Introduction to Resources and Accounts
In order to manage the passwords of your privileged accounts, add your endpoints as resources in Password Manager Pro (PMP). In PMP, the term Resource refers to any server, application, network device, or appliance in your environment that has authentication credentials that need to be secured. To manage the credentials of your machines, you must add them into PMP as Resources. The term Account denotes the 'User Account' & 'Password' that are to be managed by PMP. The Resources tab in PMP serves as a one-stop place to view and manage all the resources owned by you and/or shared to you by other administrators. In the left pane of the Resource tab is the Password Explorer tree, which contains a variety of options that consolidate your resources in an orderly fashion and make it easier for management. Resources, the related accounts, and their respective passwords are accessible from the Resources tab.
At the end of this document, you will have learned the following:
- Resources Tab - A General Overview
- Options to Access from the Password Explorer (Left Pane)
- Possible Actions from the Resources Tab
1. Resources Tab - A General Overview
To get started with adding resources to PMP, click the Resources tab. You will see the Resources list view, with the Password Explorer on the left pane and the display area in the middle.
The Password Explorer tree on the left pane displays all the added resources category-wise, such as All My Passwords, Owned and Managed, Favorites, and Recently Accessed. It also contains two other sections: Admin Actions and Groups.
- Admin Actions: This section comprises of the following options: Expired Password, Conflicting Passwords, Policy Violations, Disabled Resources, and Trash. This section compiles all the accounts whose passwords might require your immediate attention; for example, you may perform a bulk password reset on expired passwords or restore a resource from the trash.
- Admin's Groups: PMP provides an option to maintain resource groups in a hierarchical structure, i.e., the tree view. For example, let's assume that your organization contains departments that follow a hierarchy. You can group the resources belonging to the respective sections and create subgroups as required — PMP will display them in a tree view in this section to represent the hierarchy they follow.
The display area in the middle displays the list of resources under the specific category as clicked from the Password Explorer. It also contains a Passwords tab that reveals all accounts in each resource from the selected section.
2. Options to Access from the Password Explorer (Left Pane)
The Password Explorer on the left pane all the available resources in PMP organized under different categories. You can click a category to view the resources that are specific to that specific category. Read further to learn in detail about each category:
- All My Passwords - Click this option to display all the resources that are shared to you and available for your usage. Click the name of a resource to display all accounts corresponding to the selected resource. To search for a resource, click the search icon and enter the resource name, description, or the operating system (OS) type. There is a wide range of operations to be performed on the resources and passwords you have access to. They are explained in detail in this section below.
- Owned and Managed - This option is for users with admin privileges. All resources owned by administrators and shared to them by other users are available here. Click the name of a resource to display all accounts corresponding to the selected resource. To search for a resource, click the search icon and enter the resource name, description, or the operating system (OS) type.
- Favorites - All accounts marked as a 'favorite' are available here. To mark an account as a favorite, go to the All My Passwords or Owned and Managed section, switch to the Passwords tab, and click the star icon () beside an account name. To search for a resource under the Favorites section, click the search icon and enter the resource name or the user account name.
- Recently Accessed - All recently accessed resources are listed under this option for a quick reference. To search for a resource, click the search icon, and enter the resource name or the user account name.
- Admin Actions - This section comprises of the following options: Expired Password, Conflicting Passwords, Policy Violations, Disabled Resources, and Trash. This section compiles all the accounts whose passwords might require your immediate attention; for example, you may perform a bulk password reset on expired passwords or restore an account from the trash. All the operations to be performed under Admin Actions are explained below in this section.
- Resources groups added by you - PMP provides an option to maintain resource groups in a hierarchical structure, i.e., the tree view. For example, let's assume that your organization contains departments that follow a hierarchy. You can group the resources belonging to the respective sections and create subgroups as required — PMP will display them in a tree view in this section to represent the hierarchy they follow.
3. Possible Actions from the Resources Tab
There is a wide range of actions you can perform over the resources and accounts displayed in the various sections of the Resource tab. The below links explain each of them in detail:
3.1 Resource and Account-based Operations
The Resource tab offers exhaustive options for adding and managing resources in PMP. Each operation is listed below with a link that will explain in detail about how that particular feature works:
- Add resources into PMP
- Manage resource types
- Manage resources
- Manage accounts and passwords
- Share resources and accounts
- Additional resource configurations
i. Add Resources into PMP
Add your privileged resources such as servers and endpoints as resources in PMP to start managing their accounts and passwords. There are three ways in which you can add resources and accounts into PMP: Manual addition, import from file, automatic discovery of resources and accounts. Click the respective links to learn about each topic in detail.
ii. Manage Resource Types
PMP supports a wide range of resource types by default. In addition to that, you can add as many custom resource types as you require. Click here to learn in detail about how to manage various resource types in PMP.
iii. Manage Resources
PMP offers extensive options to manage the resources added to the repository. Listed below are the resource-based operations that you can perform in PMP. Click each link to learn about the topic in detail.
iv. Manage Accounts and Passwords
There are different ways in which you can manage the accounts and passwords saved in the PMP repository. Some of the operations include viewing, editing, copying, moving accounts, changing passwords, and viewing password history. Click here to learn in detail about each operation.
v. Share Resources and Accounts
PMP offers an option to securely share your resources and accounts with other users and/or user groups. Click the links below to learn about each topic in detail.
vi. Additional Resource Configurations
PMP offers several additional resource configurations that you can use to enhance the security of the resources stored in PMP and to use them efficiently. Click the below links to learn about each topic in detail:
3.2 Admin Actions
The Admin Actions section of the Password Explorer tree provides a consolidated view of expired passwords, passwords that may be violating password policies set by the admin, disabled resources, and Trash. While the PMP Dashboard provides a global view of expired/conflicting passwords and policy violations, the Admin Actions section gives a concentrated view of only the passwords owned and managed by you. From this section, you can reset the passwords that are in violation, either selectively or in bulk. Admin Actions section also displays the disabled resources that were imported into PMP during an Active Directory/LDAP import. Any resource that was moved to trash during deletion will be visible under the Trash category in this section. Each category under Admin Actions is explained in detail below:
- Expired Passwords
- Conflicting Passwords
- Policy Violations
- Disabled Resources
3.2.1 Expired Passwords
Passwords that are not reset within the maximum number of days specified in the password policy are considered to be expired.
Each password policy comes with a different Maximum Password Age in days; PMP flags any password that has not been renewed after this time period as expired passwords. This section lists all expired passwords of the accounts that are owned or managed by you.
3.2.2 Conflicting Passwords
Conflicting passwords arise when the password of an account stored in the PMP repository is not in sync with the password of the same account in the remote machine. Resetting the password of an account in PMP without applying the changes to the remote resource or vice versa leads to conflict in passwords. If left unchecked, out of sync passwords can lead to authentication failure and security issues. As a safety measure, PMP runs a periodic password integrity check that ensures that all passwords stored in PMP match the ones in the corresponding remote machines. Passwords that are found to be mismatched will be flagged and displayed in this section.
3.2.3 Policy Violations
Passwords that violate the password policies applied in PMP will be displayed in this section. By default, PMP has three password policies: Strong, Medium, Low — they all come with varying levels of complexity. You can also set your own custom password policies and apply that to your passwords. PMP runs a periodic check to ensure the complexity of the passwords match the complexity specified in the password policies chosen for them; any password that does not pass the check will be flagged and displayed here.
You can reset the passwords displayed in the above three sections using the password reset configuration settings provided by PMP.
Password Reset Configuration
- To reset a selection of passwords, select the required passwords using the checkbox beside each one and click the Reset Passwords option at the top.
- In the pop-up that appears, you can either manually specify a password. This password will be applied to all selected accounts. Or, you can allow PMP to generate a unique password for each account.
- If you select the Apply password changes to remote resource(s) option, PMP will change the passwords of the remote resources after resetting passwords here. This operation will avoid a mismatch of passwords between the remote machine and the password reflecting in PMP.
- There is also a provision to send an email notification about the password reset to others. You can either choose users from PMP to notify or specify email addresses to which you wish to send the notification. Click Save once you have chosen your preferred configurations.
- To reset all of the passwords under this category, simply click Reset All Passwords without selecting any password from the list below. This action will reset all expired passwords in bulk.
The status of the password reset operation will be captured under Audit >> Resource Audit.
3.2.4 Disabled Resources
While importing resources from Active Directory/LDAP into PMP, you can choose to include disabled machines also. After the import is done, all the disabled resources will be consolidated under this section.
While deleting resources in PMP, you can choose to delete them permanently or move them to the Trash. In this section, you can view all the resources that are moved to trash during deletion.
Restore: To restore a resource from Trash, select the resource, and click Restore. The selected resource will be restored to the Resources tab.
Empty Trash: To delete all resources from the Trash section, click the Empty Trash option. Please note that this action will only remove trashed resources that are owned by you.
Click here to learn more about deleting resources.
3.3 Managing Resource Groups
The Password Explorer displays all the resource groups and the corresponding subgroups that you create. Within the resource groups, you can perform all resource and account related operations explained in this section. To search for a resource, enter the resource name, DNS name, or the operating system (OS) type. Click here to learn more about how to create and manage resource groups in PMP.