Skip to main content

Hi Team,

We have Password Safe and PRA Integrated. We have some users who use both Password Safe and PRA to launch remote sessions.

SRA Access Policy must have the View Password option enabled, so the users can retrieve the credential in PRA console. Because of this requirement in SRA access policy, users are able to view managed account passwords in Password Safe.

How can we restrict users to NOT View Passwords in Password Safe and should be able to retrieve the credential in PRA Jump Session?

 

Thanks,

Hi ​@Prudhvi Keertipati You can create a new access policy which is location restricted . Add the IP addresses of PRA appliance/ECMs as the source and allow View Password for this policy. This will be applied to the SRA/PRA API user group in Passwordsafe. End users will see two policies. I think based on policy name , default policy can be the No-view Password policy when users log in to Passwordsafe. If they select the SRA/PRA API policy (newly created) . If they submit the request it shows the error location restricted . I got this suggestion from other user’s comment in Ideas portal

Hi ​@bt101 

I tested and it is working as expected. Thank you.

If Access Policy had a IP address restricted, then that access policy will not be visible to user if user console doesn't met the IP address criteria.

Reply


Badge Earners

  • BCIE: Endpoint Privilege Management - Windows
    Nikhil Raohas earned the badge BCIE: Endpoint Privilege Management - Windows
  • BCIE: Password Safe
    Nikhil Raohas earned the badge BCIE: Password Safe
  • BCA: Password Safe
    Zubairhas earned the badge BCA: Password Safe
  • BCIE: Remote Support
    1000Wasserhas earned the badge BCIE: Remote Support
  • BCIE: Privileged Remote Access
    rrueschXalienthas earned the badge BCIE: Privileged Remote Access
Show all badges
Terms & ConditionsCookie settings