In any organization, passwords for sensitive resources must be kept under direct control. One way to achieve this is by establishing a clear ownership for the passwords. A well-defined ownership concept can go a long way towards ensuring that all privileged accounts are traceable to authorized employees, and not abandoned. Beyond eliminating security vulnerabilities related to orphaned accounts, it's also important to implement secure sharing practices and comprehensive control of the passwords.
By default, the authorized administrator who adds a password becomes its owner, and therefore has complete control of it. The owner can modify or delete the password as needed. Moreover, only the owner can view the password on the dashboard, unless they decide to share it with other users or groups. For instance, a password added by the database admin will not be visible to the server admin, except if the database admin shares it.
Orphaned accounts are privileged accounts that remain active but have no associated owner. These accounts are usually the result of an employee moving departments or leaving the organization. Failing to shut down or transfer ownership of these accounts can lead to access control gaps. Password Manager Pro solves this problem by allowing any leaving resource owner to transfer ownership of their resources to another authorized employee.
Password owners can share common passwords with other admins or groups, and revoke access whenever necessary. The owner can also grant varying permission levels to users and groups by choosing one of the following privileges:
For ultimate security, Password Manager Pro empowers admins to provide access to IT resources as needed, without disclosing the resource passwords in plain text. Users can launch one-click connections to shared resources from Password Manager Pro's web-interface, without having to view or manually enter the credentials.