In PMP, there are certain important features such as enforcement of password policy, 'Forgot Password' option to reset PMP user passwords, email notification on PMP user creation or role modification, provision for managing personal passwords, exporting resources, remote password synchronization etc.
While these features are very much needed for certain organizations, some others find them a hindrance. To cater to the needs of these two sets of user, PMP strikes balance through the general optional settings.
Go to "Admin" tab
Click "General Settings" under the section "General"
In the UI that opens, following options are listed
For ease of use, the general settings have been classified into the following categories:
Password Retrieval
Password Reset
Resource/ Password Creation
User Management
Personal Passwords
Allow password users and auditors to retrieve passwords for which auto logon is configured
Through the auto logon feature, PMP provides the option to establish direct connection to the resource eliminating the need for copy-paste of passwords. By default, password users and auditors will be able to retrieve the passwords that are shared with them. If auto logon is configured, they might not need access to the passwords. In such cases, you can take a decision on allowing/restricting access to passwords. Select the checkbox to allow access and uncheck it to restrict.
Automatically hide passwords after X seconds (specify '0' to never hide passwords automatically)
By default, passwords are shown in hidden form behind asterisks. On clicking the asterisks, the passwords appear in plain text. By default, the passwords are shown for 10 seconds only. After that, they will be automatically hidden. If you want to increase or decrease this time period, specify the desired value in seconds. If you specify 0, passwords will continue to remain in plain text until you click the password to hide.
Automatically clear clipboard data after seconds (specify '0' to never clear clipboard automatically)
PMP leverages clipboard utility of browsers to copy passwords when you intend to copy and paste passwords. By default, the copied passwords will be available for pasting for 30 seconds. If you want to increase or decrease this time period, specify the desired value in seconds. If you specify 0, clipboard will not be cleared automatically.
Include passwords when resource details are exported to CSV format
When you export PMP resources to a CSV file, by default, password of the accounts are included in plain text. In case, for security reasons, you wish to mask the password in the report, you can do so by unchecking this checkbox. Once you uncheck this option, the passwords would be masked in the exported CSV file.
Force users to provide reason while retrieving the passwords
By default, when a user tries to retrieve the password of a resource, on clicking the asterisks, the passwords appear in plain text. If you want to force your users to provide a reason why access to the password was needed, you can enable this option by selecting the checkbox.
Enforce users to provide a reason when changing the resource password
When resource passwords are changed by a user, by default, it is not mandatory to add a comment providing the reason for the change. However, enforcing the users to enter a comment would be a good practice and aid in auditing user actions. If you want to enforce this, select this checkbox. Once you do this, users will be prompted to enter a comment as reason when attempting change password.
Default selection for user initiated remote password change action
One of the important capabilities of PMP is Remote Password Synchronization, which enables users to change password of a resource in PMP console and apply the change in the remote resource instantaneously. This remote synchronization of passwords can be done for resources of the type Windows, Windows Domain and Linux. By default, when you try to change the password of an account belonging to the above three types, the remote synchronization option is enabled. If you want to disable this option, click the radio button "Do not apply changes to the resource". At any point of time, you can override this option while invoking the change password option.
Wait for X seconds between stopping and starting the services after service account password reset
For every Windows domain account for which the service account reset is enabled, PMP will find out the services which use that particular domain account as service account, and automatically reset the service account password if this domain password is changed. In certain cases, there would be requirements for stopping and starting the services. In such cases, you can configure PMP to wait for a specified time period (in seconds) between stopping and starting the services. By default, PMP waits for 60 seconds. You may configure it in accordance with your needs.
Enforce users to provide two different accounts for use with remote password reset for UNIX / Linux resources
To enable remote password synchronization for UNIX/Linux resource types, you can enforce users to provide two different accounts for password reset. If you do not opt this, users will be allowed to enable remote synchronization with just one account.
Enforce password policy during resource or password creation
By default, when you are adding your resource to PMP, it does not check for compliance to the password policy already defined by the IT administrator. It is enforced only at the time of doing change password. In case, you wish to check policy compliance at the time of resource / account addition itself, just click this checkbox. Once you click this, you will be permitted to add your resource / account only if the password is in accordance with the policy defined.
Show 'Forgot Password' option in the login screen
If a PMP user forgets his/her login password, they can rely on the 'Forgot Password' option, which sends a new login password to that user via email. By default, this option remains enabled. If you do want to display this option, uncheck the checkbox. Once you do this, from the login onwards, this option would not be visible to all the users.
Allow 'Local Authentication' when AD/LDAP authentication is enabled
As explained earlier, PMP provides three types of authentication - LDAP authentication, AD authentication and PMP's local authentication. By default, PMP allows local authentication along with LDAP or AD authentication. If you want to strictly the restrict to LDAP or AD authentication alone, uncheck the checkbox. Once you do this, the PMP users would be allowed to login using their workstation password alone.
Notify users through email during account creation or modification
By default, whenever a new user account is added in PMP or an existing account is modified, an email is triggered to the respective user with information about the login password in the case of new user addition and details of changes (in the case of account modification) are sent. If you want to disable this option, uncheck this checkbox. Once you do this, emails will not be sent on user addition or modification.
Automatically log off users after X minutes of inactivity
As PMP users are dealing with sensitive passwords, from the information security point of view, it would be hazardous to allow the web-interface session to remain alive if users leave their workstation unattended. Inactivity timeout could be configured by specifying the time limit in minutes. If a user is inactive with the GUI for the specified time limit, the user will be automatically logged out of the session. By default, if PMP remains unattended for 30 minutes, user will be automatically logged out. If you specify '0' as the value, the users will not be logged out for inactivity.
Enable 'Support Link' for Password Administrators
By default, PMP users with the role 'Password Administrator' will not be able to view the 'Support' tab in the GUI. If you want Password Administrators to view the support tab, select the checkbox.
Allow users to manage their personal passwords
PMP provides personal password management feature as a value addition to individual users to manage their personal passwords such as credit card PIN numbers, bank accounts etc while using the software for enterprise password management. The personal password management belongs exclusively to the individual users. If you do not want to allow personal password management for your PMP users, uncheck this checkbox. Once you do this, the 'Personal' tab will not appear in the PMP GUI.
Allow users to choose their own encryption key for managing personal passwords
By default, when you allow users to manage their personal passwords, PMP provides three options to secure the personal passwords - using the encryption key provided by the customers and storing it / using the encryption key provided by the customers and not storing it / using PMP's encryption key. When you allow the users to manage personal passwords, you can either allow the users to define their own encryption key or force them to use PMP's encryption key itself. If you want to allow them to choose their own personal passwords, select the checkbox. This option will take effect only for those users who are added after setting this.
© 2007, AdventNet Inc. All Rights Reserved.