Managing General Settings
Using the General Settings section of Password Manager Pro (PMP), you can carry out important setting changes such as enforcing Password Policies, enabling the Forgot Password option to reset user passwords, configuring to send Email Notifications on user creation or role modification, provision for managing Personal Passwords, exporting resources, remote password reset and so on.
Configuring General Settings
To configure the general settings in PMP, navigate to:
Admin >> Settings >> General Settings.
You will see different settings categorized under the following sections. Click each link to view the details:
- Password Retrieval
- Password Reset
- Resource / Password Creation
- Resource Group Management
- User Management
- High Availability
- Personal Passwords
- Usage Statistics Collection
1. Password Retrieval
To view and manage all global settings related to password retrieval, click Password Retrieval from the left pane.
1.1 Allow plain text view of passwords, if auto logon is configured
Enable this option to allow the users to view the passwords of shared resources in plain text when auto logon is configured. If this option is disabled, users cannot retrieve the password, however they can still launch remote sessions through auto logon. This restriction applies only to Password Users, Password Auditors and custom user type roles with the same privileges as Password Users and Auditors.
1.2 Automatically hide passwords after 5 seconds (specify '0' to never hide passwords automatically)
By default, passwords are hidden behind a string of hash symbols. On clicking the string, the passwords appear in plain text. By default, the passwords are shown for 10 seconds only, after which they will be automatically hidden. Specify the desired value in seconds in the Automatically hide passwords after X seconds option. If you specify 0, passwords will continue to remain in plain text until you click the password to hide.
1.3 Maximum X approval admins (You may give minimum of 1 to maximum of 10 admins)
Select a maximum number of admins (upto 10 admins) needed to approve a password request for resources which have the password access control workflow set up. The number of admins selected here will reflect in the Password Access Control workflow configuration, under the option "Enforce approval by at least __ administrators".
1.4 Automatically clear clipboard data after 30 seconds (specify '0' to never clear clipboard automatically)
PMP uses the clipboard utility of browsers to copy passwords when you copy them from PMP. By default, the copied passwords will be available for 30 seconds. In this option, specify the time in seconds after which the clipboard will be cleared and the copied password will no longer be available. If you specify 0, clipboard will not be cleared automatically.
1.5 Enforce users to provide reason for password retrieval
Enable this option to enforce users to provide a reason for requesting access to the password. This reason for retrieval will be recorded in the audit logs.
1.6 Allow users to retrieve password without ticket ID
If ticketing system integration is done in your environment, then by default, users will be prompted to provide a ticket ID while requesting for a password. Enable this option to allow users to retrieve passwords without providing a ticket ID.
1.7 Display password history for users with View Only and Modify share permissions
Password History (available under Account Actions) shows the previously used passwords for a particular account as well as the details on who modified it. Enable the option Display password history for users with View Only and Modify share permissions to display the password history details for users with View Only and Modify share permissions.
1.8 Allow all admin users to manipulate the entire explorer tree
Once this option is enabled, PMP creates an organization-wide, global explorer tree structure containing the names of resource groups under a root node and the following things will apply:
- Any administrator in PMP can create/edit the explorer tree structure of resource groups.
- Admins and Password Admins can add their resource groups into the global tree and the whole structure will be available for view to all the end users.
- Types of users who will be able to access this tree structure: Administrators, Privileged Administrators, Password Administrators and Password Users.
- If this option is disabled, users can modify only their portion of the tree with the resources that are shared to them.
Show unshared resource groups to all admins: If this option is enabled, resource groups of all the admins will be available visible to other admins but they will be disabled as the resource groups are not shared. If this option is disabled then only the shared resource groups will be available for the admins.
By default, the nodes of the password explorer tree are shown in expanded form. Enable this option to collapse the explorer tree view.
1.10 Disable SSH, SQL and Telnet console chat
By default, SSH, SQL and Telnet console chat will be enabled. Select this option to disable the console chat for remote sessions.
1.11 Allow users to download the private key
If this option is enabled, the user will be able to download the private key that is added to an account shared with them. Click here for more about adding a key to an account.
2. Password Reset
To view and manage all global settings related to password reset in PMP, click Password Reset from the left pane.
2.1 Enforce users to provide a reason when changing the resource password
Enable this option to prompt users to enter a reason while attempting to change the password of a resource. This reason will be recorded in the audit logs.
2.2 Allow users to reset password without giving a ticket ID
If ticketing system integration is done in your environment, then by default, users will be prompted to provide a ticket ID when they try to reset the password of a resource. Enable this option to allow users to reset passwords without providing a ticket ID.
2.3 Default selection for user-initiated remote password change action. Users can override this setting while modifying passwords.
When changing the password of a resource in the PMP console, by default the password changes are applied in the remote resource instantaneously. (Resource types supported for remote synchronization are: Windows, Windows Domain, and Linux). Select the option Do not apply changes to the resource to not change the password in the remote resource automatically.
2.4 Wait for X seconds between stopping and starting the services after service account password reset
You can configure PMP to wait for a specified time (in seconds) before stopping and restarting the services after automatically resetting the service account password. This is useful in cases where service account password reset is enabled for a Windows Domain account and the corresponding domain password is changed.
2.5 Enforce users to provide two different accounts for use with remote password reset for UNIX / Linux resources
Enable this option to enforce users to provide provide two different accounts for password reset for Unix/Linux resources. If this option is disabled, then users will be allowed to enable remote synchronization with just one account. To know more about remote password reset, click here.
3. Resource/Password Creation
To view and manage all global settings related to resource/password creation in PMP, click Resource / Password creation from the left pane.
By default, password policies are enforced for passwords in PMP only at the time of password change.
Enable this option to check policy compliance at the time of resource/account addition itself. Once you enable this, you will be permitted to add your resource / account only if the password is in accordance with the password policy defined in PMP.
3.2 When agents are deployed in resources for remote password reset, the accounts in the resource are automatically added to PMP. There is also option to synchronize account addition or deletion afterwards:
- Sync account addition:
Enable this option to add new accounts into PMP whenever they are added in the remote resource.
- Sync account deletion:
Enable this option to delete an account in PMP whenever the account is deleted in the remote resource.
4. Resource Group Management
To view and manage all global settings related to resource group management in PMP, click Resource Group Management from the left pane.
4.1 Resource group creation options
You can allow users to create:
- Static resource groups by picking individual resources.
- Dynamic resource groups by specifying criteria.
- Both static and dynamic resource groups.
Select the required option and click Save.
To view and manage all global settings related to notifications in PMP, click Notifications from the left pane.
5.1 Default selection for notifying users about change in access permissions
i. Notify users about the change in access permissions: Select this option to notify the respective users whenever their access permission is changed.
ii. Do not notify users about the change in access permissions: Select this option if you do not wish to notify users regarding the change in their access permissions.
Note: Admins can override this setting while modifying the access permission.
When an API user is created, an auth token (API key) will be generated. You can specify a date on which the API key will expire. Enable this option to notify the users about the expiry of the API key. Three notifications will be sent as follows:
- A notification 7 days before expiry.
- A notification on the day of expiry.
- A notification every day after the day of expiry.
Click here for more about adding API users in PMP.
5.3 Do not display product announcements and promotional messages
Enable this option if you do not wish users to see any promotional in-product banners or messages in PMP.
6. User Management
To view and manage all global settings related to user management in PMP, click User Management from the left pane.
6.1 Default user language
You can choose a default user language for the web interface from the given drop down.
6.2 Automatically log off users after X minutes of inactivity (specify '0' to never log off users automatically).
Specify a specific time in minutes after which an inactive user session will timeout and log off automatically; by default, the time will be set as 30 minutes. You can specify '0' minutes to never log off inactive users automatically. To impose the same restriction on users logged in through the browser extensions, select the option: Enforce this as a maximum time limit also for users logged in through browser extension.
6.3 Disable local authentication
PMP provides three types of authentication:
- LDAP authentication
- AD authentication/Azure AD authentication
- PMP's local authentication.
By default, PMP allows local authentication along with LDAP or AD authentication. If you want to restrict either the LDAP or AD/Azure AD authentication alone, then select the respective options: All users or . Once the local authentication is disabled, the PMP users will be able to login to PMP using their workstation password alone.
6.4 Choose default-selected domain in the login screen. (Applicable only when AD/Azure AD authentication is enabled).
If you have users from various domains, the PMP login screen will list down all the domains in the drop-down. You can choose the frequently used domain here for ease of use for the users. Once you do so, that domain will be shown as selected by default in the login screen.
6.5 Show 'Forgot Password' option in the login screen
By default, the 'Forgot Password' option is enabled for all users who use PMP's local authentication. By clicking on 'Forgot Password', users can get a new login password sent to their email. Disable this option if you do not wish to display the 'Forgot Password' option in the login screen for all users.
6.6 Notify users through email during account creation or modification
By default, users are notified via email whenever their account is added in PMP or an existing account is modified. Disable this option if you do not wish to send email notifications to users regarding account creation or modification.
6.7 Enable 'Support' link for password administrators
By default, Password Administrators in PMP cannot view the 'Support' option in their profile. Enable this option to make the 'Support' option accessible for password administrators also.
6.8 Notify users through email 30 and 15 days prior to PMP license expiry
You can notify all administrators or any users regarding the expiry of PMP license.
Two notifications will be sent:
- 15 days prior to the expiry.
- 30 days prior to the expiry.
To send notifications you can either select all administrators as recipients or specify email addresses separated by a comma (',').
6.9 Default selected tab
Select a default tab which will open for users right after logging in:
6.10 Allow password caching for offline access via mobile
Enable this option to allow saving password cache in the PMP mobile application so that users can access the passwords offline.
6.11 Enable logins to mobile apps with fingerprint authentication
Enable this option to allow users to login to their PMP mobile applications using their device's fingerprint authentication.
6.12 Allow website auto-fill actions using browser extensions
Website forms can be auto-filled using PMP browser extensions, allowing users to log on to websites with just a click. Enable this option to allow auto filling of login credentials for saved website accounts through the PMP browser extensions.
6.13 Allow website auto-logon actions using browser extensions
PMP enables automatic login to websites and allows users to launch connections to applications directly through native browser extensions. Enable this option to allow users to connect to a remote resource through the auto logon feature using the PMP browser extensions.
Disable this option to prevent users from adding accounts to resources through the PMP browser extensions. The option to add accounts through browser extension is available only for the Chrome browser. To know more about PMP browser extensions, click here.
6.15 Enable discovery in client organization
Enable this option to allow every client organization to discover accounts and resources using the Discovery option in PMP.
6.16 Use 'Organization Name' in Organization drop down list
Enable this option to display the Organization Name in the Organization drop down list; the Organization display name will be shown on mouseover.
7. High Availability
In a High Availability (HA) set up, constant replication of data takes place between Primary and Standby servers. High Availability status 'Alive' indicates perfect data replication and data synchronization between both servers. In case of any disruption like network problems between Primary and Standby (in turn between the databases), the status will change to 'Failed'. This may happen when there is no communication/connection between the database of primary server and that of the standby server.
When the connection gets re-established, data synchronization will happen and both databases will be in sync with each other. During the intervening period, those who have connected to the primary and standby will not face any disruption in service. This status is only an indication of the connection/communication between databases and does not warrant any troubleshooting.
To configure periodic status check for high availability in PMP:
- Click High Availability from the left pane.
- Specify the number of minutes to check the status in the option Check High Availability Status Every --- Minutes.
To know more about High Availability, click here.
8. Personal Passwords
Individual users can manage their personal passwords such as credit card PIN numbers, bank accounts credentials etc in PMP through the personal password management feature. This personal password management section will be visible exclusively to the individual users and not even the Super Admin users will have access to it. To access this section, click Personal Passwords from the left pane.
8.1 Allow users to manage their personal passwords
Select this option to enable the Personal tab in which users can save their personal passwords. To disable the Personal tab, uncheck this option.
Note: In MSP editions of PMP, only the MSP administrator can enable or disable this option.
8.2 Disable default personal categories
In the Personal tab, you will find a few default categories for various personal passwords such as bank credentials. You can disable the default categories and allow users to create their own custom categories for saving personal passwords. You can disable categories either for all organizations or for MSP organization only.
8.3 Enforce password policy for personal passwords
Enabling this option will apply the password policy selected for accounts in PMP to the personal passwords of users too. You can disable this option to allow users to set personal passwords without any complexity restrictions.
8.4 Allow users to choose their own passphrase
By default, when you allow users to manage their personal passwords, PMP will prompt them to choose a passphrase. Once set, there is no way to change or reset this passphrase.
i. Enforce users to create passphrase, which will be used as the encryption key for storing personal passwords. In addition, select the complexity rule for the passphrase
Select this option to enforce a password policy for the passphrase. By default, there are four options: low, medium, strong and an offline password file option. To create a custom password policy for personal passwords, navigate to Admin >> Customization >> Password Policies. If the chosen enterprise policy is deleted, the default password policy will be automatically chosen for passphrase complexity.
- If you do not want to enforce passphrase complexity, select [-None-] in complexity option.
- If you do not want to enforce users with own encryption passphrase complexity, uncheck this option.
9. Usage Statistics Collection
By selecting this option, you can choose to send information to ManageEngine about how the product is used. As per the product End-user License Agreement (EULA), the data collected will pertain to the license details, configuration of the system in which PMP is installed, usage statistics on the frequency of use of various features. This is a feedback mechanism to improve the product. You can uncheck the option if you don't wish to allow usage data collection.
Click Miscellaneous from the left pane; this section consists of optional customizations you can apply to PMP based on your requirement.
10.1 Disable SSH Keys feature
Selecting this option will disable the SSH Keys tab from your installation. However, the feature will not be removed completely; you can enable the SSH Keys tab again by deselecting this option.
10.2 Disable Certificates feature
Selecting this option will disable the Certificates tab from your installation. However, the feature will not be removed completely; you can enable the Certificates tab again by deselecting this option.
10.3 Enable Splitting of SSH and Telnet Session Recordings into Multiple Files
Starting from version 9902, PMP offers the option to split larger session recording files from the SSH and Telnet remote sessions into several smaller files. This will ensure a smooth, uninterrupted session playback without a buffer time. Select this option to enable splitting of the session recordings.
To know more about privileged session recording, click here.
After making changes in the settings, click Save to save the changes.