Request a Password from Password Safe

Using a configuration that requires requests are approved by a designated approver, provides accountability and ensures the security of the system's account passwords by providing dual control over the managed accounts. A dual control configuration, requires the three following steps:

  1. Password request: An authorized requester requests a password release.
  2. Password approval: An authorized approver reviews and approves the request for release.
  3. Password retrieval: The authorized requester retrieves the approved password.

To use a dual control setup, Password Safe users must be assigned the Requestor or Approver role, or both.

Request a Password Release

  1. From the Accounts tab, load the accounts in the grid by clicking a category or using the filter options, and then click Load All Accounts.
  2. Click Access for the managed account for which you wish to request a session.
  3. From the Start Session tab, select a ticket system and provide a ticket number if required, check your desired options, and then click Start RDP Session. An RDP connection file downloads with a one-time use token, which expires after a period of time based on Session Initialization timeout settings.
  4. Run the file to establish a connection to the target system.
  5. Enter the password that you use to authenticate into Password Safe.
  1. Click Access for the managed account for which you wish to request a password.

Enter request information.

  1. From the Submit Request tab:
    • Set a start date and time for the password to be made available.
    • Set the length of time for the password to be available.
    • Check Password for the type of access you need.
    • Provide a reason for the request. The maximum allowed length is 200 characters.
    • Select a ticket system and provide a ticket number.

Reason, Ticket System, and Ticket Number fields might be optional or required, depending upon options configured in the access policy by your Password Safe administrator. Also, if your Password Safe administrator has set a specific ticket system in the access policy, you cannot select a different ticket system with your request.

  1. Click Submit Request. An email is sent to the approver if email notification is configured. You can view the status of your request from the Requests tab.

 

Retrieve a Password

Passwords approved for release can be displayed at any time (and as often as needed) during the release duration. After the password is approved, an email notification is sent to the requestor's email account. The requestor can then retrieve the password.

  1. Click the link to see a window with the date and time the release was approved and any comments made by the approver.
  2. Click Retrieve Password to display the system account password.

Password Safe Portal Retrieve Password Window - Copy Password

  1. The password displays in a separate window. The visibility of the password might be limited, with a timer showing remaining time. Click Close Window to close the windows before the timeout.
  2. To copy the password to the clipboard, click the Copy button.
  3. Use the password to log in to the system within the password release time period.

 

Retrieve a Password Using Quick Launch

If your access policy is configured for auto-approval for the managed system account you are accessing, Quick Launch is available, allowing you to quickly retrieve the password for the managed account, bypassing the approval process. To use Quick Launch:

  1. From the Accounts tab, click Access for the managed account you wish to access.

Access a managed account from Password Safe portal using Quick Launch

  1. From the Quick Launch tab, click Retrieve Password.
  2. Click Show to display the password or click the Copy icon to copy it.