Managing General Settings
Using the General Settings section of Password Manager Pro, you can carry out important setting changes such as enforcing Password Policies, enabling the Forgot Password option to reset user passwords, configuring to send Email Notifications on user creation or role modification, provision for managing Personal Passwords, exporting resources, remote password reset and so on.
To configure the general settings in Password Manager Pro, navigate to:
Admin >> Settings >> General Settings.
You will see different settings categorized under the following sections. Click each link to view the details:
- Password Retrieval
- Password Reset
- Resource/Password Creation
- Resource Group Management
- User Management
- High Availability
- Personal Passwords
- Usage Statistics Collection
1. Password Retrieval
To view and manage all global settings related to password retrieval, click Password Retrieval from the left pane.
1.1 Allow plain text view of passwords, if auto logon is configured
Enable this option to allow the users to view the passwords of shared resources in plain text when auto logon is configured. If this option is disabled, users cannot retrieve the password, however they can still launch remote sessions through auto logon. This restriction applies only to Password Users, Password Auditors and custom user type roles with the same privileges as Password Users and Auditors.
1.2 Automatically hide passwords after 5 seconds (specify '0' to never hide passwords automatically)
By default, passwords are hidden behind a string of hash symbols. On clicking the string, the passwords appear in plain text. By default, the passwords are shown for 10 seconds only, after which they will be automatically hidden. Specify the desired value in seconds in the Automatically hide passwords after X seconds option. If you specify 0, passwords will continue to remain in plain text until you click the password to hide.
1.3 Maximum X approval admins (You may give minimum of 1 to maximum of 10 admins)
Select a maximum number of admins (upto 10 admins) needed to approve a password request for resources which have the password access control workflow set up. The number of admins selected here will reflect in the Password Access Control workflow configuration, under the option "Enforce approval by at least __ administrators".
1.4 Automatically clear clipboard data after 30 seconds (specify '0' to never clear clipboard automatically)
Password Manager Pro uses the clipboard utility of browsers to copy passwords when you copy them from Password Manager Pro. By default, the copied passwords will be available for 30 seconds. In this option, specify the time in seconds after which the clipboard will be cleared and the copied password will no longer be available. If you specify 0, clipboard will not be cleared automatically.
1.5 Enforce users to provide reason for password retrieval
Enable this option to enforce users to provide a reason for requesting access to the password. This reason for retrieval will be recorded in the audit logs.
1.6 Allow users to retrieve password without ticket ID
If ticketing system integration is done in your environment, then by default, users will be prompted to provide a ticket ID while requesting for a password. Enable this option to allow users to retrieve passwords without providing a ticket ID.
1.7 Display password history for users with View Only and Modify share permissions
Password History (available under Account Actions) shows the previously used passwords for a particular account as well as the details on who modified it. Enable the option Display password history for users with View Only and Modify share permissions to display the password history details for users with View Only and Modify share permissions.
1.8 Allow all admin users to manipulate the entire explorer tree
Once this option is enabled, Password Manager Pro creates an organization-wide, global explorer tree structure containing the names of resource groups under a root node and the following things will apply:
- Any administrator in Password Manager Pro can create/edit the explorer tree structure of resource groups.
- Admins and Password Admins can add their resource groups into the global tree and the whole structure will be available for view to all the end users.
- Types of users who will be able to access this tree structure: Administrators, Privileged Administrators, Password Administrators and Password Users.
- If this option is disabled, users can modify only their portion of the tree with the resources that are shared to them.
Show unshared resource groups to all admins: If this option is enabled, resource groups of all the admins will be available visible to other admins but they will be disabled as the resource groups are not shared. If this option is disabled then only the shared resource groups will be available for the admins.
1.9 Collapse password explorer tree view in Resources and Connections tab
By default, the nodes of the password explorer tree are shown in expanded form. Enable this option to collapse the explorer tree view.
1.10 Disable SSH, SQL and Telnet console chat
By default, SSH, SQL and Telnet console chat will be enabled. Select this option to disable the console chat for remote sessions.
1.11 Allow users to download the private key
If this option is enabled, the user will be able to download the private key that is added to an account shared with them. Click here for more about adding a key to an account.
2. Password Reset
To view and manage all global settings related to password reset in Password Manager Pro, click Password Reset from the left pane.
2.1 Enforce users to provide a reason when changing the resource password
Enable this option to prompt users to enter a reason while attempting to change the password of a resource. This reason will be recorded in the audit logs.
2.2 Allow users to reset password without giving a ticket ID
If ticketing system integration is done in your environment, then by default, users will be prompted to provide a ticket ID when they try to reset the password of a resource. Enable this option to allow users to reset passwords without providing a ticket ID.
2.3 Default selection for user-initiated remote password change action. Users can override this setting while modifying passwords.
When changing the password of a resource in the Password Manager Pro console, by default the password changes are applied in the remote resource instantaneously. (Resource types supported for remote synchronization are: Windows, Windows Domain, and Linux). Select the option Do not apply changes to the resource to not change the password in the remote resource automatically.
2.4 Wait for X seconds between stopping and starting the services after service account password reset
You can configure Password Manager Pro to wait for a specified time (in seconds) before stopping and restarting the services after automatically resetting the service account password. This is useful in cases where service account password reset is enabled for a Windows Domain account and the corresponding domain password is changed.
2.5 Enforce users to provide two different accounts for use with remote password reset for UNIX / Linux resources
Enable this option to enforce users to provide provide two different accounts for password reset for Unix/Linux resources. If this option is disabled, then users will be allowed to enable remote synchronization with just one account. To know more about remote password reset, click here.
3. Resource/Password Creation
To view and manage all global settings related to resource/password creation in Password Manager Pro, click Resource / Password creation from the left pane.
3.1 Enforce password policy during resource or password creation
By default, password policies are enforced for passwords in Password Manager Pro only at the time of password change.
Enable this option to check policy compliance at the time of resource/account addition itself. Once you enable this, you will be permitted to add your resource / account only if the password is in accordance with the password policy defined in Password Manager Pro.
3.2 When agents are deployed in resources for remote password reset, the accounts in the resource are automatically added to Password Manager Pro. There is also option to synchronize account addition or deletion afterwards:
- Sync account addition:
Enable this option to add new accounts into Password Manager Pro whenever they are added in the remote resource.
Enable this option to delete an account in Password Manager Pro whenever the account is deleted in the remote resource.
4. Resource Group Management
To view and manage all global settings related to resource group management in Password Manager Pro, click Resource Group Management from the left pane.
4.1 Resource group creation options
You can allow users to create:
- Static resource groups by picking individual resources.
- Dynamic resource groups by specifying criteria.
- Both static and dynamic resource groups.
Select the required option and click Save.
To view and manage all global settings related to notifications in Password Manager Pro, click Notifications from the left pane.
5.1 Default selection for notifying users about change in access permissions
i. Notify users about the change in access permissions: Select this option to notify the respective users whenever their access permission is changed.
ii. Do not notify users about the change in access permissions: Select this option if you do not wish to notify users regarding the change in their access permissions.
Note: Admins can override this setting while modifying the access permission.
5.2 Notify users about the API key expiry
When an API user is created, an auth token (API key) will be generated. You can specify a date on which the API key will expire. Enable this option to notify the users about the expiry of the API key. Three notifications will be sent as follows:
- A notification 7 days before expiry.
- A notification on the day of expiry.
- A notification every day after the day of expiry.
Click here for more about adding API users in Password Manager Pro.
5.3 Do not display product announcements and promotional messages
Enable this option if you do not wish users to see any promotional in-product banners or messages in Password Manager Pro.
6. User Management
To view and manage all global settings related to user management in Password Manager Pro, click User Management from the left pane.
6.1 Default user language
You can choose a default user language for the web interface from the given drop down.
6.2 Automatically log off users after X minutes of inactivity (specify '0' to never log off users automatically).
Specify a specific time in minutes after which an inactive user session will timeout and log off automatically; by default, the time will be set as 30 minutes. You can specify '0' minutes to never log off inactive users automatically. To impose the same restriction on users logged in through the browser extensions, select the option: Enforce this as a maximum time limit also for users logged in through browser extension.
6.3 Disable local authentication
Password Manager Pro provides three types of authentication:
- LDAP authentication
- AD authentication/Azure AD authentication
- Password Manager Pro's local authentication.
By default, Password Manager Pro allows local authentication along with LDAP or AD authentication. If you want to restrict either the LDAP or AD/Azure AD authentication alone, then select the respective options: All users or . Once the local authentication is disabled, the Password Manager Pro users will be able to login to Password Manager Pro using their workstation password alone.
6.4 Choose default-selected domain in the login screen. (Applicable only when AD/Azure AD authentication is enabled).
If you have users from various domains, the Password Manager Pro login screen will list down all the domains in the drop-down. You can choose the frequently used domain here for ease of use for the users. Once you do so, that domain will be shown as selected by default in the login screen.
6.5 Show 'Forgot Password' option in the login screen
By default, the 'Forgot Password' option is enabled for all users who use Password Manager Pro's local authentication. By clicking on 'Forgot Password', users can get a new login password sent to their email. Disable this option if you do not wish to display the 'Forgot Password' option in the login screen for all users.
6.6 Notify users through email during account creation or modification
By default, users are notified via email whenever their account is added in Password Manager Pro or an existing account is modified. Disable this option if you do not wish to send email notifications to users regarding account creation or modification.
6.7 Enable 'Support' link for password administrators
By default, Password Administrators in Password Manager Pro cannot view the 'Support' option in their profile. Enable this option to make the 'Support' option accessible for password administrators also.
6.8 Notify users through email 30 and 15 days prior to Password Manager Pro license expiry
You can notify all administrators or any users regarding the expiry of Password Manager Pro license.
Two notifications will be sent:
- 15 days prior to the expiry.
- 30 days prior to the expiry.
To send notifications you can either select all administrators as recipients or specify email addresses separated by a comma (',').
6.9 Default selected tab
Select a default tab which will open for users right after logging in:
6.10 Allow password caching for offline access via mobile
Enable this option to allow saving password cache in the Password Manager Pro mobile application so that users can access the passwords offline.
6.11 Enable logins to mobile apps with fingerprint authentication
Enable this option to allow users to login to their Password Manager Pro mobile applications using their device's fingerprint authentication.
6.12 Allow website auto-fill actions using browser extensions
Website forms can be auto-filled using Password Manager Pro browser extensions, allowing users to log on to websites with just a click. Enable this option to allow auto filling of login credentials for saved website accounts through the Password Manager Pro browser extensions.
6.13 Allow website auto-logon actions using browser extensions
Password Manager Pro enables automatic login to websites and allows users to launch connections to applications directly through native browser extensions. Enable this option to allow users to connect to a remote resource through the auto logon feature using the Password Manager Pro browser extensions.
6.14 Disable accounts addition via browser extensions
Disable this option to prevent users from adding accounts to resources through the Password Manager Pro browser extensions. The option to add accounts through browser extension is available only for the Chrome browser. To know more about Password Manager Pro browser extensions, click here.
6.15 Enable discovery in client organization
Enable this option to allow every client organization to discover accounts and resources using the Discovery option in Password Manager Pro.
6.16 Use 'Organization Name' in Organization drop down list
Enable this option to display the Organization Name in the Organization drop down list; the Organization display name will be shown on mouseover.
7. High Availability
In a High Availability (HA) set up, constant replication of data takes place between Primary and Standby servers. High Availability status 'Alive' indicates perfect data replication and data synchronization between both servers. In case of any disruption like network problems between Primary and Standby (in turn between the databases), the status will change to 'Failed'. This may happen when there is no communication/connection between the database of primary server and that of the standby server.
When the connection gets re-established, data synchronization will happen and both databases will be in sync with each other. During the intervening period, those who have connected to the primary and standby will not face any disruption in service. This status is only an indication of the connection/communication between databases and does not warrant any troubleshooting.
To configure periodic status check for high availability in Password Manager Pro:
- Click High Availability from the left pane.
- Specify the number of minutes to check the status in the option Check High Availability Status Every --- Minutes.
To know more about High Availability, click here.
8. Personal Passwords
Individual users can manage their personal passwords such as credit card PIN numbers, bank accounts credentials etc in Password Manager Pro through the personal password management feature. This personal password management section will be visible exclusively to the individual users and not even the Super Admin users will have access to it. To access this section, click Personal Passwords from the left pane.
8.1 Allow users to manage their personal passwords
Select this option to enable the Personal tab in which users can save their personal passwords. To disable the Personal tab, uncheck this option.
Note: In MSP editions of Password Manager Pro, only the MSP administrator can enable or disable this option.
8.2 Disable default personal categories
In the Personal tab, you will find a few default categories for various personal passwords such as bank credentials. You can disable the default categories and allow users to create their own custom categories for saving personal passwords. You can disable categories either for all organizations or for MSP organization only.
8.3 Enforce password policy for personal passwords
Enabling this option will apply the password policy selected for accounts in Password Manager Pro to the personal passwords of users too. You can disable this option to allow users to set personal passwords without any complexity restrictions.
8.4 Allow users to choose their own passphrase
By default, when you allow users to manage their personal passwords, Password Manager Pro will prompt them to choose a passphrase. Once set, there is no way to change or reset this passphrase.
i. Enforce users to create passphrase, which will be used as the encryption key for storing personal passwords. In addition, select the complexity rule for the passphrase
Select this option to enforce a password policy for the passphrase. By default, there are four options: low, medium, strong and an offline password file option. To create a custom password policy for personal passwords, navigate to Admin >> Customization >> Password Policies. If the chosen enterprise policy is deleted, the default password policy will be automatically chosen for passphrase complexity.
- If you do not want to enforce passphrase complexity, select [-None-] in complexity option.
- If you do not want to enforce users with own encryption passphrase complexity, uncheck this option.
If you choose to disable this option and restrict users from setting up the encryption passphrase for their personal passwords, the user will be able to set up an 'encryption key' for their personal passwords from the 'Personal' tab. They are also free to choose between whether to store or not store the encryption key or use Password Manager Pro's encryption key., users. Click here for more information on that.
9. Usage Statistics Collection
By selecting this option, you can choose to send information to ManageEngine about how the product is used. As per the product End-user License Agreement (EULA), the data collected will pertain to the license details, configuration of the system in which Password Manager Pro is installed, usage statistics on the frequency of use of various features. This is a feedback mechanism to improve the product. You can uncheck the option if you don't wish to allow usage data collection.
Click Usage Statistics Collection from the left pane and enable or disable the option Enable Usage Statistics Collection.
Click Miscellaneous from the left pane; this section consists of optional customizations you can apply to Password Manager Pro based on your requirement.
10.1 Disable SSH Keys feature
Selecting this option will disable the SSH Keys tab from your installation. However, the feature will not be removed completely; you can enable the SSH Keys tab again by deselecting this option.
10.2 Disable Certificates feature
Selecting this option will disable the Certificates tab from your installation. However, the feature will not be removed completely; you can enable the Certificates tab again by deselecting this option.
10.3 Enable Splitting of SSH and Telnet Session Recordings into Multiple Files
Starting from build 9902, Password Manager Pro offers an option to split session recordings. If you enable this option, Password Manager Pro will split large session recording files from SSH and Telnet remote sessions into several small files and save them individually in your local storage. Click here to learn about session splitting in detail.
After making changes in the settings, click Save to save the changes.