General Settings

The General Settings section of Password Manager Pro deals with certain miscellaneous features, nonetheless important, such as enforcement of password policy, 'Forgot Password' option to reset Password Manager Pro user passwords, email notification on Password Manager Pro user creation or role modification, provision for managing personal passwords, exporting resources, remote password reset etc.

To access the settings page,

  • Go to Admin >> Settings >> General Settings.
  • In the UI that opens, following options are listed:
    • Password Retrieval
    • Password Reset
    • Resource/ Password Creation
    • Resource Group Management
    • Notifications
    • User Management
    • High Availability
    • Personal Passwords
    • Usage Statistics Collection
    • Security Settings

1. Password Retrieval

Allow plain text view of passwords, if auto logon is configured.

Through the auto logon feature, Password Manager Pro provides the option to establish direct connection to the resource eliminating the need for copy-paste of passwords. By default, password users and auditors will be able to retrieve the passwords that are shared with them. However, if auto logon is configured, they might not need access to the passwords. In such cases, you can take a decision to either allow or restrict access to passwords. To do so,

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Select the checkbox "Allow plain text view of passwords, if auto logon is configured" to allow access or uncheck it to restrict.
  • Click "Save".

Automatically hide passwords after X seconds (specify '0' to never hide passwords automatically)

By default, passwords are shown in hidden form behind asterisks. On clicking the asterisks, the passwords appear in plain text. By default, the passwords are shown for 10 seconds only. After that, they will be automatically hidden.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Specify the desired value in seconds in the "Automatically hide passwords after X seconds" checkbox.
  • If you specify 0, passwords will continue to remain in plain text until you click the password to hide.
  • Click "Save".

Automatically clear clipboard data after specific time (specify '0' to never clear clipboard automatically)

Password Manager Pro leverages clipboard utility of browsers to copy passwords when you intend to copy and paste passwords. By default, the copied passwords will be available for pasting for 30 seconds.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Specify the desired value in seconds in the " Automatically clear clipboard data after seconds" checkbox.
  • If you specify 0, clipboard will not be cleared automatically.
  • Click "Save".

Enforce users to provide reason when retrieving the passwords

By default, when a user tries to retrieve the password of a resource, on clicking the asterisks, the passwords appear in plain text. If you want to force your users to provide a reason why access to the password was needed, you can enable this option by :

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Select the checkbox "Enforce users to provide reason while retrieving the passwords".
  • Click "Save".

Enable of password history for users with View Only/Modify share permissions

If you want to enable it,

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Select the checkbox "Display password history for users with View Only and Modify share permissions.".
  • Click "Save". Once you do this, password history will be displayed to the users with View Only/Modify share permissions.

Allow all admin users to manipulate the entire explorer tree

Password Manager Pro offers provision to allow admin users to manipulate the entire explorer tree structure as they wish. Once this is enabled, Password Manager Pro creates an organization wide, global explorer tree structure containing the names of resource groups under a root node. Any administrator in Password Manager Pro would be able to create/edit the explorer tree structure of resource groups. The tree structure will be accessible to all admins, password admins and end users. Admins and password admins can add their resource groups anywhere into the global tree and the whole structure will be available for view to all the end users. If this option is disabled, users can modify only their portion of the tree.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Select the checkbox "Allow all admin users to manipulate the entire explorer tree". to enable and uncheck it to disable.
  • Click "Save".

Collapse password explorer tree view in Resources and Connections Tab

By default, the nodes of the password explorer tree are shown in expanded form. By enabling this option, the explorer tree can also be viewed in collapsed format.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Select the checkbox "Collapse password explorer tree view in Resources and Connections tab".
  • Click "Save".

Disable SSH, SQL and Telnet console chat

By default, SSH, SQL and Telnet console chat will be enabled. However, you can disable it by:

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Select the checkbox "Disable SSH, SQL and Telnet console chat".
  • Click "Save".

Allow users to retrieve passwords without ticket ID

By default, when a user tries to retrieve the password of a resource simply by clicking on asterisks, on clicking the asterisks, a pop up form appears asking for ticket ID. If you do not want to provide ticket ID for retrieving passwords,

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Retrieval".
  • Select the checkbox "Allow users to retrieve passwords without ticket ID".
  • Click "Save".

2. Password Reset

Enforce users to provide a reason when changing the resource password

When resource passwords are changed by a user, by default, it is not mandatory to add a comment providing the reason for the change. However, enforcing the users to enter a comment would be a good practice and aid in auditing user actions.

To enforce this,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Reset".
  • Select the checkbox "Enforce users to provide a reason when changing the resource password".
  • Click "Save". Once you do this, users will be prompted to enter a comment as reason while attempting to change password.

Allow users to reset password without giving ticket ID

By default, when a user tries to reset the password of a resource, a pop up form appears asking for ticket ID. If you do not want to provide ticket ID for password reset,

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Reset".
  • Select the checkbox "Allow users to reset password without giving ticket ID".
  • Click "Save".

Default selection for user initiated remote password change action

One of the important capabilities of Password Manager Pro is remote password reset, which enables users to change password of a resource in Password Manager Pro console and apply the change in the remote resource instantaneously. This remote synchronization of passwords can be done for resources of the type Windows, Windows Domain and Linux. By default, when you try to change the password of an account belonging to the above three types, the remote synchronization option is enabled.

If you want to disable this option,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Reset".
  • Select the checkbox "Do not apply changes to the resource".
  • Click "Save".
  • At any point of time, you can override this option while invoking the change password option.

Wait for X seconds between stopping and starting the services after service account password reset

For every Windows domain account for which the service account reset is enabled, Password Manager Pro will find out the services which use that particular domain account as service account, and automatically reset the service account password if this domain password is changed. In certain cases, there would be requirements for stopping and starting the services. In such cases, you can configure Password Manager Pro to wait for a specified time period (in seconds) between stopping and starting the services.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Reset".
  • By default, Password Manager Pro waits for 60 seconds. You may configure it in accordance with your needs.
  • Click "Save".

Enforce users to provide two different accounts for use with remote password reset for UNIX / Linux resources

To enable remote password reset for UNIX/Linux resource types, you can enforce users to provide two different accounts for password reset.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Password Reset".
  • Select the checkbox "Enforce users to provide two different accounts for use with remote password reset for UNIX / Linux resources".
  • Click "Save".
  • If you do not opt this, users will be allowed to enable remote synchronization with just one account.

3. Resource/Password Creation

Enforce password policy during resource or password creation

By default, when you are adding your resource to Password Manager Pro, it does not check for compliance to the password policy already defined by the IT administrator. It is enforced only at the time of password change.

In case, you wish to check policy compliance at the time of resource / account addition itself,

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Resource / Password Creation".
  • Select the checkbox "Enforce password policy during resource or password creation".
  • Once you click this, you will be permitted to add your resource / account only if the password is in accordance with the policy defined.
  • Click "Save".

When agents are deployed in resources for remote password reset, the accounts in the resource are automatically added to Password Manager Pro. There is also option to synchronize account addition or deletion afterwards:

1. Sync account addition:

If you enable this option, whenever a new account gets added to the resource, that will be synchronized in Password Manager Pro too.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Resource / Password Creation".
  • Select the checkbox "Sync account addition".
  • Click "Save".
2. Sync account deletion:

If you enable this option, whenever an account gets deleted in the resource, that will be synchronized in Password Manager Pro too.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Resource / Password Creation".
  • Select the checkbox "Sync account deletion".
  • Click "Save".

4. Resource Group Management

Resource group creation options

By default, three options are available for resource group creation -

  • static resource group creation by picking resources individually.
  • dynamic group creation by specifying criteria.
  • Both static and dynamic resource groups.
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Resource Group Management".
  • Select / Deselect the desired radio buttons for resource group creation.
  • Click "Save".

5. Notifications

Default selection for notifying users about change in access permissions. Admins can override this setting while modifying the access permission

1.Notify users about the change in access permissions

If you enable this option, whenever a change is made to their access permission, that will be notified to the respective users.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Notifications".
  • Select the checkbox "Notify users about the change in access permissions".
  • Click "Save".
2. Do not notify users about the change in access permissions

If you enable this option, any change made to access permissions will not be notified to the users.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Notifications".
  • Select the checkbox "Do not notify users about the change in access permissions".
  • Click "Save".

6. User Management

Default user language

Password Manager Pro allows users to choose their own default user language for the web GUI.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Choose the default use language from the drop down list present in the "Default user language" checkbox.
  • Click "Save".

Automatically log off users after X minutes of inactivity

As Password Manager Pro users are dealing with sensitive passwords, from the information security point of view, it would be hazardous to allow the web-interface session to remain alive if users leave their workstation unattended. Inactivity timeout can be configured in Password Manager Pro by specifying the time limit in minutes.

To configure the inactivity timeout,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • By default, if Password Manager Pro remains unattended for 30 minutes, user will be automatically logged out. However you can specify the time limit in minutes.
  • If a user's GUI session is inactive for the specified time limit, the user will be automatically logged out of the session.
  • If you specify '0' as the value, the users will not be logged out for inactivity.

Disable 'Local Authentication'

As explained earlier, Password Manager Pro provides three types of authentication - LDAP authentication, AD authentication/Azure AD authentication and Password Manager Pro's local authentication. By default, Password Manager Pro allows local authentication along with LDAP or AD authentication.

If you want to strictly restrict the LDAP or AD authentication alone,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Select the checkbox "Disable local authentication - All users or AD/Azure AD/LDAP users".
  • Click "Save".
  • Once you do this, the Password Manager Pro users would be allowed to login using their workstation password alone.

Configure default-selected domain in the login screen. (Applicable only when AD authentication is enabled).

If you have users from various domains, the Password Manager Pro login screen will list down all the domains in the drop-down. For ease of use, you may specify the domain used by the largest number of users or the frequently used domain here.

To configure this option,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Choose the domain from the drop down list as the default selected domain.
  • Click "Save". Once you do so, that domain will be shown as selected by default in the login screen.

Show 'Forgot Password' option in the login screen

If a Password Manager Pro user forgets their login password, they can rely on the 'Forgot Password' option, which sends a new login password to that user via email. By default, this option remains enabled.

If you do want to display this option in the login screen,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Disable the checkbox "Show forget password option in the login screen".
  • Click "Save". Once you do this, from the login onwards, this option would not be visible to all the users.

Notify users through email during account creation or modification

By default, whenever a new user account is added in Password Manager Pro or an existing account is modified, an email is triggered to the respective user with information about the login password in the case of new user addition and details of changes (in the case of account modification) are sent.

If you want to disable this option,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Disable the checkbox "Notify users through email during account creation or modification".
  • Click "Save". Once you do this, emails will not be sent on user addition or modification.

Enable 'Support Link' for password administrators

By default, Password Manager Pro users with the role 'Password Administrator' will not be able to view the 'Support' tab in the GUI. If you want Password Administrators to view the support tab,

If you want to disable this option,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Select the checkbox "Enable support link for password administrators".
  • Click "Save".

Notify users through email 30 and 15 days prior to Password Manager Pro license expiry

Prior to the expiry of Password Manager Pro license, email notifications can be sent to all administrators or to any desired user(s). Two notifications will be sent - one, 30 days prior to the expiry and another 15 days earlier.

To send notifications,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Choose the list of recipients for notifications.
  • Click "Save".

Notify users through email 30 and 15 days prior to Password Manager Pro license expiry

Prior to the expiry of Password Manager Pro license, email notifications can be sent to all administrators or to any desired user(s). Two notifications will be sent - one, 30 days prior to the expiry and another 15 days earlier.

To send notifications,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Choose the list of recipients for notifications.
  • Click "Save".

Allow user to cache the enterprise password caching for offline access via mobile

Password Manager Pro provides an option for the users to cache the enterprise passwords for offline access in mobile. To enable this option

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Select the checkbox "Allow password caching for offline access via mobile".
  • Click "Save".

Allow logins to mobile app with fingerprint authentication

As Password Manager Pro users are dealing with sensitive passwords, from the information security point of view, Password Manager Pro provides an option to the users to log in to mobile app using fingerprint authentication.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Select the checkbox "Enable logins to mobile app with fingerprint authentication".
  • Click "Save".

Allow user to auto-logon and auto fill username and password into websites using browser extensions

Password Manager Pro enables automatic login to websites and allows users to launch quick connections to applications directly with the help of native browser extensions. Login forms can be auto-filled using extensions, as well. This spares users from having to manually provide account details and, instead, log on to the website with just a click.

To enable this option,
  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "User Management".
  • Select the checkbox "Allow website auto-fill and logon actions using browser extensions.".
  • Click "Save".

7. High Availability

Check High Availability Status Every --- Minutes

In High Availability set up, constant replication of data takes place between Primary and Standby servers. High Availability status 'Alive' indicates perfect data replication and data synchronization between both servers. In case of any disruption like network problems between Primary and Standby (in turn between the databases), the status will get changed to 'Failed'. This may happen when there is no communication/connection between the database of primary server and that of the standby server.

When the connection gets re-established, data synchronization will happen and both databases will be in sync with each other. During the intervening period, those who have connected to the primary and standby will not face any disruption in service. This status is only an indication of the connection/communication between databases and does not warrant any troubleshooting.

To check the status periodically,

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "High Availability".
  • Select the checkbox and specify the time interval in minutes.
  • Click "Save".

8. Personal Passwords

Allow users to manage their personal passwords

Password Manager Pro provides personal password management feature as a value addition for individual users to manage their personal passwords such as credit card PIN numbers, bank accounts etc while using the software for enterprise password management. The personal password management section belongs exclusively to the individual users.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Personal Passwords".
  • Select the checkbox "Allow users to manage their personal passwords" to allow and uncheck to restrict it.
  • Click "Save".
  • If you uncheck this option, the 'Personal' tab will not appear for users in the Password Manager Pro GUI.

Note: In case of MSP edition, only the MSP administrator can enable or disable this option from the general settings.

Enforce password policy for personal passwords

Users can choose any policy as desired. By this way, you can help Password Manager Pro users in enhancing their personal password strength.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Personal Passwords".
  • Select this checkbox to enforce password policy for personal passwords too.
  • To allow users to set personal passwords without any complexity restrictions, disable this checkbox.
  • Click "Save".

Allow users to choose their own passphrase

By default, when you allow users to manage their personal passwords, Password Manager Pro provides three options to secure the personal passwords.

  • using the encryption key provided by the customers and storing it.
  • using the encryption key provided by the customers and not storing it.
  • using Password Manager Pro's encryption key.
  • When you allow the users to manage personal passwords, you can either allow the users to define their own encryption key or force them to use Password Manager Pro's encryption key itself.

If you want to allow them to choose their own personal passwords,

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Personal Passwords".
  • Select this checkbox "Allow users to choose their own passphrase"
  • To allow users to set personal passwords without any complexity restrictions, disable this checkbox.
  • Click "Save". This option will take effect only for those users who haven't used personal passwords till date.

Enforce users to create passphrase, which will be used as the encryption key for storing personal passwords. In addition, select the complexity rule for the passphrase

By default, there are four options: low, medium, strong and an offline password file option. If you want to create a custom password policy for personal passwords, navigate to Admin >> Password Policies. If the chosen enterprise policy is deleted, the default password policy will be automatically chosen for passphrase complexity.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Personal Passwords".
  • Select this checkbox to enforce users to use their own encryption passphrase with chosen password complexity.
  • If you do not want to enforce passphrase complexity, select [-None-] in complexity option.
  • If you do not want to enforce users with own encryption passphrase complexity, uncheck this checkbox.
  • Click "Save".

9. Usage Statistics Collection

Enable usage statistics collection

Details pertaining to your usage of Password Manager Pro such as the license details, configuration of the system in which Password Manager Pro is installed, usage statistics pertaining to the frequency of use of the various features are collected by Manage Engine, if this option is enabled.

  • Navigate to Admin >> Settings >> General Settings.
  • In the UI that opens, select "Enable Usage Statistics Collection".
  • Select this checkbox to enable usage statistics collection.
  • If you do not wish to allow product usage data collection, uncheck the checkbox.
  • Click "Save".

©2014, ZOHO Corp. All Rights Reserved.

Top