Passwords
Depending on your permissions, you can view or copy account credentials.
View Passwords
When you identify the account that contains the password you require, you can view the password, if you have the appropriate permissions. The password is displayed for a predetermined number of seconds, and then it is replaced by asterisks.
-
In the Accounts list, click the Show password icon
in the line of the account to view; the password in the account line is displayed for a predetermined number of seconds.
If this password is configured for one-time use, exclusive use, or use during a predefined timeframe, the relevant information is displayed in this window.
Or,
In the Accounts list, click the account to view; the Account Details page appears. In the Password pane, the password appears as a series of asterisks
-
Click Show; the asterisks are replace by the password for a predetermined number of seconds.
Copy passwords
Authorized users can copy passwords with or without displaying them in the following pages:
Chrome extension for copying passwords
The Chrome extension for copying passwords is only available in the Classic UI.
In Chrome, the first time you copy a password, the following message appears:
Click Yes to download and install this extension,
After the Chrome extension is installed, press F5 to refresh the PVWA page. The next time you copy a password, the extension will work automatically.
The Copy passwords function is only supported in the chromium-based Microsoft Edge browser due to browser security and capabilities in Microsoft Edge. |
Password version control
Authorized users can view versions of passwords in the Safe. The Versions tab in the Account Details page displays the different versions of the passwords that are currently retained in accounts in the Safe. In order to see the Versions tab, users require the following Safe member authorization:
- Retrieve accounts
Password versions are saved according to one of the following Safe configuration:
Configuration | Description |
---|---|
Previous versions |
A predetermined number of password versions are saved in the Safe. |
Previous days |
All password versions from a predetermined number of days are saved in the Safe. |
When an account is managed by the CPM, you may see temporary password versions (with a special indication), during the password change process. When a password change process ends successfully, the temporary version becomes a real version. If a password change process fails, the CPM reverts the password to the previously correct password. The temporary version will still be available in the versions list for troubleshooting purposes.
By default, temporary versions are not displayed in the list of password versions.
-
In the Accounts list, select the account that contains the password you wish to inspect; the Account Details page appears.
-
Select the Versions tab; a list of the versions of the selected password that are retained in the Safe is displayed in this pane.
-
By default, temporary password versions are not displayed in the list. Clear Do not display CPM temporary password versions to display both real and temporary password versions.
-
In the row of the required password version, click the relevant icon to show it, copy it, or connect with it to a remote machine.
Split password mode
The Split Password mode restricts users to accessing either the first half of a password or the second half. In this mode, users access passwords according to group membership which defines which half of the password they can access as well as their Safe authorizations. Users who have access to both halves of the password will be able to see the entire password.
Passwords in the PVWA can be accessed in Split Password mode. This mode is recommended only when passwords are managed and changed by the CPM, when end users do not need the “Update password value” authorization. In cases where the CPM does not manage the account and change the password in it, it is recommended to save the password in two different objects in the Vault, and assign the relevant permissions to end users, based on the half of the password they need to access or change
Split password mode is managed by platforms that enable this mode and define the user groups. For more information, refer to Split Password Mode.
Passwords that are configured for split password mode cannot be used in the following scenarios:
-
Logging onto remote machines transparently.
-
Exclusive password mode
Users who have ‘Use accounts’ authorizations can log onto remote machines transparently through the PSM in split password mode. |
In Split Password mode, users access passwords in the same way as in the regular mode, but only the half of the password that they are permitted to see is displayed.
In the Account Details page, click Show; the half of the password that the user is permitted to see is displayed.
The tooltip for the Show button indicates which half of the password the user can see. |
You can only copy the half of the password that they are permitted to see. Tooltips on the copy icon in the Accounts List and on the Copy button in the Account Details page show which half of the password will be copied.
In the following example, Susanne can only copy the first half of the password. This is due to the fact that she is a member of the group that is configured to see the first half of the password.
On the other hand, Danielle can only copy the second half of the password. This is due to the fact that she is a member of the group that is configured to see the second half of the password.