- New administrator features in PassSecurium™
- Single Sign-On explained
Administration of the PassSecurium™ password manager
Learn more about enhanced user management, security policies and settings, monitoring, and customisation.
Since PassSecurium™ was originally designed as a password manager for companies, a lot of attention has always been paid to the administrative functions.
Corporate password management requires far more meticulousness and attention to detail than personal password management, as priceless business information, large sums of money, and a company's reputation can be at stake.
With business needs in mind, our team is constantly developing PassSecurium™ to be an efficient tool for managing and protecting your company's passwords.
Let’s scrutinize the main administrative areas and their features:
1. User Management
Depending on the subscription, there are different ways to populate a PassSecurium™ instance with users. The Corporate subscription allows to import users from the company directory (including MS Azure). Users can also be added individually, the admin or manager can just specify their email and enable the option to entitle a user to create their password and then enter the rest of their information like name, language, avatar, etc.
It’s also possible to suspend a user’s access without entirely removing them from the system by enabling the “Block User” option.
In case a user forgets their password or loses their software token for 2-factor authentication, an admin can create a new password for them or re-enable 2FA so that the user can obtain a token again.
Users can be assigned to one or more user groups for access to shared assets.
2. Access Management
A common problem in corporate data management is unreasonably excessive user permissions and access rights. Each user must be granted the necessary and sufficient number of permissions to perform their functions, and no more.
And PassSecurium™ helps to control this by granular sharing based on user groups and folders. Administrators and managers are responsible for creating a shared folder tree within an instance. Folders can be assigned to user groups with different access permissions (write, read or no access). And users can be assigned to user groups to get permitted access to the assets stored in the folders.
An admin can also set which types of clients (web app / mobile app / browser extension) can be used by users to access the PassSecurium™ password manager instance.
An admin can also restrict the password import / export features for users and also the user management / activity log view for managers.
PassSecurium™ login can be protected by two-factor authentication which is enabled / disabled by an admin. 2FA can be enabled for the entire instance (all users within it) or individually for some users. 2FA which has been individually enabled for a user won't be disabled by disabling global 2FA, it should be disabled individually.
An administrator can view all devices and locations (sessions) from which users access the PassSecurium™ password manager instance, and has the right to close active user sessions if needed. This means that the user whose session has been closed will have to re-enter their credentials to access PassSecurium™ on the device. In case of emergency, the administrator can even close all active sessions at once.
3. Security Settings
An admin sets auto-logout intervals for idle users.
An important administration setting is the password security level which defines password complexity for low, medium, high, and strong levels. Each folder has its security level that allows only passwords of the same or higher level to be stored there. Those password security levels are also applied to the built-in password generator.
The toggle “Password / email security check via haveibeenpwned.com service” enables the checking of saved in PassSecurium™ emails and passwords against one of the fullest databases of leaked credentials.
An admin can also set the retention period for the history and activity log. All older data is erased.
4. UI Customization
PassSecurium™ can be adjusted to your corporate identity by changing the company logo, background of the login page, colour scheme and company info displayed in the footer and on the login page.
5. Other features worth mentioning
If your company policy requires the use of the corporate SMTP server for sending emails, PassSecurium™ has the External email server setting for that purpose. If you set it up, all PassSecurium™ email notifications will be sent within your corporate system.
Our company offers its customers different PassSecurium™ backup options: backup on another server within a data centre, backup in another data centre, local physical backup box with the possibility of offline access in case of force majeure, and backup on a local machine of choice. The last option can be configured by a PassSecurium™ admin in the settings. However, the customer is responsible for the security of the local copy once it has been downloaded (needless to mention, we enable the admin to download an encrypted backup).
This was an overview of the main administrative features of our PassSecurium™ password manager. The project is steadily moving forward, new features are constantly being added and existing ones are being expanded.
We are always open to feedback from our customers and welcome suggestions on how PassSecurium™ can be improved. If you have any ideas or questions about the administration of the password manager, please feel free to send them to us via the contact form on the site.