the resource eliminating the need for copy-paste of passwords. By default, password users and auditors will be able to retrieve the passwords that are shared with them. However, if auto logon is configured, they might not need access to the passwords. In such cases, you can take a decision to either allow or restrict access to passwords and implement the same through the option "Allow password users and auditors to retrieve passwords for which auto logon is configured" in General Settings.

To enable this option,
  1. Navigate to Admin >> Settings >> General Settings.
  2. In the UI that opens with a list of options, select Password Retrieval.
  3. Click the checkbox Enforce users to provide reason when retrieving the passwords.
  4. Click Save.

2. Copying Passwords

PAM360 leverages clipboard utility of browsers to copy passwords when you intend to copy and paste passwords.

Follow the below steps to copy passwords:
  1. Navigate to the Resources tab.
  2. Switch to Passwords link and click the copy icon present against the desired passwords to copy.
  3. The copied passwords will be available to paste for 30 seconds.

3. Changing Passwords

To change the passwords of user accounts,
  1. Navigate to Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
  2. Click the Account Actions icon against the resource whose password you want to change and select Change Password from the drop down list.
  1. In the pop-up form that appears, enter the new password and confirm the same.
  2. Click Save.

Note:

  • While entering the new password, the password policy set by the administrator for this resource will get enforced, if any.
  • If your account belongs to any of the types - Windows, Windows Domain, Linux, IBM AIX, HP UNIX, Solaris, Mac OS, MS SQL server and Cisco Devices (IOS, CatOS, PIX), you have the option to synchronize the new password in the remote resource too. In such cases of remote synchronization, if there is a failure in updating the password in the resource, password changes will not be saved locally as well.

4. Verifying Passwords

Passwords of resources such as servers, databases, network devices and other applications are stored in PAM360. It is quite possible that someone who has administrative access to these resources could access the resource directly and change the password of the administrative account. In such cases, the password stored in PAM360 will be outdated and not be of any use to the users who access PAM360 for the password. To deal with such possibilities, PAM360 provides an option for checking the validity of passwords at any point of time, both on demand and also at periodic intervals. On demand verification for password validity can be performed for a single account or for all the resources/accounts stored in the PAM360 application. Follow the below steps to verify the integrity of the password of a single account,

  1. Navigate to Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
  2. Click the Account Actions against the resource whose password you want to verify for synchronization and select Verify Password from the drop down list.
  1. PAM360 will try to establish connection with the target system. Once the connection is established, it tries to log in with the
  2. credentials stored in PAM360. If login does not succeed, PAM360 concludes that the password is out of sync. In case, PAM360 is not even able to establish connection with the system due to some network problem, it will not be taken as password out of sync.

Note: Password Verification will work only for the accounts for which 'Remote password reset' has been enabled.

4.1 Verifying All the Passwords Stored in PAM360

  1. Navigate to Reports >> Password Out of Sync
  2. Under that report, click the link Find Out of Sync passwords. In the dialog box that opens, click Start Now.
  3. Once you schedule the check, PAM360 will try to establish connection with the target systems for all the accounts for which remote password reset has been enabled. Once the connection is established, it tries to log in to each resource with the credentials stored in PAM360 respectively. If login does not succeed, PAM360 concludes that the password is out of sync. In case, PAM360 is not even able to establish connection with the system due to some network problem, it will not be taken as password out of sync. A consolidated notification would be emailed to all the administrators and auditors.

5. Viewing Password History

The history of changes done to the passwords are captured in the form of password history. Information such as the old password, modified by whom, from which machine and the time at which it was modified are all captured in history.

To view password history of an account,

  1. Navigate to Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
  2. Click the Account Actions icon against the resource whose password history you want to view and select Password History from the drop down list.
  3. In the pop-up for that appears, password history will be displayed.

6. Copying Passcard Link

A passcard typically contains details such as Resource Name, Account Name, Password of the account, Owner of the resource and the DNS name, along with any additional resource or account attributes that might be added to it. To view the passcard of an account, you must be logged into PAM360 and the corresponding resource must be owned by you or shared to you.  The Passcard link provides consolidated details of an individual account in PAM360 as a shareable link.  The link can be accessed by only those to whom the passcard is shared with the relevant privilege (read-only, read-write, or manage).

Follow the below steps to copy the Passcard of an account:

  1. Navigate to Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
  2. Click the Account Actions icon beside the required account name and choose Copy Passcard Link from the drop-down.
  3. The Passcard link will be copied to the clipboard and will remain there until you click the Click Here to Clear Clipboard option to erase it. The Click Here to Clear Clipboard option will appear in the top right corner of the page as soon as you copy the Passcard link.
  4. Paste the copied Passcard URL in a new browser window to view its contents. The Passcard will also contain a QR code from which the URL can be scanned and extracted.     

7. Editing Accounts

At any point of time, you can edit the details of any of the accounts.

To edit an account,
  1. Navigate to Resources tab, switch to the Passwords tab or from the Resources tab, click a required resource name to open the Account Details dialog box.
  2. Click the Account Actions icon beside the resource whose password you want to edit and choose  Edit Account from the drop down .
  1. In the pop-up form that appears, edit the required property of the account.
  2. Select the checkbox Use private key to login to this account instead of password to authorize remote connections using SSH keys instead of account credentials. Click here to know more about remote connection using SSH keys.
  3. Once you're done, click Save. The required change will get reflected in the view.

8. Copying Accounts

A single or multiple accounts can be copied and added under one or more resources. The replicated accounts could then be edited to suit your requirements. When you want to have the same identical accounts under many resources, this will help in adding the accounts with ease. The copying operation does not affect the account being copied in anyway.

Follow the below steps to copy one or more accounts:
  1. Navigate to Resources tab and switch to Passwords tab.
  2. Click on the resource of which the account is a part and select the account or accounts to be copied.
  3. To copy a single account, go to Resources tab, click a required resource name to open the Account Details dialog box.  
  4. Then, click the Account Actions icon against the necessary account and select Copy Account from the drop down list.
  5. In the pop-up form that appears, you can choose the new copies to inherit the share permissions also (the new account will also be shared with all those who had permission to view the parent account).
  6. You can also specify the number of copies required. The account(s) will appear under the selected resource(s).

9. Moving Accounts

A single or multiple accounts that are part of one resource can be moved under another resource. When you do so, the selected account(s) will be removed from the present resource.

To move one or more accounts,
  1. Navigate to Resources tab and switch to Passwords tab.
  2. Click the resource of which the account is a part and select the account or accounts to be moved.
  3. To move a single account, go to Resources tab, click a required resource name to open the Account Details dialog box.  
  4. Then, click the Account Actions icon and choose  Move Account from the drop down list.
  1. In the pop-up form that appears, you can choose to move the share permissions also (the new account will also be shared with all those who had permission to view the account being moved). The account(s) will be removed from the present resource and it will appear under the selected resource(s).


 

©2019, ZOHO Corp. All Rights Reserved.

Top