Password Requirements in Secret Server

28 06 2013

An important part of account security is choosing a strong password to be used to protect the account. The biggest challenge for most users is designing a strong password – one that contains at least eight characters consisting of a mix of upper- and lower-case letters, numbers, and symbols. It can be tedious and time consuming for an administrator whose task it is to design and manage passwords for a large a number and variety of accounts. In most all cases, each of these accounts will have their own password requirements including minimum and maximum character length along with their own set of illegal characters.

Password Generator

Secret Server solves the problem of creating strong, complex passwords with its Password Generator. This feature will generate passwords containing a random assortment of characters to be used for any account, and may be used in conjunction with Remote Password Changing.

Password Requirements

Secret Server’s Password Generator creates passwords in compliance with Password Requirements that are assigned at the Secret Template level. You can view the Password Requirements that are already available to you by going to Administration>Secret Templates and clicking “Password Requirements”. Note the Default Password Requirement – this is used for new Secret Templates by default and may be edited. To create a new set of Password Requirements, click “Create New.”

On this page, you can set the following parameters:

  • Password length
  • Types of characters required (Character Sets)
  • Minimum number of each character type required
  • Minimum frequency that each character type may appear

Password Requirements use Character Sets to group characters that may be required or excluded from requirements.

Character Sets

Character Sets may also be edited at any time and customized based on the requirements of the account type you plan to generate passwords for. You can create, view or edit Character Sets by clicking “Character Sets” on the Secret Templates page.

Below is a sample Password Requirement that we created for Local Windows Accounts:

PasswordRequirments





Integrating Your Ticketing System in Secret Server

14 06 2013

Secret Server can integrate with any web ticketing system. This allows you to tie specific Secret views to an item in your existing ticketing system. It does so by first validating that the ticket number given to Secret Server matches the pattern of your ticketing system. Secret Server will then use the ticket number to generate a link from the Secret Audit straight to the actual ticket.

The major benefit of integrating Secret Server with your ticketing system is that it helps create a stronger audit trail on more sensitive Secrets. This is done by requiring that a ticket number be added each time a Secret is viewed. This forces users to have a traceable component when accessing certain Secrets. It also allows administrators to view the audit of the Secret and click a link to go directly to the ticket in the ticketing system.

Ticketing

Setting up the integration is simple. First, visit Administration > Configuration > Ticket System. Once here, enable the integration by selecting the checkbox and then insert the URL template for your ticketing system. Next, you will want to enter the Regex that Secret Server will use to validate the ticket number that a user would input. Finally, you have the option to customize the message for an invalid ticket number and require users to enter a ticket number. Now, any Secret with Require Comment or Require Approval for Access will have a section to input a ticket number.








Follow

Get every new post delivered to your Inbox.

Join 30 other followers