Credentials are combinations of related user names and passwords and possibly additional details such as challenge questions and certificates necessary to authenticate against a system or product. Once a credential is created, the sensitive details are encrypted and secured in the pasGuard database. The Credential Viewer is used to display a color-coded list of credentials to the user. A green-highlighted row indicates the user is authorized to update the credential, white indicates the user is authorized to read the credential, and red indicates the user is not authorized to interact with the credential. In order to display credentials, optionally select Category, Customer, Product, and Credential Name filters and press the Filter button.

Creating Credentials

When the credential editor is opened, the top editor panel will contain a Employee Filter list box, Category Filter list box, Customer Filter list box, a Product Filter list box, and an Add button. To add a new credential, choose a category, customer and product from the filters, and click the Add button. The user will be prompted to enter a name unique to the credential being created. The default name is a concatenation of the category name, customer name and product name chosen from the filters. After choosing a name for the credential and clicking OK, an empty credential will be added to the database. Editing the credential is detailed below. The Employee Filter is not used in creating new credentials only in filtering to find credentials that an employee has had access to since their last password change.

NOTE: In order to create a credential, it is mandatory that at least one category, one product, and one customer have been created.

NOTE: Adding a credential will automatically generate full credential permissions for the user. Click here for more information on permissions.

Managing Credentials

After a credential has been created, selecting the credential from the grid will display tab pages inside the editor panel on the right hand side. The General Tab is displayed by default to all users. If the user has been granted Security permissions on the System level, a History Tab and Permissions Tab will also be displayed.

•General Tab

oShow/Hide Credential Details: Not all users are able to view credentials. Their ability is determined by the permissions set on the permission tab. If a user or a group that user is a member of is assigned Read permissions, that user is able to show the credential details, including the password, by clicking this button. Doing so will create a Read entry in the history log for the credential, and display the extended details for the credential.

oCredential Name: The unique name of the credential.

oIs Active: The active status of the credential, representing whether or not the credential is being used.

oCategory: The category the credential is assigned to. Checking the box will enable the option to change the category.

oCustomer: The customer the credential is assigned to. Checking the box will enable the option to change the customer.

oProduct: The product the credential is assigned to. Checking the box will enable the option to change the product.

oUser Name: The account log-on name for the Credential

oPassword: The password used in coordination with the user name. This field is encrypted and is not stored or cached locally.

oURL: An optional field for a website related to the credential.

oNotes: An optional field for additional notes or information that may be required to guide through the use of the credential.

oUpdate: Not all users are able to view credentials. Their ability is determined by the permissions set on the permission tab. If a user or a group that user is a member of is assigned Update permissions, that user is able to edit the credential details. This button will only be visible after showing the extended credential details, and is only enabled if the user has update permissions. Clicking this button will update the credential, hide the extended details, and create an Update entry in the history log for the credential, and display the extended details for the credential.

•History Tab

oThe history tab is displayed for all users. It contains two data grids to monitor credential activity. The history tab is only present when accessing the credential from the credential viewer.

oThe top grid is the Change History grid. It will display the entire history of reads and updates for the selected credential.

oThe bottom grid is the Access History grid. It will display all users who have viewed the credential since it last had the user name or password updated.

•Permissions Tab

oThe permissions tab is displayed for all users. This is used to assign Credential level permissions to user and group principals within ADFS. Only users with security System Permissions or Security Credential Permissions are able to assign permissions. Click here for more information on permissions.

Requesting Permissions

After selecting a credential which the user is not authorized to access, the credential editor will be replaced with a permission request control. Information about the credential and the administrative contact will be displayed. Selecting the Request Permissions button will send an email to the administrative email address listed in the System Configuration highlighting key information that is required to grant permission.

Applying Filters

Filters can be utilized to narrow down the results displayed in the credential grid. A separate filter exists for Categories, Customers, and Products in the top editor panel. A text box is also present to allow filtering by the credential name. Select which filters are desired, and press the Filter button to apply. To remove filters, press F5 to refresh the grid, or remove the filters and press the filter button again.

NOTE: Only users with Full System Permissions or Add Credential Permissions at each category level are able to add credentials. Once a credential is created, it cannot be deleted.

Send comments on this topic.