Managing the Password Vault as an Administrator

When Password Vault applications are assigned to Users, it will be helpful to ensure that Administrators are able to assist with the management of the credentials of those apps. Visibility for this support can be provided via a Delegation in the People Module.

To add the ability to manage User Password Vaults to a Delegation, please navigate to the People Module. Click the ‘Settings’ tab in the bottom left corner, and select ‘Delegations’ from the popup menu.

Locate the Delegation you wish to add the Password Vault Management action, and click the ‘Action’ button on the far right of the row.

In the sidebar menu, click on the ‘Actions’ Tab and search in the ‘Add a new action for this Delegation?’ field for ‘Manage Password Vault’. Click on it when it appears in the list, and then click the Save button in the bottom right corner.

Once this action has been added, Users with that delegation will be able to view the option in the Kabob Menu.

When selected from this menu, the Admin will be able to view that User’s Password Vault in the sidebar menu.

Clicking on an application in this list will show more details regarding the credentials and status of that Password Vault. Varied messages will appear depending upon how that application was configured. Let’s review those message, what they mean, and what actions can be taken.

Applications where both Username and Password are mapped attributes:

• Administrators can review the configuration of this app in the Applications Module. Once the attributes are identified, they can be checked for a User reporting an issue.

• No actions can be taken from the Password Vault for this configuration.

Applications where Username is a mapped attribute, and Password is User Provided:

• Since the Username is a mapped attribute, it is shown here in a greyed out field. This value cannot be changed here, and will need to be checked in that User’s profile.

  • No action can be taken here for the Username.

• The Password here is User Provided, and it’s status is shown as ‘Not Captured’. This signifies that the User has not successfully launched this application for a password to be captured.

  • Resetting the Credentials will provide no value here, as the User should attempt to launch the application from their dashboard and provide correct credentials.

Applications where Username is a mapped attribute, and Password is User Provided:

• Since the Username is a mapped attribute, it is shown here in a greyed out field. This value cannot be changed here, and will need to be checked in that User’s profile.

  • No action can be taken here for the Username.

• The Password here is User Provided, and it has been saved by the Password Vault, so it has a status of Captured. For security purposes, the Passwords are NOT visible to the Admins when they are User Provided.

  • Resetting the Credentials for this application will clear the Password field ONLY, as it is the only User Provided Option. This would provide value to the User so that they could relaunch the application and provide an updated/new password if needed.

WARNING:

Resetting the credentials for an application is a permanent action that cannot be undone. The User will see a warning message confirming that this action should be taken, and once confirmed the credentials are permanently deleted. They are not able to be retrieved from the database at that point.

Application uses Username and Password values that are User Provided:

• The Username for this application is User Provided, and should be in the email format. Admins are able to make modifications to this field, if necessary to resolve an issue.

• The Password for this application is also User Provided, and shows a Captured Status. It is not visible to the Admin, but it is in the Password Vault.

  • Resetting the Credentials of this application would permanently remove the Username and the Password values. (Please see warning above.) The User would need to either launch the application and provide correct credentials, or they could populate them into the fields in their Password Vault.