Reference Guide
...
Secrets
Password Vault

Split Password Feature

3min

To secure the two-part approval process, account passwords can be split in two and each part retrieved by different users. After placing the users in different user groups, follow these steps:

  1. Navigate to Policy > Realms.
  2. Click on to Add Button.
  3. Create the Device Group Realm between the user groups (Who?) and the device group (What?) containing the target device and Save.
Device Group Realm for User Groups
Device Group Realm for User Groups

  1. Navigate to Secrets> Vault.
  2. Search for the account.
  3. Click the Account Options button.
  4. Select Permissions to open the permissions pop-up window.
  5. Define the READ_ONLY_FIRST_PART permission type for the user group that will receive the first part of the password.
  6. Define the READ_ONLY_SECOND_PART permission type for the user group that will receive the second part of the password.
Account Permissions Set Up for User Groups
Account Permissions Set Up for User Groups

  1. Close the permissions pop-up window.
  2. Navigate to Policy > Portal Functions.
  3. Create a portal realm with the SAPM Management, and SAPM Account Module Visibility function groups for both user groups.
Portal Functions Realm for the user groups
Portal Functions Realm for the user groups


After completing these steps, the users log in and retrieve their parts of the password from the Vault section, just like with normal password retrieval. They can log in to the target system using the Account username and the password combined in the correct order.

If one or two-level approval applies to the user, the user will receive the password part via email, once the approval process is completed.

PREVIOUS
Future Date Reservation
NEXT
Password Validation Check
Docs powered by Archbee