Hello
Is it possible to disable the personal folder in secret safe? can btadmin see the secrets in personal folder? If a user stores in personal folder , and the user leaves organization, we still need to be able to fetch the secrets saved by the user for the enterprise applications. So can we not show personal folders and only show the safes we create for the users?
Hey
Whenever the “Workforce Passwords” feature is enabled on a User Group, the users will gain access to a Personal Folder in Secrets Safe. The only way to hide that would be to remove that feature for those users.
As for whether or not these secrets are recoverable by a true Administrator, our documentation states that these should be:
Workforce Passwords should only be used for business credentials. Information stored in a personal folder is recoverable by an administrator of the site.
Ref: Workforce Passwords user guide | BI On-prem
As long as the account is not deleted, but rather quarantined instead, then the personal folder with secrets will not be removed.
Ref: KB0022538: Can users recover abandoned accounts, i.e. terminated or employees who quit?
Hey
Whenever the “Workforce Passwords” feature is enabled on a User Group, the users will gain access to a Personal Folder in Secrets Safe. The only way to hide that would be to remove that feature for those users.
As for whether or not these secrets are recoverable by a true Administrator, our documentation states that these should be:
Workforce Passwords should only be used for business credentials. Information stored in a personal folder is recoverable by an administrator of the site.
Ref: Workforce Passwords user guide | BI On-prem
As long as the account is not deleted, but rather quarantined instead, then the personal folder with secrets will not be removed.
Ref: KB0022538: Can users recover abandoned accounts, i.e. terminated or employees who quit?
but i tried to see those via webconsole as btadmin but couldnt find the personal folders for each enduser . I could see other safes that we had created and weren't the owner of under “see all safes” toggle but that too didnt include individual personal folders.
There is no way to do this using the GUI that I am aware of. You’ll need to use APIs to get a personal folder recovered.
First you’ll need to work with GET https://<yourTenant>/Secrets-Safe/Folders to list all folders and identify the “id” of the folder you want.
Then you can use GET https://<yourTenant>/Secrets-Safe/Folders/{folderId}/secrets to retrieve the secrets in that folder.
There is no way to do this using the GUI that I am aware of. You’ll need to use APIs to get a personal folder recovered.
First you’ll need to work with GET https://<yourTenant>/Secrets-Safe/Folders to list all folders and identify the “id” of the folder you want.
Then you can use GET https://<yourTenant>/Secrets-Safe/Folders/{folderId}/secrets to retrieve the secrets in that folder.
Thank you
There is no way to do this using the GUI that I am aware of. You’ll need to use APIs to get a personal folder recovered.
First you’ll need to work with GET https://<yourTenant>/Secrets-Safe/Folders to list all folders and identify the “id” of the folder you want.
Then you can use GET https://<yourTenant>/Secrets-Safe/Folders/{folderId}/secrets to retrieve the secrets in that folder.
I am unable to see other users personal folders..I can only see one personal folder when trying via the mentioned API. We have given full permission on secret safe/workforce..
There is no way to do this using the GUI that I am aware of. You’ll need to use APIs to get a personal folder recovered.
First you’ll need to work with GET https://<yourTenant>/Secrets-Safe/Folders to list all folders and identify the “id” of the folder you want.
Then you can use GET https://<yourTenant>/Secrets-Safe/Folders/{folderId}/secrets to retrieve the secrets in that folder.
I am unable to see other users personal folders..I can only see one personal folder when trying via the mentioned API. We have given full permission on secret safe/workforce..
if we do “runas” in Signin API as the user who had the folder access, then the API gives the output
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
