In the tutorial series of Password Manager Pro, here comes one more. By leveraging the ‘Active Directory Integration’ support provided by Password Manager Pro, you can optimize password access management and read on the Tutorial below to know how!


Leverage Active Directory Integration to Optimize Password Access Management

The Challenge

One of the fundamental capabilities of PMP is strict access control, where password owners can define who can access and do what operations on shared passwords. Quite often, we find from our customers that they have a few password owners having to manage the access permissions to passwords shared by many people across various groups. This can get very tedious and error prone if each of the password owner has to manage access for individual users, especially with people moving across groups or leaving the organization.

The Solution

A better solution is to have administrators create user groups in PMP and manage access to the user groups instead of individual users. But user group management itself can be quite a task, even for a medium sized organization with hundreds of users and user groups.

This is where PMP’s strong integration with Active Directory helps administrators to completely automate user access management. They can leverage user group management capabilities of AD and make PMP use the same user group definitions from AD. For these user groups, only the access permissions are defined in PMP and the users that are part of the groups are derived from what is defined in AD.

For example, if the AD has user groups named Finance Admins, Finance Users, Executives, Engineers, Sales etc., PMP not only imports user information from AD, but also the user groups. Any change made to the user groups in AD could be automatically updated in PMP as well, in as fast as one minute.

With the user subscription to the user groups taken care reliably, all that the password owners have to ensure is provide appropriate access permissions to the user groups. Subsequently, when a user is moved across groups or gets deleted in AD, the change is immediately reflected in PMP and the user will automatically lose all permissions that was inherited. In addition, PMP audits all these events, generates notifications and provides in-depth reports to administrators to ensure they are always in control when it comes to password access control.

Steps Involved

The screen shots below explain how to set this up:

Importing user groups from AD

Go to Admin >> Active Directory and click the button “Import Now” in Step 1

AD User Group Import

AD User Group Import

Setup AD synchronization

Go to Admin >> Active Directory and click the button “Import Now” in Step 1

AD Synchronization

AD Synchronization

Setup access permissions to the user groups

Go to Resources/Resource Groups tab, select the required Resource/Resource Group, in the drop-down for sharing, select “Share with User Group”

Access Permission

Access Permission

Setup alerts and monitor activity

Go to “Resource Groups” and click the password action notification icon

Password Access Alerts

Password Access Alerts

Go to “User Audit” and click the link “Configure Audit”

Audit & Notifications

Audit & Notifications

Help Documentation Links: