Revealing and Modifying Passwords
To reveal a password, a user with “Read” permissions or better to the vault can open up the vault and click the “Reveal Password” button. Users that have the “Requires Approval” permission set first need to follow the instructions in the “Requesting Access to Passwords” section below. A user with “Modify” permissions or better can click on the password’s name to modify it.
When modifying a password, the following options are available:
- General Settings: All of the settings available in the General Settings panel of Add Password, including, Name, Description, Type, Expiration, Username, Domain Name, Computer Name, and Password.
- Password History: Previous password history will be shown here if password history is enabled in the vault, and the “Allow previous password history to be shown” setting is set at the organizational level.
- Synchronization: Synchronization settings which can be set based on the instructions in the “Synchronizing Passwords” section below.
- Actions: Delete Password: Deletes this password and its history (if enabled) from the vault. This operation cannot be reversed.
When finished, click “Save Changes” to save changes, or “Cancel” to cancel them.
Requesting Access to Passwords
If a user is assigned the “Requires Approval” permission, they must request approval to access a password in the vault, and an administrator must approve the request before they can see the password. The requires approval workflow goes as follows:
- The user logs into the vault and clicks the “Request Approval” button beside the password. This sends an approval request to the vault owners.
- When the owner logs into the vault, they will have a task in their task list letting them know that a password request is pending and that they have to review it. The admin then clicks on “View Password Request”
- The administrator can then either approve or deny the request. If they decide to approve it, they can set an expiry date for the user’s access, have the option to change the password before approval, expire the approval when the password expires, and can have the system automatically generate a new password when the approval expires (if the password is synchronized), then click Accept.
- If the administrator approves the request, the system will send an email to the user letting them know that their request was approved.
- The user can then log in to the vault and view or modify the password as their permission level allows.