Modules
Sign in
Get Help
  1. Kaseya
  2. AuthAnvil On-Premise (AAOP)
  3. AAOP: Password Server

How can I add a Password in the Password Server?

Passwords are stored and managed inside vaults, with users' level of access to them depending on the permissions that are assigned at the vault level.

 

Creating Passwords

  1. Open a Vault, and click "Add Password" under the Actions menu.
    • Password Name: A friendly name for the password. Note: This does not have to be the same as the password's username.
    • Description: A description of the password.
    • Password Type: The category of password that this falls into. If you do not see the password type, then just set it as a General Password.
      Note - Most password types are informational, meaning they do not have a special affect on the password. Windows and Web password types (i.e. Active Directory Windows Password) will provide additional functionality or fields, as outlined in the rest of the guide.
    • Days to Expire: How many days before this password is expired and flagged for change. If this value is set to 0, the password will never expire.
    • Expire X Minutes After Access: After a user reveals or copies this password, wait this many minutes to automatically rotate this password or flag it for manual expiration. This also applies to passwords accessed through RDP or Web Launch icons. If this value is set to 0, the password will never expire.
    • Username: The username associated with the password. This field is not displayed for types of passwords that do not have usernames. If you have a general password that does not have a username, just leave it blank.
    • Domain: The active directory domain name associated with this password. This field is only displayed for the "Active Directory Windows Password" type.
    • Machine Name: The name of the machine associated with this password. This field is only displayed for Windows password types.
    • Password: Any additional notes needing to be stored with the password data. This could be special information about the connection or account. All Notes information will appear when the password is revealed on screen.
    • Notes: After a user reveals or copies this password, wait this many minutes to automatically rotate this password or flag it for manual expiration. This also applies to passwords accessed through RDP or Web Launch icons. If this value is set to 0, the password will never expire.
    • Checkboxes: There are 2 additional options. "Ignore the Vault Password Policy for this Password" allows you to save the password, even if it does not meet the necessary complexity requirements. "Do not include this Password in the 'Passwords not attached to an Association' report" excludes this password from a special report that looks up all passwords not tied to an Association.
  3. If the password is a synchronizable type of password, such as a Standalone or Remote Windows Password or an Active Directory Password, you can set up synchronization settings in the synchronization tab following the instructions in the "Synchronizing Passwords" section below.
  4. Click Save Changes to save the password.
 

Password Policy Templates

Password Server allows you to create customized password policy templates to control the complexity requirements for your passwords. Many websites have specific requirements or limitations on how long or short a password can be, as well as what characters are acceptable. Password Policies allow you to define the specific complexity requirements for each password to make sure they stay within the boundaries of your user account. Rotating passwords tied to a policy will also automatically generate based on those constraints to properly adhere to the security policy for the account.

 

When you are creating or modifying a password record, there is a new dropdown to select a password policy. Once selected, the constraints of that policy will apply to this password whether it is manually or automatically changed.

 

To unassign a password policy from a record, select "Optional: Choose a Password Policy" from the policy dropdown list.

 

Creating your own Password Policies

You can create your own Password Policies on the "Settings" tab at the bottom of the page. There are multiple premade templates available to use right away with preset ranges for password length and allowable characters.

Creating your own template is easy. Simply fill out the boxes for what will be allowed in your password policy:

  • Policy Name – The title of your password policy
  • Allow Lowercase (abc), Uppercase (ABC), Numerals (123)
  • Allowed special characters (no spaces) Example: !#$%^&*()_-+={}[]
  • Minimum / maximum length
  • "Create Policy" button
  • Click "Create Policy"
 

Revealing and Modifying Passwords

To reveal a password, a user with "Read" permissions or better to the vault can open up the vault and click the "Reveal Password" button. Users that have the "Requires Approval" permission set first need to follow the instructions in the "Requesting Access to Passwords" section below. A user with "Modify" permissions or better can click on the password's name to modify it.

When modifying a password, the following options are available:

  • General Settings: All of the settings available in the General Settings panel of Add Password, including, Name, Description, Type, Expiration, Username, Domain Name, Computer Name, and Password.
  • Password History: Previous password history will be shown here if password history is enabled in the vault, and the "Allow previous password history to be shown" setting is set at the organizational level.
  • Synchronization: Synchronization settings which can be set based on the instructions in the "Synchronizing Passwords" section below.
  • Actions:
  • Delete Password: Deletes this password and its history (if enabled) from the vault. This operation cannot be reversed.

When finished, click "Save Changes" to save changes, or "Cancel" to cancel them.

 

Requesting Access to Passwords

If a user is assigned the "Requires Approval" permission, they must request approval to access a password in the vault, and an administrator must approve the request before they can see the password. The requires approval workflow goes as follows:

  1. The user logs into the vault and clicks the "Request Approval" button beside the password. This sends an approval request to the vault owners.
  2. When the owner logs into the vault, they will have a task in their task list letting them know that a password request is pending and that they have to review it. The admin then clicks on "View Password Request"
  3. The administrator can then either approve or deny the request. If they decide to approve it, they can set an expiry date for the user's access, have the option to change the password before approval, expire the approval when the password expires, and can have the system automatically generate a new password when the approval expires (if the password is synchronized), then click Accept.

  4. If the administrator approves the request, the system will send an email to the user letting them know that their request was approved.
  5. The user can then log in to the vault and view or modify the password as their permission level allows.

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section