From a70cc6c534675df690d5494c064fc1a976adc347 Mon Sep 17 00:00:00 2001 From: Sascha Martens Date: Fri, 17 Oct 2025 11:07:37 +0200 Subject: [PATCH 1/4] Added Version 9.3 in old structure, added description for custom branding. --- .../9.3/configuration/_category_.json | 10 + .../advancedview/_category_.json | 6 + .../advancedview/clientmodule/_category_.json | 10 + .../clientmodule/applications/_category_.json | 10 + .../clientmodule/applications/applications.md | 110 ++++++++ .../applications/configuration_of_saml.md | 61 +++++ .../exampleapplications/_category_.json | 10 + .../example_applications.md | 13 + .../saml_application_for_dropbox.md | 39 +++ .../saml_application_for_postman.md | 42 +++ .../sap_gui_logon_-_sso_application.md | 42 +++ .../learningtheapplications/_category_.json | 10 + .../learning_the_applications.md | 89 +++++++ .../start_parameter.md | 77 ++++++ .../rdpandsshapplications/_category_.json | 10 + .../rdp_and_ssh_applications.md | 49 ++++ .../recording_a_session.md | 77 ++++++ .../clientmodule/client_module.md | 46 ++++ .../discoveryservice/_category_.json | 10 + .../discoveryservice/configuration_1.md | 109 ++++++++ .../discoveryservice/converting_entries.md | 163 ++++++++++++ .../discoveryservice/created_passwords.md | 40 +++ .../discoveryservice/deleting_entries.md | 51 ++++ .../discoveryservice/discovered_entries.md | 85 ++++++ .../discoveryservice/discovery_service.md | 37 +++ .../discoveryservice/logbook_1.md | 44 ++++ .../discoveryservice/requirements.md | 65 +++++ .../advancedview/clientmodule/documents.md | 67 +++++ .../clientmodule/forms/_category_.json | 10 + .../clientmodule/forms/change_form.md | 73 +++++ .../advancedview/clientmodule/forms/forms.md | 116 ++++++++ .../advancedview/clientmodule/logbook.md | 58 ++++ .../clientmodule/notifications.md | 78 ++++++ .../organisationalstructure/_category_.json | 10 + .../directoryservices/_category_.json | 10 + .../activedirectorylink/_category_.json | 10 + .../active_directory_link.md | 75 ++++++ .../end-to-end_encryption.md | 160 +++++++++++ .../activedirectorylink/masterkey_mode.md | 249 ++++++++++++++++++ .../radius_authentication.md | 38 +++ .../directoryservices/directory_services.md | 16 ++ .../entraidconnection/_category_.json | 10 + .../entraidconnection/entra_id_connection.md | 170 ++++++++++++ .../microsoft_entra_id_faq.md | 57 ++++ .../organisationalstructure/first_factor.md | 64 +++++ .../managingusers/_category_.json | 10 + .../managingusers/managing_users.md | 86 ++++++ .../user_passwords_logging_in.md | 91 +++++++ .../multifactorauthentication/_category_.json | 10 + .../multifactor_authentication.md | 93 +++++++ .../otp_(one-time-password).md | 55 ++++ .../yubicoyubikey.md | 82 ++++++ .../organisational_structure.md | 113 ++++++++ .../_category_.json | 10 + .../inheriting_permissions.md | 38 +++ .../permissions_for_organisational.md | 62 +++++ .../passwordreset/_category_.json | 10 + .../passwordreset/configuration_2.md | 69 +++++ .../clientmodule/passwordreset/heartbeat.md | 73 +++++ .../logbook_entries_under_password.md | 44 ++++ .../passwordreset/password_reset.md | 29 ++ .../passwordreset/requirements_1.md | 23 ++ .../clientmodule/passwordreset/rollback.md | 29 ++ .../clientmodule/passwordreset/scripts.md | 82 ++++++ .../passwordreset/user-defined_scripts.md | 79 ++++++ .../clientmodule/passwords/_category_.json | 10 + .../passwords/creating_new_passwords.md | 87 ++++++ .../passwords/form_field_permissions.md | 38 +++ .../clientmodule/passwords/history.md | 56 ++++ .../passwords/moving_passwords.md | 48 ++++ .../passwords/password_settings.md | 33 +++ .../clientmodule/passwords/passwords.md | 115 ++++++++ .../clientmodule/passwords/recycle_bin.md | 26 ++ .../passwords/revealing_passwords.md | 68 +++++ .../advancedview/clientmodule/roles.md | 79 ++++++ .../advancedview/mainmenufc/_category_.json | 10 + .../advancedview/mainmenufc/account.md | 89 +++++++ .../advancedview/mainmenufc/administration.md | 44 ++++ .../mainmenufc/export/_category_.json | 10 + .../advancedview/mainmenufc/export/export.md | 56 ++++ .../mainmenufc/export/export_wizard.md | 58 ++++ .../export/html_webviewer_export.md | 131 +++++++++ .../mainmenufc/extras/_category_.json | 10 + .../advancedview/mainmenufc/extras/extras.md | 23 ++ .../mainmenufc/extras/image_manager.md | 75 ++++++ .../mainmenufc/extras/password_generator.md | 68 +++++ .../mainmenufc/extras/password_rules.md | 82 ++++++ .../advancedview/mainmenufc/extras/reports.md | 57 ++++ .../mainmenufc/extras/seal_templates.md | 34 +++ .../extras/systemtasks/_category_.json | 10 + .../extras/systemtasks/emergency_webviewer.md | 165 ++++++++++++ .../extras/systemtasks/system_tasks.md | 98 +++++++ .../mainmenufc/extras/tag_manager.md | 34 +++ .../advancedview/mainmenufc/extras/trash.md | 24 ++ .../mainmenufc/general_settings.md | 38 +++ .../advancedview/mainmenufc/import.md | 69 +++++ .../advancedview/mainmenufc/main_menu_fc.md | 23 ++ .../mainmenufc/userrights/_category_.json | 10 + .../userrights/overview_of_all_user_rights.md | 116 ++++++++ .../mainmenufc/userrights/user_rights.md | 75 ++++++ .../mainmenufc/usersettings/_category_.json | 10 + .../overview_of_all_user_settings.md | 169 ++++++++++++ .../mainmenufc/usersettings/user_settings.md | 79 ++++++ .../operationandsetup/_category_.json | 10 + .../dashboardandwidgets/_category_.json | 10 + .../dashboard_and_widgets.md | 82 ++++++ .../dashboardandwidgets/keyboard_shortcuts.md | 22 ++ .../operationandsetup/filter/_category_.json | 10 + .../filter/advanced_filter_settings.md | 111 ++++++++ .../operationandsetup/filter/display_mode.md | 38 +++ .../operationandsetup/filter/filter.md | 98 +++++++ .../operationandsetup/list_view.md | 91 +++++++ .../operationandsetup/operation_and_setup.md | 97 +++++++ .../advancedview/operationandsetup/print.md | 96 +++++++ .../operationandsetup/reading_pane.md | 59 +++++ .../advancedview/operationandsetup/ribbon.md | 54 ++++ .../advancedview/operationandsetup/search.md | 52 ++++ .../advancedview/operationandsetup/tags.md | 51 ++++ .../_category_.json | 10 + .../_category_.json | 10 + .../automated_setting_of_permissions.md | 30 +++ .../inheritance_from_organizational.md | 89 +++++++ .../_category_.json | 10 + .../manual_setting_of_permissions.md | 94 +++++++ .../multiple_editing_of_permissions.md | 123 +++++++++ .../right_templates.md | 22 ++ .../permission_concept_and_protective.md | 138 ++++++++++ .../predefiningrights/_category_.json | 10 + .../predefiningrights/predefining_rights.md | 84 ++++++ .../predefiningrights/relevant_user_rights.md | 33 +++ .../scope_of_validity_for_predefined.md | 29 ++ .../working_with_predefined_rights.md | 68 +++++ .../protectivemechanisms/_category_.json | 10 + .../protectivemechanisms/password_masking.md | 67 +++++ .../protective_mechanisms.md | 62 +++++ .../seals/_category_.json | 10 + .../seals/release_mechanism.md | 67 +++++ .../seals/seal_overview.md | 57 ++++ .../protectivemechanisms/seals/seals.md | 149 +++++++++++ .../temporary_permissions.md | 47 ++++ .../protectivemechanisms/visibility.md | 40 +++ .../autofilladdon/_category_.json | 10 + .../autofilladdon/autofill_add-on.md | 65 +++++ .../configuration_autofill_add-on.md | 43 +++ .../configuration/basicview/_category_.json | 10 + .../9.3/configuration/basicview/basic_view.md | 31 +++ .../basicview/checklist_of_the_basic_view.md | 40 +++ .../basicview/password_management.md | 68 +++++ .../basicview/start_and_login_basic_view.md | 52 ++++ .../9.3/configuration/basicview/tab_system.md | 42 +++ .../todoforadministration/_category_.json | 10 + .../errorcodes_of_the_lightclient.md | 51 ++++ .../to_do_for_administration.md | 73 +++++ .../9.3/configuration/basicview/view.md | 64 +++++ .../browseraddons/_category_.json | 10 + .../browseraddons/applications_add-on.md | 89 +++++++ .../browseraddons/browser_add-ons.md | 128 +++++++++ .../browseraddons/how_to_save_passwords.md | 46 ++++ .../9.3/configuration/configuration.md | 10 + .../mobiledevices/_category_.json | 10 + .../mobiledevices/autofill/_category_.json | 6 + .../autofill/autofill_in_android.md | 47 ++++ .../mobiledevices/autofill/autofill_in_ios.md | 56 ++++ .../mobiledevices/mobile_devices.md | 55 ++++ .../mobiledevices/passwords_mobileapp.md | 85 ++++++ .../configuration/mobiledevices/securitymd.md | 38 +++ .../mobiledevices/settings_mobileapp.md | 75 ++++++ .../setupmobiledevice/_category_.json | 10 + .../setupmobiledevice/biometric_login.md | 15 ++ .../installation_of_the_app.md | 34 +++ .../setupmobiledevice/linking_the_database.md | 57 ++++ .../setupmobiledevice/setting_up_autofill.md | 33 +++ .../setupmobiledevice/setup_mobile_device.md | 24 ++ .../mobiledevices/synchronization.md | 40 +++ .../9.3/configuration/mobiledevices/tabs.md | 43 +++ .../offlineclient/_category_.json | 10 + .../offlineclient/offline_client.md | 58 ++++ .../offlineclient/setup_and_sync.md | 86 ++++++ .../9.3/configuration/sdkapi/_category_.json | 10 + .../configuration/sdkapi/migration_guide.md | 156 +++++++++++ .../9.3/configuration/sdkapi/sdk__api.md | 38 +++ .../servermanger/_category_.json | 10 + .../servermanger/basic_configuration.md | 88 +++++++ .../servermanger/certificates/_category_.json | 10 + .../servermanger/certificates/certificates.md | 84 ++++++ .../certificates/database_certificates.md | 33 +++ .../discovery_service_certificates.md | 26 ++ .../certificates/master_key_certificates.md | 29 ++ .../nps_server_encryption_certificate.md | 17 ++ .../password_reset_certificates.md | 28 ++ .../ssl_connection_certificates.md | 99 +++++++ .../servermanger/creating_databases.md | 58 ++++ .../databaseproperties/_category_.json | 10 + .../databaseproperties/database_firewall.md | 77 ++++++ .../databaseproperties/database_properties.md | 34 +++ .../general_settings_admin_client.md | 19 ++ .../servermanger/databaseproperties/syslog.md | 17 ++ .../servermanger/mainmenu/_category_.json | 10 + .../mainmenu/advanced_settings.md | 38 +++ .../mainmenu/backupsettings/_category_.json | 10 + .../automated_deletion_of_backups.md | 29 ++ .../backupsettings/backup_management.md | 85 ++++++ .../backupsettings/backup_settings.md | 20 ++ .../disaster_recovery_scenarios.md | 123 +++++++++ .../servermanger/mainmenu/license_settings.md | 54 ++++ .../servermanger/mainmenu/main_menu.md | 18 ++ .../managingdatabases/_category_.json | 10 + .../databasesettings/_category_.json | 10 + .../databasesettings/database_settings.md | 25 ++ .../databasesettings/hsm_connection.md | 49 ++++ .../multifactor_authentication_ac.md | 23 ++ .../databasesettings/session_timeout.md | 13 + .../managingdatabases/managing_databases.md | 97 +++++++ .../servermanger/msp/_category_.json | 10 + .../changesintheadminclient/_category_.json | 10 + .../changes_in_the_adminclient.md | 25 ++ .../cost_overview_module.md | 14 + .../customers_module.md | 105 ++++++++ .../9.3/configuration/servermanger/msp/msp.md | 15 ++ .../operation_and_setup_admin_client.md | 115 ++++++++ .../servermanger/server_manger.md | 22 ++ .../servermanger/settlement_right_key.md | 90 +++++++ .../servermanger/setup_wizard.md | 74 ++++++ .../webapplication/_category_.json | 10 + ...authorization_and_protection_mechanisms.md | 51 ++++ .../functionalscope/_category_.json | 10 + .../functionalscope/application.md | 30 +++ .../documents_web_application.md | 30 +++ .../functionalscope/forms_module.md | 23 ++ .../functionalscope/functional_scope.md | 28 ++ .../logbook_web_application.md | 28 ++ .../functionalscope/notifications.md | 16 ++ .../organisationalstructure/_category_.json | 10 + .../organisational_structure.md | 73 +++++ .../user_management.md | 20 ++ .../functionalscope/password_module.md | 55 ++++ .../functionalscope/roles_module.md | 21 ++ .../functionalscope/tag_system.md | 13 + .../webapplication/operation/_category_.json | 10 + .../operation/filter_or_structure_area.md | 38 +++ .../webapplication/operation/footer.md | 38 +++ .../webapplication/operation/header.md | 44 ++++ .../webapplication/operation/list_view.md | 23 ++ .../webapplication/operation/menu.md | 93 +++++++ .../operation/navigationbar/_category_.json | 10 + .../operation/navigationbar/navigation_bar.md | 25 ++ .../operation/navigationbar/settings_wc.md | 70 +++++ .../operation/navigationbar/user_menu_wc.md | 39 +++ .../webapplication/operation/operation.md | 85 ++++++ .../operation/reading_pane_webclient.md | 21 ++ .../problems_with_the_server_connection.md | 27 ++ .../webapplication/web_application.md | 28 ++ .../9.3/enduser/_category_.json | 10 + .../9.3/enduser/advancedview.md | 20 ++ .../9.3/enduser/browserextension.md | 49 ++++ .../9.3/enduser/cleanuppasswords.md | 84 ++++++ .../9.3/enduser/createnewentry.md | 57 ++++ .../9.3/enduser/organizepasswords.md | 71 +++++ docs/passwordsecure/9.3/enduser/overview.md | 24 ++ docs/passwordsecure/9.3/faq/_category_.json | 6 + .../9.3/faq/security/_category_.json | 6 + .../9.3/faq/security/encryption.md | 43 +++ .../9.3/faq/security/high_availability.md | 43 +++ .../9.3/faq/security/penetration_tests.md | 23 ++ docs/passwordsecure/9.3/index.md | 25 ++ .../9.3/installation/_category_.json | 10 + .../9.3/installation/installation.md | 79 ++++++ .../installation_server_manager.md | 44 ++++ .../installationbrowseraddon/_category_.json | 10 + .../installationbrowseraddon/google_chrome.md | 24 ++ .../installation_browser_add-on.md | 14 + .../microsoft_edge.md | 18 ++ .../mozilla_firefox.md | 20 ++ .../installationbrowseraddon/safari.md | 15 ++ .../installationclient/_category_.json | 10 + .../installationclient/installation_client.md | 100 +++++++ .../installation_with_parameters.md | 31 +++ .../_category_.json | 10 + .../installationwebapplication/apache.md | 49 ++++ .../installation_web_application.md | 93 +++++++ .../microsoft_iis.md | 64 +++++ .../installationwebapplication/nginx.md | 50 ++++ .../installation/requirements/_category_.json | 6 + .../requirements/application_server.md | 42 +++ .../requirements/client_configuration.md | 31 +++ .../installation/requirements/mobile_apps.md | 19 ++ .../installation/requirements/mssql_server.md | 32 +++ .../requirements/webserver/_category_.json | 10 + .../requirements/webserver/browser.md | 20 ++ .../requirements/webserver/webserver.md | 39 +++ .../9.3/introduction/_category_.json | 10 + .../9.3/introduction/introduction.md | 14 + .../versionhistory/_category_.json | 10 + .../versionhistory/version_9.0.0.30423.md | 54 ++++ .../versionhistory/version_9.0.1.30479.md | 29 ++ .../versionhistory/version_9.0.2.30602.md | 40 +++ .../versionhistory/version_9.0.3.30606.md | 13 + .../versionhistory/version_9.1.0.30996.md | 106 ++++++++ .../versionhistory/version_9.1.1.31138.md | 72 +++++ .../versionhistory/version_9.1.2.31276.md | 56 ++++ .../versionhistory/version_9.1.3.31365.md | 44 ++++ .../versionhistory/version_9.2.0.32454.md | 74 ++++++ .../versionhistory/version_9.2.1.32530.md | 47 ++++ .../versionhistory/version_history.md | 30 +++ .../9.3/maintenance/_category_.json | 6 + .../maintenance/eccmigration/_category_.json | 10 + .../maintenance/eccmigration/ecc_migration.md | 13 + .../ecc_migration_administrator_manual.md | 78 ++++++ .../eccmigration/ecc_migration_user_manual.md | 25 ++ .../9.3/maintenance/moving_the_server.md | 103 ++++++++ docs/passwordsecure/9.3/maintenance/update.md | 111 ++++++++ docs/passwordsecure/9.3/msp_system.md | 58 ++++ sidebars/passwordsecure/9.3.js | 8 + src/config/products.js | 10 +- .../configure_custom_branding.webp | Bin 0 -> 63197 bytes 315 files changed, 14891 insertions(+), 2 deletions(-) create mode 100644 docs/passwordsecure/9.3/configuration/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/requirements.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/change_form.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/configuration_2.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/requirements_1.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/moving_passwords.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/revealing_passwords.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/trash.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/print.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md create mode 100644 docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md create mode 100644 docs/passwordsecure/9.3/configuration/autofilladdon/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md create mode 100644 docs/passwordsecure/9.3/configuration/autofilladdon/configuration_autofill_add-on.md create mode 100644 docs/passwordsecure/9.3/configuration/basicview/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/basicview/basic_view.md create mode 100644 docs/passwordsecure/9.3/configuration/basicview/checklist_of_the_basic_view.md create mode 100644 docs/passwordsecure/9.3/configuration/basicview/password_management.md create mode 100644 docs/passwordsecure/9.3/configuration/basicview/start_and_login_basic_view.md create mode 100644 docs/passwordsecure/9.3/configuration/basicview/tab_system.md create mode 100644 docs/passwordsecure/9.3/configuration/basicview/todoforadministration/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md create mode 100644 docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md create mode 100644 docs/passwordsecure/9.3/configuration/basicview/view.md create mode 100644 docs/passwordsecure/9.3/configuration/browseraddons/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md create mode 100644 docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md create mode 100644 docs/passwordsecure/9.3/configuration/browseraddons/how_to_save_passwords.md create mode 100644 docs/passwordsecure/9.3/configuration/configuration.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/autofill/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_android.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_ios.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/mobile_devices.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/passwords_mobileapp.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/securitymd.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/biometric_login.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md create mode 100644 docs/passwordsecure/9.3/configuration/mobiledevices/tabs.md create mode 100644 docs/passwordsecure/9.3/configuration/offlineclient/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md create mode 100644 docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md create mode 100644 docs/passwordsecure/9.3/configuration/sdkapi/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/sdkapi/migration_guide.md create mode 100644 docs/passwordsecure/9.3/configuration/sdkapi/sdk__api.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/basic_configuration.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/certificates/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/certificates/nps_server_encryption_certificate.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/creating_databases.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_firewall.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/general_settings_admin_client.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/advanced_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/automated_deletion_of_backups.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/license_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/mainmenu/main_menu.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/database_settings.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/msp/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/changes_in_the_adminclient.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/cost_overview_module.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/customers_module.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/msp/msp.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/server_manger.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/settlement_right_key.md create mode 100644 docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/notifications.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/header.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/_category_.json create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/user_menu_wc.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/problems_with_the_server_connection.md create mode 100644 docs/passwordsecure/9.3/configuration/webapplication/web_application.md create mode 100644 docs/passwordsecure/9.3/enduser/_category_.json create mode 100644 docs/passwordsecure/9.3/enduser/advancedview.md create mode 100644 docs/passwordsecure/9.3/enduser/browserextension.md create mode 100644 docs/passwordsecure/9.3/enduser/cleanuppasswords.md create mode 100644 docs/passwordsecure/9.3/enduser/createnewentry.md create mode 100644 docs/passwordsecure/9.3/enduser/organizepasswords.md create mode 100644 docs/passwordsecure/9.3/enduser/overview.md create mode 100644 docs/passwordsecure/9.3/faq/_category_.json create mode 100644 docs/passwordsecure/9.3/faq/security/_category_.json create mode 100644 docs/passwordsecure/9.3/faq/security/encryption.md create mode 100644 docs/passwordsecure/9.3/faq/security/high_availability.md create mode 100644 docs/passwordsecure/9.3/faq/security/penetration_tests.md create mode 100644 docs/passwordsecure/9.3/index.md create mode 100644 docs/passwordsecure/9.3/installation/_category_.json create mode 100644 docs/passwordsecure/9.3/installation/installation.md create mode 100644 docs/passwordsecure/9.3/installation/installation_server_manager.md create mode 100644 docs/passwordsecure/9.3/installation/installationbrowseraddon/_category_.json create mode 100644 docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md create mode 100644 docs/passwordsecure/9.3/installation/installationbrowseraddon/installation_browser_add-on.md create mode 100644 docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md create mode 100644 docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md create mode 100644 docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md create mode 100644 docs/passwordsecure/9.3/installation/installationclient/_category_.json create mode 100644 docs/passwordsecure/9.3/installation/installationclient/installation_client.md create mode 100644 docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md create mode 100644 docs/passwordsecure/9.3/installation/installationwebapplication/_category_.json create mode 100644 docs/passwordsecure/9.3/installation/installationwebapplication/apache.md create mode 100644 docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md create mode 100644 docs/passwordsecure/9.3/installation/installationwebapplication/microsoft_iis.md create mode 100644 docs/passwordsecure/9.3/installation/installationwebapplication/nginx.md create mode 100644 docs/passwordsecure/9.3/installation/requirements/_category_.json create mode 100644 docs/passwordsecure/9.3/installation/requirements/application_server.md create mode 100644 docs/passwordsecure/9.3/installation/requirements/client_configuration.md create mode 100644 docs/passwordsecure/9.3/installation/requirements/mobile_apps.md create mode 100644 docs/passwordsecure/9.3/installation/requirements/mssql_server.md create mode 100644 docs/passwordsecure/9.3/installation/requirements/webserver/_category_.json create mode 100644 docs/passwordsecure/9.3/installation/requirements/webserver/browser.md create mode 100644 docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md create mode 100644 docs/passwordsecure/9.3/introduction/_category_.json create mode 100644 docs/passwordsecure/9.3/introduction/introduction.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/_category_.json create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.0.30423.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.2.30602.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.3.30606.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.1.31138.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.0.32454.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md create mode 100644 docs/passwordsecure/9.3/introduction/versionhistory/version_history.md create mode 100644 docs/passwordsecure/9.3/maintenance/_category_.json create mode 100644 docs/passwordsecure/9.3/maintenance/eccmigration/_category_.json create mode 100644 docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration.md create mode 100644 docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md create mode 100644 docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md create mode 100644 docs/passwordsecure/9.3/maintenance/moving_the_server.md create mode 100644 docs/passwordsecure/9.3/maintenance/update.md create mode 100644 docs/passwordsecure/9.3/msp_system.md create mode 100644 sidebars/passwordsecure/9.3.js create mode 100644 static/images/passwordsecure/9.3/installation/installation_web_application/configure_custom_branding.webp diff --git a/docs/passwordsecure/9.3/configuration/_category_.json b/docs/passwordsecure/9.3/configuration/_category_.json new file mode 100644 index 0000000000..9843cc2a8e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuration", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "configuration" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/_category_.json new file mode 100644 index 0000000000..09f5c3ea34 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Advanced View", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/_category_.json new file mode 100644 index 0000000000..32dfd95a1c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Client Module", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "client_module" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/_category_.json new file mode 100644 index 0000000000..ae7e02e7ab --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Applications", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "applications" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md new file mode 100644 index 0000000000..485317c25f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md @@ -0,0 +1,110 @@ +--- +title: "Applications" +description: "Applications" +sidebar_position: 80 +--- + +# Applications + +## What are applications? + +Applications can be used to configure automated logins to various systems. Especially when combined +with various protective mechanisms, the company benefits in terms of security because complex +passwords are automated and entered in the login masks in concealed form. Various types are +available, such as Remote Desktop (**RDP**), Secure Shell (**SSH**), general applications (**SSO**) +and web applications. The Single Sign On Engine offers countless configuration options to enable +automatic logon to almost any kind of software. + +![applications module](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_1-en.webp) + +- Automatic logins to websites are covered by the + [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md). + +## The four types of applications + +Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO and web +applications. + +![new application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_2-en.webp) + +In terms of how they are handled, **RDP and SSH** applications can be covered together. Both types +of application can be (optionally) "embedded" in Netwrix Password Secure. The relevant session then +opens in its own tab in the [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). +All other forms of automatic logins are summarized in the **SSO applications** and **web +applications** categories. How exactly these logins are created and used is covered in the next +section and in the web applications chapter. They include all forms of Windows login masks and also +applications for websites. In contrast to RDP and SSH applications, they cannot be started embedded +in Netwrix Password Secure but are instead opened as usual in their own window. These SSO +applications need to be defined in advance. In Netwrix Password Secure, this is also described as +[Learning the applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). In contrast, +RDP and SSH can be both completely defined and also started within Netwrix Password Secure. + +## RDP and SSH + +A new RDP/SSH application can be created via the ribbon or also the context menu that is accessed +using the right mouse button. A corresponding form opens in each case where the variables for a +connection can be defined. + +![new application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_3-en.webp) + +These variables also correspond precisely to those (using the example of RDP here) that can be +configured when creating an RDP connection via “mstsc”. Whether the connections should be started in +a tab, full screen mode or in a window can be defined in the field **"window mode"**. + +## Working with RDP and SSH applications + +If you have created e.g. an RDP connection, this can now also be directly started via the ribbon. +The connection to the desired session can be established via the icon **Establish RDP connection**. + +![estabish RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_4-en.webp) + +Netwrix Password Secure now attempts to log in to the target system with the information available. +Data that are not saved in the form will be directly requested when opening the session. It is thus +also possible to only enter the IP address and/or the password after starting the Netwrix Password +Secure application. If all data has been retrieved, the RDP session will open in a tab – if so +defined (Window mode field in the application): + +![RDP session](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_5-en.webp) + +## Logging in via SSH certificates + +It is also possible to complete the authentication process using SSH certificates. For this purpose, +the certificate is saved as a document in .ppk format. (It may be necessary to firstly approve this +file ending in the settings). The document is then linked to the record via the footer. The record +does not need to have a password. However, it is necessary for the record to be linked to a SSH +application. + +## Linking records and applications + +The application defines the requirements for the desired connection and also optionally for the +target system. By linking records with applications, the complete login process can be automated. If +the record now also supplies the user name and password, all of the information required for the +login is available. Applications and records are linked via the "Start" tab in the ribbon. If this +link to a record is established, a 1-click login to the target system is possible. + +![linking RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_6-en.webp) + +The following example illustrates this process using an RDP connection: + +![RDP Connection](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_7-en.webp) + +A record can also be linked to multiple target systems in this manner. The user name and record are +supplied by the record, while all other information necessary for the login is supplied by the +different applications. In the following example, a record (user name and password) is linked to +multiple access points. + +![multiple access points](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_8-en.webp) + +This is generally a very common scenario. Nevertheless, it should be noted that accessing multiple +servers with one single password is questionable from a security standpoint. It is generally +recommended that a unique password is issued for every server/access point. + +NOTE: It is possible to leave the **IP address** field empty in the application. If an **IP +address** field exists in the linked record then this address will be used. If there is also no IP +address in the record, a popup window will appear in which the desired IP address can be entered +manually. + +Alternatively, it is possible to connect several records with one RDP connection. In this way, you +can combine different users with an RDP connection and register them straightforward. + +![connect RDP sessions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_9-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md new file mode 100644 index 0000000000..3f5a4f9827 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md @@ -0,0 +1,61 @@ +--- +title: "Configuration of SAML" +description: "Configuration of SAML" +sidebar_position: 30 +--- + +# Configuration of SAML + +## What is SAML? + +The Security Assertion Markup Language (SAML) is an XML framework for exchanging authentication and +authorization information. It provides functions to describe and transmit security-related +information. This means that you can use one set of credentials to log in to many different +websites. It is much easier to manage one login per user than separate logins for email, Customer +Relationship Management (CRM) software, Active Directory, and more. + +## Preconditions + +In order for the users to be able to use SAML, "SMTP" must be set up and an e-mail address must be +stored with the corresponding users. In addition, the Web Application is mandatory. Therefore, the +Web Application must already be "set up or installed". + +## Configuration + +In order to create **SAML applications**, SAML must **first** be activated. + +This is implemented in the settings of the database in the Server Manager: + +![activate SAML](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_1-en.webp) + +As soon as the check box is ticked, the next step is to enter the URL of the Web Application. The +SAML configuration screen should then look like this: + +![SAML configuration ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_2-ewn.webp) + +The screen is left open and the configuration is continued at the Advanced view. To do this, log on +to the client as usual and switch to the **Applications** module. Select a **new SAML application** +and fill it with the relevant data from the service provider. + +NOTE: The data of the service provider, which are entered in the Advanced view, can be found at the +respective provider. This differs from provider to provider. + +![new SAML application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_3-en.webp) + +In addition, the data must be stored in the **Server Manager** at the service provider. + +After the successful entry of all data, the last necessary step is the verification of the user. +This is done by clicking on the tile. This gives the user an e-mail with which he can verify +himself. + +![SAML tile in LightClient](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_4-en.webp) + +After verification, the **SAML application** can be started from the Basic view view. + +**CAUTION:** As this is a passwordless authentication, it is not necessary to link the **SAML +application** with a password. + +NOTE: Setup and configuration instructions for +[SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) and +[SAML application for Postman](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md)can be +found in the corresponding chapters. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/_category_.json new file mode 100644 index 0000000000..c7ac80dfd9 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Example Applications", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "example_applications" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md new file mode 100644 index 0000000000..a9c13b2a3c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md @@ -0,0 +1,13 @@ +--- +title: "Example Applications" +description: "Example Applications" +sidebar_position: 40 +--- + +# Example Applications + +In this section you'll find examples for applications. + +- [SAP GUI logon - SSO Application](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md) +- [SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) +- [SAML application for Postman](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md new file mode 100644 index 0000000000..2ea15ebed2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md @@ -0,0 +1,39 @@ +--- +title: "SAML Application for Dropbox" +description: "SAML Application for Dropbox" +sidebar_position: 20 +--- + +# SAML Application for Dropbox + +## SAML Configuration Example for Dropbox + +This chapter explains how to configure the SAML application for **Dropbox**. It is assumed that +[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been +activated in the Server Manager. + +- Log in as administrator at the **Dropbox** +- Open the Admin Console + +![Admin Console](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_1-en.webp)s + +- Open Settings + +![settings dropbox](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_2-en.webp) + +- Single Sign On + +![SSO dropbox](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_3-en.webp) + +- This is where the data SSO URL and the certificate from the Server Manager must be deposited. + +![database settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_4-en.webp) + +- In the Advanced view, a new SAML application must be created in the Applications module. +- Then the target page (login URL) and the XML file must be stored in the application. + +![login with SAML](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_5-en.webp) + +The XML file must look like [this](https://cdn.manula.com/user/3511/docs/dropbox.xml). + +- The application can now be executed via the Basic view. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md new file mode 100644 index 0000000000..5d4d167343 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md @@ -0,0 +1,42 @@ +--- +title: "SAML application for Postman" +description: "SAML application for Postman" +sidebar_position: 30 +--- + +# SAML application for Postman + +## SAML configuration example for Postman + +This chapter explains how to configure the SAML application for **Postman**. It is assumed that +[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been +activated in the Server Manager. + +- First, you register with Postman. +- After logging in, click on the avatar and select "**Settings**". + +![settings postman](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_1-en.webp) + +- Then click on **Authentication**. Select a new method in the upper right corner. + +![option authentication postman](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_2-en.webp) + +- Here the Authentication Type must be defined with **SAML 2.0** and any useful Authentication Name. + +![add authentication method](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_3-en.webp) + +Then you come to the actual configuration. + +- Store Provider Details +- **Identity Provider Details** The data from the Server Manager is uploaded as XML or stored + manually. + +![postman identity provider details](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_4-en.webp) + +- **Service Provider Details** The service provider details are now copied to the application in the + Netwrix Password Secure Client. + +![postman service provider details](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_5-en.webp) + +NOTE: Please note that a **Relay State** is required. This value can be created in the **Configure +Identity Provider Details View**. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md new file mode 100644 index 0000000000..47fd2f3abf --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md @@ -0,0 +1,42 @@ +--- +title: "SAP GUI logon - SSO Application" +description: "SAP GUI logon - SSO Application" +sidebar_position: 10 +--- + +# SAP GUI logon - SSO Application + +## Fundamental information + +Logging into SAP can be achieved via the usage of +[Start Parameter](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). The +prerequisite here is for the login process to be carried out via the "SAPshortcut". All available +parameters are listed in the [SAP-Wiki](https://wiki.scn.sap.com/wiki/display/NWTech/SAPshortcut). + +Form Firstly, a [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) should be created with the required fields. This +could look like this: + +![SAP form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_1-en.webp) + +## Record + +A corresponding record is then created via the form: + +![SAP record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_2-en.webp) + +## Application + +A corresponding SSO application now needs to be created. + +![SAP Application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_3-en.webp) + +## Link + +The record now needs to be linked with the application. To do this, open the context menu by right +clicking on the record. The previously created application can then be selected here via +**Applications** and **Connect application**. + +![link record/application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_4-en.webp) + +The link is then displayed in the ribbon. Clicking on the link will now open SAP, whereby the +parameters for logging in to the application are directly transferred. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/_category_.json new file mode 100644 index 0000000000..542da12aad --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Learning the applications", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "learning_the_applications" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md new file mode 100644 index 0000000000..7aa901d064 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md @@ -0,0 +1,89 @@ +--- +title: "Learning the applications" +description: "Learning the applications" +sidebar_position: 10 +--- + +# Learning the applications + +## Which applications need to be learned? + +As already indicated in the previous section, RDP and SSH applications are completely embedded in +Netwrix Password Secure. These applications thus do not need to be specially learned. All other +applications in Windows need to be learned once. + +## What does learning mean? + +The record contains the user name and password. Learning involves defining the steps required. The +result is equivalent to a script that defines where precisely the login data should be entered. In +Netwrix Password Secure, the completed instructions themselves are also known as an "application". + +## Relevant rights + +The following options are required. + +### User right + +- Can add new RDP applications +- Can add new SSH applications +- Can add new SSO applications +- Can add new web applications + +## Configuration + +First, a new SSO application is created via the ribbon. + +![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_1-en.webp) + +Various properties for the application can now be defined in the tab that opens. The fields **Window +title**, **Application** and **Application path** are not manually filled. This is done via the +**Create application** button in the ribbon: + +![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_2-en.webp) + +A crosshair cursor now appears. It enables the actual "mapping" or assignment of the target fields. +You can see the field assignment for the user name below using a login to an SQL server as an +example. All of the other fields that should be automatically entered are assigned in the same way. +The process is always the same. You select the field that needs to be automatically filled and then +decide which information should be used to fill it. + +![mapping fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_3-en.webp) + +In parallel to the previous step, all of the already assigned fields will be displayed on the right +edge of the screen. In this example, the VMware vSphere Client has a total of 4 assigned fields: IP, +user name, password and clicking the button to subsequently confirm the login. + +![connected fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_4-en.webp) + +NOTE: "Graphical recognition:" The graphical recognition function provides additional protection. It +can be used to define other factors for the SSO. An area is defined that then serves as the output +for the comparison (e.g. for login masks with an image). In order to activate the graphical +recognition function, click on the eye at the top right after assigning the fields! The area that +will serve as the output point is then marked. + +Once you have assigned all of the fields, you can exit the application process using the enter +button. The fields "Window title", "Application" and "Application path" mentioned at the beginning +are now automatically filled. + +![filled fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_5-en.webp) + +As you can see, the .exe file is directly referenced. If the application is saved to the same +storage location for all users, it can then also be accessed by all other users. + +## Linking records with applications + +In the [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md), the newly created application can now be directly +linked. To do this, mark the record to be linked and open the "Connect application" menu in the +"Start" tab via the ribbon. This will open a list of all the available applications. It is now +possible here to link to the previously created application "VMware". + +![connect application with record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_6-en.webp) + +When the link has been established, this application can then be directly started via the ribbon in +future. Pressing the button directly opens the linked application. + +![start application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_7-en.webp) + +**CAUTION:** With respect to permissions, applications are subject to the same rules as for +passwords, roles or documents. It is possible to separately define which group of users is permitted +to use each application. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md new file mode 100644 index 0000000000..ee8140d3f6 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md @@ -0,0 +1,77 @@ +--- +title: "Start Parameter" +description: "Start Parameter" +sidebar_position: 10 +--- + +# Start Parameter + +## Start parameters for SSO applications⚓︎ + +Start parameters can be defined when creating or editing an SSO application. These parameters are +immediately transferred when starting the application. This is done, for example, to directly start +the program with various basic settings. The corresponding parameters should be requested from the +manufacturer of the software or taken from the documentation. + +## Configuration of the parameters⚓︎ + +The parameters can be directly entered in the application in the corresponding field. Alternatively, +a configuration window is also available for this purpose. + +![parameters applications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/start_parameter/start_parameter_1-en.webp) + +The required elements can be moved here from the right side to the left side by drag & drop. + +![edit parameters](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/start_parameter/start_parameter_2-en.webp) + +Different categories are available here: + +In the **Parameter** category, only the parameter descriptions **Field name** or **Parameter** are +available. These then need to be manually supplemented. The parameters in the **Field name** +category can directly address the fields, meaning directly transfer the field names. Example In this +example, the following start parameter have been defined for the Salamander application: + +- **L** (for folder path in the left column) +- **R** (for folder path in the right column) + +For both parameters, the password fields with the names "Left Path" and "Right Path" are then +transferred in each case. + +![enter parameter](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/start_parameter/start_parameter_3-en.webp) + +The application is then linked with the following password: + +![linked password parameter](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/start_parameter/start_parameter_4-en.webp) + +When the Salamander application is started, the placeholder is replaced by the field names. +Therefore, instead of + +**-L `{field:Left Path}` -R `{field:Right Path}`** + +the following start parameters are transferred: + +**-L "C:\Projekte\" -R "C:\Ablage\Projekte"** + +## Placeholder for fields⚓︎ + +Fields can be added via certain placeholders based on their type or their name. The easiest way to +do this is using the configuration window described above. + +| Field type | Placeholder | +| ----------------------- | ----------------- | +| Text | `{Text}` | +| Password | `{Password}` | +| Date | `{Date}` | +| Check | `{Check}` | +| URL | `{Url}` | +| Email | `{Email}` | +| Phone | `{Phone}` | +| ​List | `{List}` | +| Header | `{Header}` | +| Multiline text | ​`{Memo}` | +| Multiline password text | ​`{PasswordMemo}` | +| Integer | `{Int}` | +| Floating-point number | `{Decimal}` | +| User name | `{UserName}` | +| ​IP address | `{Ip}` | +| Enter field name | `{field:name}` | diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/_category_.json new file mode 100644 index 0000000000..82ef1e3691 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "RDP and SSH Applications", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "rdp_and_ssh_applications" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md new file mode 100644 index 0000000000..f01360b811 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md @@ -0,0 +1,49 @@ +--- +title: "RDP and SSH Applications" +description: "RDP and SSH Applications" +sidebar_position: 20 +--- + +# RDP and SSH Applications + +**RDP and SSH applications** can be used "embedded" inside Netwrix Password Secure. Starting one of +those applications opens a new tab inside Netwrix Password Secure. + +## Creating RDP and SSH Applications + +A new RDP or SSH application can be created via the ribbon or the context menu. The corresponding +form appears in which you define the variables for a connection. + +![new rdp application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/rdp_and_ssh_applications_1-en.webp) + +These variables correspond exactly to those that can be configured (here using the RDP example) when +creating an RDP connection via "mstsc". The window mode defines whether the connection should be +started in a tab, in full screen mode or in a separate window. + +## Working with RDP and SSH Applications + +For example, if you have created an RDP application, you can start it directly from the ribbon. With +the icon "Establish RDP connection" the connection to the desired session will be established. + +![establish RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_4-en.webp) + +Netwrix Password Secure now tries to log in to the target system with the available information. All +missing information will be requested directly after the connection is established. It is therefore +also possible to enter the IP address and/or password after starting the application. + +![RDP connection](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/rdp_and_ssh_applications_3-en.webp) + +## Login via SSH certificates + +It is also possible to use SSH-certificates for authentication. For this purpose, the certificate is +stored as a document in .ppk format. The document is then linked to the data record via the footer. +The data record does not have to contain a password, but it must be linked to an SSH application. + +NOTE: The file extension may first have to be enabled via the settings. + +## Keyboard shortcuts + +Netwrix Password Secure supports various +[Keyboard shortcuts](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md). For +example transferring user name and password to the corresponding application. However, it should be +noted that this only works if the application is opened directly from Netwrix Password Secure diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md new file mode 100644 index 0000000000..4f09a9ef6c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md @@ -0,0 +1,77 @@ +--- +title: "Recording a session" +description: "Recording a session" +sidebar_position: 10 +--- + +# Recording a session + +## What is session recording? + +Session recording can be used to make a visual recording of RDP and SSH sessions. These recordings +can then be subsequently viewed and evaluated. In this context, it is also possible to limit this +functionality so that only the user themselves or an assigned person e.g. security officer can view +and evaluate these recordings. + +![notifications modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) + +## Relevant rights + +The following options are required to manage sessions for an application. + +### User right + +- Can manage recordings for an application + +NOTE: Please note that session recording uses disk space in the database. Although the way the +recordings are saved is efficient in terms of resources, the required amount of disk space varies +greatly depending on the content. The more that is done during the recorded session, the higher the +disk space usage. + +Session recording firstly needs to be activated for the relevant RDP or SSH application before it +can take place. + +RDP + +![activating session recording](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_2-en.webp) + +SSH + +![activating session recording](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_3-en.webp) + +If the setting has been activated, the recording will start automatically the next time a connection +is established. + +NOTE: The recordings are already streamed to the server and saved into the database during the +recording process. Therefore, no recordings are lost even if the connection is terminated. They are +immediately saved until the connection is terminated or until the end of the session. + +## Viewing the session recordings + +If recordings exist for an application, these can be called up and viewed in the Applications +module. + +![viewing session recording](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_4-en.webp) + +It is possible to search the session recordings using the filter as usual. It is also possible here +to limit the search results based on the date and user. In the section on the right, it is also +possible to further filter the searched list based on all column contents. + +![session records](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_5-en.webp) + +Once a session recording has been selected, a new tab will open in which you can view the recording. +The function "Skip inactivity" can be activated via the ribbon so that a recording can be +effectively and quickly viewed so as only to see the relevant actions. + +![viewing a session recording](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_6-en.webp) + +When are indicators set? + +- Mouse click +- Keyboard command + +## Automatic deletion of old recordings + +If desired, recordings can be automatically cleaned up. This option can be configured on the +**Server Manager**. Further information can be found in the section +[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md)s. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md new file mode 100644 index 0000000000..a91528d405 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md @@ -0,0 +1,46 @@ +--- +title: "Client Module" +description: "Client Module" +sidebar_position: 20 +--- + +# Client Module + +## What are modules? + +Netwrix Password Secure can be customized according to the needs of the users. This requirement can +be applied by the user, and can also be applied by administrative users. This means that everyone +gets only those functionalities that are necessary for his special work. The amount of features +required by an administrator differs significantly from those of a normal user. The **modular +structure** of Netwrix Password Secure supports this approach by showing only those specific areas +that should actually be used by the respective user. + +![modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_1-en.webp) + +## Visibility of modules + +The modules are the gateway to various features of version 9. Similarly to the features, not all +modules have to be made available to all user layers. The **Visibility of modules** can be defined +individually within the user rights. + +![user settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_2-en.webp) + +NOTE: The visibility of modules can always be adapted to the needs of individual user groups + +## Sorting modules + +You can access the “Navigation options” via the three dots found at the bottom right end of the +module displayed in the client. You can also find those modules displayed there that you have +permissions to see in accordance with the visibility settings explained previously but which are +hidden e.g. due to the scaling of the size of the client (Application and Password Reset in the +example). + +![sorting modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_3-en.webp) + +The navigation options enable you to define the maximum number of visible elements and also how they +are sorted. + +![sorting modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_4-en.webp) + +NOTE: The previously described visibility of the modules is a basic requirement for viewing and +sorting them in the navigation options diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/_category_.json new file mode 100644 index 0000000000..9cf6aada7f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Discovery Service", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "discovery_service" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md new file mode 100644 index 0000000000..c6e931c71f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md @@ -0,0 +1,109 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 20 +--- + +# Configuration + +## The Discovery Service module + +When this module is opened in Netwrix Password Secure, **there are no entries displayed in the +Discovery Service** module at the beginning. The entries need to be generated using a +[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). + +![discovery service entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-1-en.webp) + +Once a **System Task** has been completed, the data discovered during the search is listed in a +table: + +![discovery service entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-2-en.webp) + +NOTE: The information can be grouped together using the column editor. + +## Network Scan + +A **Discovery Service Task** is used to add a new [Discovery Service](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md) and +is then correspondingly configured for a **Network Scan**. Depending on the configuration of the +**Network Scan**, the following types are discovered: + +- Service accounts +- Active Directory users +- User accounts + +## Configuration of a Discovery Service Task + +To collect data for the **Discovery Service**, the **Discovery Service Task** needs to be +correspondingly configured for a **Network Scan**. + +### General and overview + +The following image shows a newly added **Discovery Service Task**. + +![new discovery task](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-3-en.webp) + +1. Shows information about the **Discovery Service Task**. +2. In the **General** section, the name of the **Discovery Service Task** is entered (optionally + with a description). The Status is always set to **Activated** by default but it can also be set + to **Deactivated** in the configuration. +3. The **Overview** shows the activities of the **Discovery Service Task**: Last run: shows the date + it was last run. Next run: shows the date of the next run. + +## Task settings + +Password: + +1. User name field: Type +2. Password field: Type Multiple password field —> field 1. is used. + +This section is used for special entries for the **Discovery Service Task**. After it has been +finished, the **Network Scan** scans the **network** according to these guidelines. + +![task settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-4-en.webp) + +1. **Password** and **Computer scan variants**: The required password must already have been issued + and it requires corresponding rights for the domain. Active Directory computer: Only those + computers that are in Active Directory are scanned (there is also the option of using it + individually or pinging the network). Ping network: A network filter for the configuration of the + network is displayed. +2. **Network filter**: This defines the network to be scanned: either using an IP range or an IP + network address. Range: The start IP address and end IP address for the range on the network are + entered here Network: The network address and corresponding subnet mask for the network are + entered here +3. **Domain**: The domain to be used for the **network scan** is entered here. In addition, you can + select that only computers in the entered domain are scanned. A name resolution should work for + this purpose. +4. **Scan configuration**: The Network Scan for the configuration of Active Directory is defined + here. Select from either **Active Directory user of services** or **Active Directory user**. The + second section defines the scan configuration for the local computer. Select from either Local + user of services or _Local user_. + +**CAUTION:** The system executing the scan – on which the Server Manager is installed – is not +scanned! + +## Interval / Executing server / Tags + +This section is used to enter information about the start of the task and other additional +information. + +![Interval / Executing server / Tags](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-5-en.webp) + +1. **Interval**: The interval at which the **Discovery Service Task** should be executed is defined + here. The default setting is hourly, one year after adding the **Discovery Service Task**. The + interval can be adjusted in minutes or set to be executed only once (optionally with an end + date). +2. **Executing server (optional)**: Servers with an Server Manager can be entered here that will be + used to execute the Discovery Service Task if the main server crashes. The Discovery Service Task + is then automatically taken over and executed by the accessible servers on the list. The list is + searched from top to bottom to find an accessible server. +3. **Tags**: The use of tags is described in more detail in the section + [Tag manager](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md). A special tag can be + entered here for the **Discovery Service Task**. + +After the **Discovery Service Task** has been configured, a connection test is performed when the +configuration is saved. The system then indicates whether the configuration is correct or faulty. +Depending on the message, the **Discovery Service Task** may need to be amended. + +**CAUTION:** The **default setting** for the **Discovery Service Task** after it has been saved is +**Activated!** It will **immediately actively** scan the network for data. This data is **read** but +not amended! diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md new file mode 100644 index 0000000000..7643e359de --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md @@ -0,0 +1,163 @@ +--- +title: "Converting entries" +description: "Converting entries" +sidebar_position: 40 +--- + +# Converting entries + +An important element for the **Discovery Service** is the **Conversion Wizard**. It processes the +discovered **entries** and then creates corresponding **passwords** and **Password Resets**. + +The **Conversion Wizard** is started in the Start ribbon and it is also possible to switch here to +the **System Tasks**. + +![ribbon](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_1-en.webp) + +After the **Discovery Service Task** has been successfully executed, the entries are available in +the **Discovery Service**. Further processing of the entries is then carried out using the +**Conversion Wizard**. For processing in the **Conversion Wizard**, the network is scanned for the +following types: + +1. Discovered type: Service +2. Discovered type: Active Directory user +3. Discovered type: User account + +!! hint Only those **services are recorded** to which at least one **AD user** or **user account** +can be assigned! Only **AD users** and **user accounts** to which **at least one service** can be +assigned are recorded. + +## Execution + +In the **Discovery Service** table, the user selects the entries for which he wants to add a +**Password Reset** or **password**. The user then clicks on the **Conversion Wizard** and the +**Discovery Service Conversion Wizard** opens for further editing. + +![data selection](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_2-en.webp) + +1. A **Discovery Service Task** first needs to be selected. This determines the context in which the + new data will be created (for a new **Password Reset**, the **password for the domain + administrator** for the task will be used as the executing user. In addition, only those + **Discovery Service Task entries** that are also discovered by the entered **Discovery Service + Task** will be used for the conversion). +2. The discovered entries will be displayed in this column with the **services** for which the user + has been entered. +3. This column shows the **discovered type** for the entry. +4. This column shows already existing passwords in Netwrix Password Secure that match the discovered + **Active Directory user** or **user account**. It is possible to select here which password can + be used when creating a **Password Reset** (it is then used as the only password linked to the + Password Reset). Alternatively, these passwords can also be newly created. + +NOTE: Logically, **every root node** corresponds to **one user** and all of its associated data +(e.g. services). A **Password Reset** is created later for **every user** and its associated data. + +The following image shows the options **add new password** or retain **existing password**. + +![associated password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_3-en.webp) + +In addition, the **organisational unit** in which the existing password is located is displayed. + +## Settings + +The **Password Reset** is configured in the **Settings Ribbon**. + +![reset setting](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_4-en.webp) + +The **settings** will be described in more detail below: + +1. The organisational unit in which the **Password Reset** should be created is entered here. In + addition, a template for the rights inheritance can be entered here. +2. The **responsible user** for the **password** is entered here. A special tag can be set here. +3. Adding a **Password Reset** Option 1: **Do you also want to add a Password Reset?** Adds a + **Password Reset** If **option 1** is not selected, the following options are not displayed. +4. Setting for executing a **Password Reset** Option 2: **(Execute Password Resets immediately after + they are created)** means that the **Password Reset** will be executed as soon as you click on + **Finish**. +5. The **responsible user for the Password Reset** is entered here. +6. Various **triggers for the Password Reset** can be selected here. + +**CAUTION:** After clicking on **Finish**, the **Password Resets** will be **immediately executed** +and the **passwords changed!**. This also applies to **Windows passwords!** + +If option 1: **Do you also want to add a Password Reset?** is not selected, \*steps 4, 5 and 6 are +not displayed for configuration. + +![password reset option](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_5-en.webp) + +NOTE: After clicking on **Finish**, one or more **passwords will be created** but **no corresponding +Password Resets will be created!** + +## Assignment (Active Directory user) + +In the **Assignment (Active Directory user)** Ribbon, the discovered data for the **Discovery +Service entries** is transferred to a password form. + +The following images shows the **Assignment (Active Directory user)** Ribbon + +![Assignment (Active Directory user)](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_6-en.webp) + +### Description + +1. An **Existing form** can be selected or a **New form** with names can be added +2. The **discovered properties** are displayed here +3. The **properties** are \*assigned to the form fields here + +### "Existing form" selected + +![Assignment of the form field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_7-en.webp) + +### Procedure + +1. An **Existing form** is selected here +2. The **assignment** to the fields is carried out here Important assignments are **Type: General** + and **Type: Password Reset**. An amendment can be carried out here + +### "New form" selected + +![New Form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_8-en.webp) + +### Converting Procedure + +1. A name for the **New form** needs to be entered here +2. The discovered entries are **automatically** assigned as standard Important assignments are + **Type: General** and **Type: Password Reset**. An amendment can be carried out here + +### Summary + +A brief overview of the actions that will be carried out with the added configuration is displayed +in the **Summary** Ribbon. These actions will then be carried out if you click on **Finish**. + +![summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_9-en.webp) + +## Confirmation prompt + +An important aspect of Netwrix Password Secure V8 is the **security** of passwords on systems. In +the **Discovery Service**, a **security measures** is thus triggered at the **last step** for +creating **Password Resets**. If the option **Execute Password Resets immediately after they are +created** is used in the configuration, the **selected passwords** are immediately changed after +clicking on **Finish**. + +**CAUTION:** **If you are not paying careful attention, this could have inconvenient consequences.** + +**Security level 1:** An **Important note** is displayed in the **Summary** after clicking on +**Finish**. + +**CAUTION:** **Please observe the note and read it through carefully!** + +An **Overview** of which actions will be carried out is displayed for the user together with this +note. The user can then still decide to **Cancel** the process. If you click on **OK**, an +**additional confirmation warning** will be displayed. + +![important note](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_10-en.webp) + +**Security level 2:** + +Another **confirmation prompt** highlights that it is important to understand what you are about to +do. It will no longer be possible to reverse the actions afterwards! + +**CAUTION:** **Last chance to cancel the execution!** + +![securtiy warning](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_11-en.webp) + +After **entering the displayed number** and **confirming with OK**, the process is **executed +immediately** and the **Password Resets** are carried out and the **associated passwords changed**. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md new file mode 100644 index 0000000000..5cb0fb12aa --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md @@ -0,0 +1,40 @@ +--- +title: "Created passwords" +description: "Created passwords" +sidebar_position: 50 +--- + +# Created passwords + +After clicking on **Finish**, the **passwords** and the **Password Resets** (in accordance with the +selected options) are created for the entries. A **password** and a **Password Reset** are explained +in the following example. + +## Password + +![password list](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/created_password/created_passwords_1-en.webp) + +1. The name of the created password +2. General data about the password +3. Data about the password created from the form (existing or new) + +## Password Reset + +Another password is created in the **Password Reset module** and is required for an associated +**Password Reset**. + +![password reset list](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/created_password/created_passwords_2-en.webp) + +Points 1-7 are described below: + +1. The name of the Password Reset +2. Overview of the password +3. General +4. The data for the trigger are displayed here +5. The scripts for the passwords to be changed are displayed here +6. The associated password that will be reset using the Password Reset +7. The validity is shown here (if one has been entered) + +This data can then be used to create a **Password Reset** for the user for the discovered +**Discovery Service entry**. The **Password Reset** is activated via the corresponding trigger that +has been set. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md new file mode 100644 index 0000000000..a05b5d4992 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md @@ -0,0 +1,51 @@ +--- +title: "Deleting entries" +description: "Deleting entries" +sidebar_position: 60 +--- + +# Deleting entries + +After creating an automatic **Password Reset** via the **Conversion Wizard**, the data is no longer +required and can be deleted. The discovered entries have a **link** to the relevant **Discovery +Service Task** that was executed and can be found and displayed using the filter function. + +## Deletion process + +The discovered data in the **Discovery Service** cannot simply be deleted and removed from the +**Discovery Service entries**. As the entries have a **link to the Discovery Service Task**, it is +necessary to delete the discovered entries via the **Discovery Service Task** that was created. If +entries were discovered using a joint **Discovery Service Task**, it is not possible to simply +delete them. This is the case if two different users have carried out a scan on the same area. If +you delete one of the two **Discovery Service Task**, only the entries that had a single link to +this **Discovery Service Task** will be deleted. The entries for the other **Discovery Service +Task** will be retained and must be deleted via the associated **Discovery Service Task**. You can +find out which **Discovery Service Task** found a particular entry by selecting the entry via the +**Conversion Wizard**. + +![Conversion Wizard.](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/deleting_entries/deleting_entries_1-en.webp) + +## Deleting entries by changing the settings in the System Task + +If the IP range for an existing **Discovery Service Task** is changed and the **Discovery Service +Task** is then executed for this new IP range, the previously discovered entries from the previous +executed **Discovery Service Task** will be deleted from the **Discovery Service**. If you want to +carry out a **Discovery Service Task** for a different IP range, you should create a new **Discovery +Service Task**. This will prevent any already discovered entries from being deleted. However, if the +existing entries are no longer required, you can delete them by using the same **Discovery Service +Task** with a different IP range. + +1. Task B only scans the IP address: 192.168.150.1 +2. Only the entries for the IP address 192.168.150.1 are discovered +3. Task A is changed and now scans the IP address:192.168.150.2 +4. Result: +5. Only the entries from the IP address 192.168.150.2 are discovered +6. Entries for IP address 192.168.150.1 are deleted +7. Exception: +8. Task B scans the IP address: 192.168.150.1 +9. The same entries for IP address 192.168.150.1 are discovered as for 1. +10. A new scan using Task A with a different IP address 192.168.150.2 will not delete the data from + Task B + +NOTE: The **Password Resets** and **passwords** created using the **Conversion Wizard** are not +deleted when the **Discovery Service Tasks** are deleted. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md new file mode 100644 index 0000000000..d56f9fb6f3 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md @@ -0,0 +1,85 @@ +--- +title: "Discovered entries" +description: "Discovered entries" +sidebar_position: 30 +--- + +# Discovered entries + +The entries for the **Discovery Service** are discovered using a **Discovery Service Task**. It can +take some time for all the data on the systems for the entered IP network to be collected. This can +be easily recognized by the **blue arrow** symbol on the **Discovery Service Task** and a +corresponding message is also shown in the General display. Once the **Discovery Service Task** has +been completed, the data will be shown in the **Discovery Service module**. + +![new discovery service task](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_1-en.webp) + +The **Discovery Service Task** needs to be carefully configured. The configurable sections are +described below. + +1. **Discovery Service Task**: Display of the status: this can be updated in the preview and logbook + using the F5 button. Red hand: Deactivated Blue arrow: Activated and being executed Boxes: + Corresponds to the assigned tag +2. **General**: The latest information about the **Discovery Service Task** is shown here. A + **message** will be shown to indicate an active **Discovery Service Task**. +3. **Overview**: Current data for the **Discovery Service Task** about its progress and subsequent + executions are shown here. +4. **Logbook**: The **logbook** can be found in the **footer** of the **Discovery Service Task**. + The latest activities carried out by the **Discovery Service Task** are shown here. + +NOTE: The **data** is **not kept up-to-date while the task is being executed** and does not always +show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**! + +## Using the Discovery Service entries + +The successful execution of a **Discovery Service Task** is a requirement for the **Discovery +Service entries**. The discovered data is listed in table form in the **Discovery Service module** +and can be correspondingly organized using the **Discovery Service System Task** filter. + +![discovery service entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_2-en.webp) + +In this section, the **Discovery Service entries** that were discovered by the **Discovery Service +Task** and selected for the **Conversion Wizard** are displayed. + +## Multiple selection of Discovery Service entries + +If multiple entries are selected for a **Password Reset**, a corresponding number of **passwords** +and **Password Resets** need to be added in the **Conversion Wizard**. Depending on the entries +selected (service, Active Directory user, user account), it is necessary to carry out corresponding +**assignments** in the **Conversion Wizard** for the **passwords**. + +![Discovery service conversion wizard ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_3-en.webp) + +Every line must be connected to a **password** in the end. Therefore, it is necessary to carry out +an assignment process in the **Conversion Wizard** for every entry. + +![Discovery service conversion wizard ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_4-en.webp) + +For **Active Directory users**, it is possible to assign an existing **password**. + +NOTE: The subsequent process is carried out in the same way as when only one **Discovery Service +entry** is selected. + +## Filter settings + +A good filter is required for processing the discovered data. A **filter that has been adapted for +this purpose** is available for processing the entries in the **Discovery Service module**. The +options in the **filter** are described below: + +![Filter for discovered data](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_5-en.webp) + +Description of the **filter with the special options for the Discovery Service entries**: + +1. **Discovered type**: The discovered entries can be filtered here according to their type. +2. **Discovered system is resettable**: Indicates whether a Password Reset can be created from the + discovered data. +3. **Relevance**: Grading the importance of the discovered system. A high relevance means that + multiple services have been discovered for an Active Directory user or user account. Less + important: Exactly one service was found Important: Two to nine services were found Very + important: 10 or more services were found If a Password Reset has already been created, the + relevance is downgraded to less important. +4. **Transferred as password**: Indicates whether a password can be created via the Conversion + Wizard +5. **Transferred as Password Reset**: Indicates whether a Password Reset can be created via the + Conversion Wizard +6. **Discovery service system tasks**: The entries are filtered here based on the System Task. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md new file mode 100644 index 0000000000..d9dc37f534 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md @@ -0,0 +1,37 @@ +--- +title: "Discovery Service" +description: "Discovery Service" +sidebar_position: 100 +--- + +# Discovery Service + +## The problem + +**Service accounts** are used on most networks. These accounts are used, for example, to carry out +certain services. It is not uncommon for **one and the same password** to be used here for multiple +accounts. Manually changing these passwords is extremely time consuming. Therefore, this process is +often ignored for reasons of convenience. + +The result is that the same outdated passwords are often used for many **security-critical access +points**. This naturally represents a **severe security risk** and leaves the door wide open for any +attacker who gains access to just one of the passwords! + +## The solution + +Netwrix Password Secure offers the solution to this problem: The security of the network can be +significantly increased using a combination of **Discovery Service** and **Password Reset**. The +complete network can be scanned with the aid of **Discovery Service**. This process searches for +both local user accounts and also Active Directory users. In addition, Password Resets are also +established via which the passwords for the accounts discovered during the search can be reset. + +## Functionality + +The **Discovery Service** process can be split into three logical steps: + +- A **Discovery Service Task** is added that searches for data on the network. This can be executed + once or cyclically and runs in the background. +- After the task has been executed successfully, the data discovered during the search is displayed + in the **Discovery Service module** (e.g. Windows users, services, etc.). +- **Passwords** or **Password Resets** can then be generated from the data discovered during the + search. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md new file mode 100644 index 0000000000..53d0c046fe --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md @@ -0,0 +1,44 @@ +--- +title: "Logbook" +description: "Logbook" +sidebar_position: 70 +--- + +# Logbook + +The logbook in the footer of the **Discovery Service Task** is extremely helpful for checking the +**Discovery Service Task**. Information about the progress of the **Discovery Service Task** is +displayed here. The data is displayed both in the **footer** and also in the **logbook module** +(although in more detail here). To display the footer, the user requires the **user right**: Global +settings in the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) in the category: +"Footer area" - "Show logbook in the footer area (activated)" + +## Show in footer + +![logbook in footer](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_ds-1-en.webp) + +The following **events** are displayed in the **logbook for the footer** and in the **logbook +module**: + +1. New +2. Change +3. Execute +4. Execution completed +5. Error during execution + +If an error occurs during the execution of the **Discovery Service Task**, this is also shown n the +**logbook for the footer** with **additional information** about the error. + +![ logbook for the footer](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_ds-2-en.webp) + +## Display in the logbook + +In general, the **logbook module** displays more detailed information about the **Discovery Service +Task**. The [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) can be used to select which data +is displayed. The same **events** as for the footer for the **Discovery Service Task** are also used +here. + +![logbook entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_ds-3-en.webp) + +The column editor can be used to arrange and display the data in the table according to their +importance. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/requirements.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/requirements.md new file mode 100644 index 0000000000..bcb85dff67 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/requirements.md @@ -0,0 +1,65 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 10 +--- + +# Requirements + +## Relevant rights + +The following options are required to use the discovery service: + +### User rights + +- Show discovery service module +- Can manage discovery service system tasks + +## Discovery Service Requirements + +One requirement for the **Discovery Service** is data about **Active Directory users**, **user +accounts** and **service accounts**. A **Network Scan** is used to scan the network and collect this +data. Before configuring the **Network Scan**, a password needs to be issued that provides +**access** to the corresponding **server/client** and **services on a network** for collecting the +data. This user should be a member of admin for the corresponding group of domains. Otherwise, you +can use a domain administrator. + +**CAUTION:** A corresponding **password** with **rights** for the **domains** must exist before +adding a **Network Scan**! + +### Password + +- Required for the **authentication** process with the **Active Directory computer**. +- Required for the **authentication** process with the **WMI (Windows Management Instrumentation)** + on the computer to be scanned. + +### Requirements for the network infrastructure + +- The computer to be scanned and AD controller must be accessible via the network. +- The service: “Windows Management Instrumentation” must have been started on the computer to be + scanned (carried out by Windows as standard). +- Help section for starting the service: + [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa826517(v=vs.85).aspx) +- The firewall must not block WMI requests (not blocked as standard). +- Help section for configuring the firewall: + [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa822854(v=vs.85).aspx) + +NOTE: Only **IPv4 addresses** can currently be scanned. + +### Open ports for the scan (necessary) + +LDAP: Port 389(TCP,UDP) RPC/WMI: Port 135(TCP) (Windows Server 2008, Windows Vista and higher +versions) – port 49152-65535 (TCP) or a static WMI port (Windows 2000, Windows XP and Windows +Server 2003) – port 1025-5000 (TCP) or a static WMI port + +### Computer name (Hostname) + +1. IP address: Indicates the IP address for the element discovered during the scan – meaning where + it was found (the IP address of the domain controller in the case of an Active Directory user). +2. Computer name and associated IP address: The computer name is first requested on the **DNS + server** for the domain. The computer name returned by the server also contains the domain names + as a postfix (e.g. Client01.domain.local). If there is no entry on the domain for the requested + IP address, the computer name is determined via **NetBIOS**. The domain name is not displayed on + the computer (e.g. Client01). In Netwrix Password Secure V8, the **DNS request** is the preferred + function for determining the computer name. If no result is delivered, a request via **NetBIOS** + is made. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md new file mode 100644 index 0000000000..c50d9318aa --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md @@ -0,0 +1,67 @@ +--- +title: "Documents" +description: "Documents" +sidebar_position: 20 +--- + +# Documents + +## What are documents? + +Security-critical data does not necessarily need to be in the form of passwords. To enable the +uniform and secure storage of data other than passwords, Netwrix Password Secure version 9 offers +effective tools for the professional handling of sensitive documents and files. The ability to share +documents with others according to their permissions gives you access to the current status of a +document and helps avoid redundancies. The documents module is complemented by a sophisticated +version management system, which records all versions of a document that were saved in the past and +thus enables you to revert back to historical versions. The configuration of visibility is explained +in a similar way to the other modules in one place.. + +![Document modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents_1-en.webp) + +## Relevant rights + +The following option is required to add new documents. + +## User right + +- Can add new documents + +## Adding documents + +There are two ways to manage documents and files in Netwrix Password Secure v8: + +- **Creating a link**: In this case, only a file that is located locally or on a network drive will + be linked. The file itself is not stored in the database. Neither version management nor the + traceability of changes in the history are possible. +- **Storing the document in the database**: The file becomes part of the encrypted database. It is + saved within the database and can be made available selectively to employees for further + processing in the future based on their permissions. + +![New document](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents_2-en.webp) + +## Document selection + +When selecting the file to be uploaded, you can either browse your file system via the Explorer view +or add objects by drag & drop. The latter gives you the possibility to directly import several +documents in one step. + +![searching document](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents_3-en.webp) + +## Versioning + +The heart of each document management system is the ability to capture and archive changes to +documents or files. All versions of a document can be compared with each other and historical +versions can be restored if necessary. Netwrix Password Secure provides this functionality via the +history in the ribbon, as well as in the footer area for ​​the detailed view of a document. This can +be used in the same way as the [History](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md). The interplay between the +document-specific event logbook and the history provides a complete list of all information that is +relevant to the handling of sensitive data. Version management can be used to restore any historical +versions of a document. + +NOTE: The file size for a **linked document** can only be updated if the document was opened using +Netwrix Password Secure. + +NOTE: If desired, the document history can be automatically cleaned up. This option can be +configured on the **Server Manager**. Further information can be found in the section Managing +databases. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/_category_.json new file mode 100644 index 0000000000..3b8a4fc8f6 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Forms", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "forms" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/change_form.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/change_form.md new file mode 100644 index 0000000000..045899a013 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/change_form.md @@ -0,0 +1,73 @@ +--- +title: "Change form" +description: "Change form" +sidebar_position: 10 +--- + +# Change form + +## Changing forms + +It is necessary in some cases to change the form for a record. In these cases, this is mostly to +consolidate existing data or to adapt the form to match changes in the data structure. These +functionalities are available under "Extras/Settings" in the ribbon. + +![change form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form_1-en.webp) + +In the following screenshot, you can see the dialogue for "mapping" the form fields from the +previously used form to the new form. In this example, a record that previously belonged to the +"Website" form is being "mapped" to the "Password" form (right). + +![change form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form_2-en.webp) + +The drop-down menu allows you to select the target form. The comparison of current and new form +fields is shown in the lower section. + +- Fields **marked in green** have already been assigned to the new form +- Fields **marked in red** indicate fields that have not been assigned + +### Relevant rights + +The following options are required to change forms. + +### User right + +- Can change form for a password + +**CAUTION:** Please note that information could be lost during this process! In the example, this +applies to the fields "Website" and "Information". + +## The effects of changes to forms on existing records + +In general, changes to forms do not effect existing records. This means that a record that was +created with a certain form will not itself be changed after this form has been adapted/changed. It +remains in its original state. However, there are methods by which changes to forms could be adopted +by existing records. There are two possibilities in this context: + +### How to change forms + +If you press the "Change form" button (as mentioned in the previous section), the already existing +form will be used by default. If this form has been changed in the meantime, the new form field will +be directly shown and adopted after it is saved. + +![New Form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form_3-en.webp) + +### Apply form changes to passwords + +The setting "Apply form changes to passwords" makes it possible to force the change to the form to +be adopted. This becomes effective when editing the record! It is immaterial here whether changes +are being made to the record. Simply re-editing and saving the record will cause the adjustment to +the form. + +### The following permissions/configuration must exist + +- The user that wants to make the change requires the read right to the form +- The "read", "write" and authorize" rights for the record (and the form to be edited) are required. +- Sealed and masked records remain unaffected + +## Conclusion + +A common feature of both variants is that adjustments to forms cannot be automatically triggered. +Already existing records are thus not automatically adjusted. The adjustment thus needs to be +carried out manually. In the first case, the manual step is to use the function "Change form". In +the second case, it is sufficient to simply edit and save the record. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md new file mode 100644 index 0000000000..6be41ee81e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md @@ -0,0 +1,116 @@ +--- +title: "Forms" +description: "Forms" +sidebar_position: 60 +--- + +# Forms + +## What are forms? + +When creating a new data record, it is always indispensable to query all relevant data for the +intended application. In this context, **Forms** represent templates for the information which have +to be stored. The manageability of existing forms primarily ensures the completeness of the data +which have to be stored. Nevertheless, their use as an effective filter criterion is not to be +ignored! Forms have a lasting impact on working withNetwrix Password Secure v8 and must be managed +and maintained with the necessary care by the administration. + +![form module](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_1-en.webp) + +## Relevant rights + +The following options are required to add new forms. + +### User right + +- Can add new forms +- Display form module + +## Standard forms + +Netwrix Password Secure is supplied with a series of standard forms – these should generally cover +all standard requirements. Naturally, it is still possible to adapt the standard forms to your +individual requirements. + +![forms](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_2-em.webp) + +The associated preview for the form selected in +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) appears in the +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). Both the field name and also +the field type are visible. + +## Creating new forms + +The wizard for creating new forms can be started via the ribbon, the keyboard shortcut "Ctrl + N" or +also the context menu that is accessed using the right mouse button. The same mechanisms can now be +used to create new form fields within the wizard. Depending on the selected field type, other +options are available in the **field settings** section. This will be clearly explained below using +the example of the field type "Password". The sequence in which form fields are requested when +creating new records corresponds to the sequence within the form. This can be adapted using the +relevant buttons in the ribbon. + +![Creating new forms](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_3-en.webp) + +The following field settings thus appear for the field type "Password": "Mandatory field, reveal +only with reason, check only generated passwords and password policy". These can now be defined as +desired. (**Note**: It is possible to select +[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) within the field settings; +they are defined as part of the options in the main menu) + +**CAUTION:** If a form has been created, it can then be selected for use when creating new records. +The prerequisite is that the logged-in user has at least read rights to the form. + +## Permissions for forms + +In the same way as for other objects (records, roles, documents,…), permissions can also be granted +for forms. On the one hand, this ensures that not everyone can edit existing forms, while on the +other hand, it allows you to make forms available to selective groups. This ensures that clarity is +maintained and that users are not confronted with information that is irrelevant to them. The form +"Credit cards" may be relevant within the accounting department but administrators do not generally +need to use it. + +## Configuring the info field + +Every record displays other information underneath the obligatory name of the record in list view. +In the following example, the user name is also displayed in addition to the name of the password. +The name of the form is displayed in between in a blue font. + +![Configuring the info field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_4-en.webp) + +The name of the record (192.168.150.236) and the form (password) cannot be adjusted – these are +always displayed. The user (Administrator) that is still saved for the record is currently +displayed. This can be configured in the info field for the form. It is thus possible to separately +define for each form what information for a record can be directly seen in list view. In the form +module, the info field is configured by opening the form which has to be edited in editing mode by +double clicking on it and then pressing the \*Configure info field” button in the ribbon. + +![Configuring the info field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_5-en.webp) + +This will open a separate tab that enables you to design the info section via drag & drop. The +fields that are available on the right can be "dragged" onto the configuration window on the left. +In the following example, "Start RDP session2 will be made visible in the info section, whereby only +the word "RDP" is assigned a function – namely to start the RDP manager. A preview is shown in the +top section. + +![preview form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_6-en.webp) + +The info field for the form is now updated. It is now possible to start the RDP session directly in +the RDP session. + +![updated form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_7-en.webp) + +NOTE: The **forms module** is based on the +[Web Application](/docs/passwordsecure/9.2/configuration/webapplication/web_application.md) module of the same name. Both modules +have a different scope and design but are almost identical to use. + +## Standard form + +There are two possible ways to define a standard form. + +### Via the “standard form” user setting + +![settings form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_8-en.webp) + +### Via the form selection + +![default form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_9-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md new file mode 100644 index 0000000000..782b6417cf --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md @@ -0,0 +1,58 @@ +--- +title: "Logbook" +description: "Logbook" +sidebar_position: 70 +--- + +# Logbook + +## What is a logbook? + +Netwrix Password Secure logs all user interactions. These entries can be viewed and filtered via the +logbook. The logbook records which user has made exactly what changes. This module is +(theoretically) classified as uncritical. This is because the employee only has access to those +logbook entries to which he is actually entitled. + +![Logbook module](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook_1-en.webp) + +## Relevant rights + +The following options are required: + +### User right + +- Display logbook module + +## Use of the filter in the logbook + +You can also use the filter in the logbook. This enables you to limit the number of displayed +elements based on the defined criteria. In the following example, the user is searching for logbook +entries relating to the object type “Password” that also match the event criteria "Change". In +short: The entries are being filtered based on changes to passwords. + +![Logbook filter](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook_2-en.webp) + +## Grouping in the logbook + +This list can also be grouped together by dragging and dropping column headers – see the following +grouping of the columns for **computer user**. The filtered results now show all changes to +passwords carried out by the computer user "administrator". + +![Logbook entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook_3-en.webp) + +## Revision-safe archiving + +In Netwrix Password Secure, an uncompromising method is used when handling the logbook: Every change +of state is recorded and saved in the MSSQL database. There are no plans to allow triggers for +logbook entries to be selectively defined. It is only by using this process that changes are +completed in a traceable and audit-proof manner to prevent falsification. + +NOTE: If desired, the logbook can be automatically cleaned up. This option can be configured on the +Server Manager. Further information can be found in the section +[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md). + +## Transferring to a Syslog server + +The logbook can also be completely transferred to a +[Syslog](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md) server. Further information on this +subject can be found in the section Syslog. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md new file mode 100644 index 0000000000..e94b60a5c2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md @@ -0,0 +1,78 @@ +--- +title: "Notifications" +description: "Notifications" +sidebar_position: 30 +--- + +# Notifications + +## What are notifications? + +With the notification system, you are always up-to-date on all events that you consider important. +Almost all modules allow users to configure notifications. All configured messages are only created +for the currently registered Netwrix Password Secure user. It is not possible to create a +notification for another user. Each user can and should define himself which passwords, which +triggers as well as changes are important and informative for him. The configuration of visibility +is explained in a similar way to the other modules in one place +[Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) + +![Notifications modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) + +NOTE: The reading pane is deactivated in this module by default. It can be activated in the +"Display" tab in the ribbon. + +## Module-specific ribbon functions + +There are also some ribbon functionalities that are exclusively available for the notification +module. In particular, the function **Forward important notifications to email addresses** enables +administrators and users to maintain control and transparency independent of the location. + +![Ribbon notifications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_2-en.webp) + +### Mark notifications as read + +The two buttons on the ribbon enable you to mark notifications as read/unread. In particular, the +filter criterion available in this context (see following screenshot) enables fast sorting according +to current and also historical notifications. + +![filter notifications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_3-en.webp) + +It is possible to mark the notifications as read/unread via the ribbon and also via the context menu +that is accessed using the right mouse button. If the corresponding setting has been activated, +opening a notification will also mean that it is marked as read. + +## Manual configuration of notifications + +Irrespective of the selected module, permissions can be configured manually for objects. The +following dialogue can be opened via the ribbon in the "Actions" tab: + +![Manual configuration of notifications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_5-en.webp) + +- **Notification**: Definition for the trigger +- **Value**: Defines whether a notification should be created for the previously defined trigger. In + the example for the "Apple" record, this only occurs when the record is edited. +- **Event type**: The event type for the generated notifications can be either "Info", "Warning" or + "Error". This information can also be used e.g. as an additional filter criterion. + +In contrast to previous editions, it is best to configure the notifications manually. This ensures +that a notification is really only triggered for relevant events. + +## Other triggers for notifications + +As well as manually configurable notifications, there are other triggers in Netwrix Password Secure +which will result in notifications. + +- [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md): Requests + to release sealed records are handled via the notification system +- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)s: If reports are automatically + created via the system tasks, these are also made available in the form of a notification. If this + type of notification is selected, it can be directly opened via the corresponding button that + appears on the ribbon. + +![Ribbon functions notifications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_6-en.webp) + +## Automatic deletion of old notifications + +If desired, notifications can be automatically cleaned up. This option can be configured on the +**Server Manager**. Further information can be found in the section +[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/_category_.json new file mode 100644 index 0000000000..7f4d6b5f64 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Organisational structure", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "organisational_structure" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/_category_.json new file mode 100644 index 0000000000..5efafacf63 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Directory services", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "directory_services" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/_category_.json new file mode 100644 index 0000000000..74abd1d2fd --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Directory link", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "active_directory_link" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md new file mode 100644 index 0000000000..2af4c8d6d2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md @@ -0,0 +1,75 @@ +--- +title: "Active Directory link" +description: "Active Directory link" +sidebar_position: 10 +--- + +# Active Directory link + +## What are active directory profiles? + +The connection to Active Directory (AD) is established via so-called AD profiles. These profiles +contain all of the information relevant for establishing a connection to AD and enable +imports/synchronization of users, organisational units or roles. To connect to various different +ADs, it is naturally also possible to create multiple AD profiles. + +## Two import modes in comparison + +When importing from Active Directory, Netwrix Password Secure distinguishes between two modes, which +differ significantly and are explained in separate sections. + +- End-to-end encryption +- Master Key mode + +In principle, the two variants differ by the presence of the encryption mentioned above. In the +solution with active end-to-end encryption (**E2EE**), the process may be less convenient (see +table) but there is a huge benefit in terms of security. In Master Key mode, a master key is created +on the server that has full permissions for all users, organisational units and roles. This +represents an additional attack vector, which does not exist in end-to-end mode. In return, however, +in Master Key mode, users can be updated via synchronization with the Active Directory. Memberships +of organisational units and roles are also imported. In the more secure end-to-end mode, this +synchronization of the changes must be carried out manually. + +NOTE: It is technically possible to create several profiles with different modes. However, this is +not recommended for the sake of clarity. + +| Comparison of the modes | End-to-end mode | Master key mode | +| ---------------------------------------------------------- | --------------- | --------------- | +| End-to-end encryption\* | + | - | +| Importing user information | + | + | +| Importing assigned roles | - | + | +| Importing roles to organisational units | - | + | +| Synchronizing user information | - | + | +| Synchronizing assigned roles | - | + | +| Synchronizing roles with organisational units | - | + | +| User can be edited in Netwrix Password Secure | + | - | +| Organization unit can be edited in Netwrix Password Secure | + | - | +| Roles can be edited in Netwrix Password Secure | + | - | +| Password can be edited in Netwrix Password Secure | + | - | +| Login with domain password | - | + | +| Netwrix Password Secure is the leading system | + | - | +| Active Directory is the leading system | - | + | +| Autologin | + | + | + +As can be seen **E2EE offers the highest level of security**. The aim is merely to import users, +organisational units and roles. Those must be administered and configured in Netwrix Password +Secure. In contrast, a connection in **Master Key mode offers the highest level of convenience**. It +imports not only users, organisational units and roles but also their links and assignments. +Synchronization with Active Directory is possible – **The AD is used as the leading system**. + +## Users, groups and roles + +When importing or synchronizing from Active Directory, users are also added as users in Netwrix +Password Secure. Netwrix Password Secure also uses the organisational units as such. + +In order for Netwrix Password Secure to be quickly integrated into the given infrastructure, roles +can also be directly imported from the Active Directory. Namely Active Directory Groups are used to +password-safe roles. + +NOTE: Groups in groups Memberships, which may be present in the Active Directory, will not be +displayed within Netwrix Password Secure. Both groups are imported as roles, but independent and not +linked in any way. + +**CAUTION:** If Master Key mode has been selected for the Active Directory profile, the AD is the +leading system. In this mode, roles that have been imported cannot be changed locally in Netwrix +Password Secure. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md new file mode 100644 index 0000000000..eee5b94bd3 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md @@ -0,0 +1,160 @@ +--- +title: "End-to-end encryption" +description: "End-to-end encryption" +sidebar_position: 10 +--- + +# End-to-end encryption + +## Maximum encryption + +[Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption currently offers +**maximum security**. Only users, organisational units and roles are imported. The permissions and +the hierarchical relationship between the individual objects needs to be separately configured in +Netwrix Password Secure. The advantage offered by end-to-end encryption is that Active Directory is +“defused” as a possible insecure gateway. In Master Key mode, users who control Active Directory +receive de facto complete access to all passwords because resetting a Windows user name enables +users to log in under another person’s name. Active Directory is thus the leading system. **Using an +active E2EE connection, users require their own password for Netwrix Password Secure**. There is +thus no access to users’ data via Active Directory. + +## Relevant rights + +The following options are required to add new profiles. + +### User right + +- Can add new Active Directory profiles +- Display organisational structure module +- Display role module + +## Creating profiles + +The process for creating a new profile is started via the icon "manage profiles" on the ribbon. + +![New AD profile](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_1-en.webp) + +NOTE: "End-to-end" needs to be set in the "Encryption" field + +A **user** is required to access the AD. The user should be formatted as follows: Domain\user. It +must have access to the AD. + +- The relevant **user password** (domain password) is required for the user mentioned above +- **Direct search** is recommended for very large domain trees. The representation of the tree + structure is omitted, elements can only be found and selected via the search. +- The **filter** can be used to directly specify an AD path as an entry point via an LDAP query. +- Various security options – so-called AuthenticationTypes Enumeration – can be selected for the + connection of the AD to Netwrix Password Secure: + - Secure + - SecureSocketsLayer + - ReadOnlyServer + - Signing + - Sealing + +## Import + +The import is started directly in the ribbon. A wizard guides the user through the entire operation. + +![Import icon](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_2-en.webp) + +## Organisational structure + +First, an organisational unit is selected for the import. If there are no organisational units in +the database yet, as in this example, the data is imported into the **main organisational unit**. + +![Import wizard/organisational structure](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_3-en.webp) + +## Active Directory objects + +In the next step, select the relevant profile that should be used for the import. Then, select the +organisational units and/or users for the import. A search is available for this purpose. + +![Import wizard/AD objects](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_4-en.webp) + +It can be seen that the organisational units **Jupiter** and **Contoso** contain items to be +imported. The organisational units themselves will not be imported. The check next to the group +**Accounting** indicates that the group itself will be imported along with some of its sub-elements. + +There are different symbols which indicate the elements to be imported. + +- The element itself and all possible sub-elements will be imported +- The element itself and some of its sub-elements will be imported +- The element will not be imported; however, it contains elements that will be imported + +A context menu that is accessed using the right mouse button is available within the list that +provides helpful functions for selecting the individual elements. + +![context menu](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_5-en.webp) + +- Select sub-objects selects all sub-objects that are located directly below the current object +- Deselect sub-objects removes tags from all sub-objects that are located directly below the current + object +- Reset all items removes all previously set tags +- Display element details lists all information that is available for the current element + +In the lower area you can specify whether the users just selected for import should be created as +**Light** or **Advanced User (View)**s. + +NOTE: If individual users, organisational units, or roles cannot be selected for import, they have +already been imported via another profile + +## Summary + +The last page summarizes which objects will be edited and in what form. It specifies the names of +the elements along with their descriptions. The **Status** column specifies whether the object is +added, updated, or disabled. The last column specifies the organisational unit into which the +element is imported. The number of objects is added together at the bottom. + +![Import wizard/Summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_6-en.webp) + +NOTE: Depending on the amount of data, it may take several minutes to create the summary. + +## Importing + +The import itself is carried out by the server in the background. The individual elements then +appear in the list one by one. This may take some time, depending on the amount of import data. If +the import is terminated, you will receive a confirmation. + +![confirmation](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_7-en.webp) + +NOTE: As end-to-end encryption is retained in this mode, the server does not receive a key to match +already imported users with the AD. There is thus no synchronization with the AD. Similarly, no +memberships can be imported. After the import, users must be manually assigned to the appropriate +organisational units and roles. + +## Imported users and organisational units + +In end-to-end mode, the imported users behave like local users. The users can/must be edited +manually in Netwrix Password Secure. The affiliations to organisational units and/or roles must be +adapted manually. + +## Rights + +The rights will be issued as follows during the import or synchronization. + +### New objects + +| | User | Groups | Roles | +| --------------------------------- | ------------------------------------------------- | --------------------------- | ------------------------------------------------- | +| Are rights inherited from the OU? | If no preset has been saved | If no preset has been saved | No | +| Are rights applied from a preset? | If a preset has been saved | If a preset has been saved | No | +| Is the "add" right issued? | No | Yes | No | +| Who receives the rights key? | Imported users and all with the "authorize" right | All | Imported roles and all with the "authorize" right | + +### Changed objects + +| | User | Groups | Roles | +| --------------------------------- | ---- | ------ | ----- | +| Are rights inherited from the OU? | No | No | No | +| Are rights applied from a preset? | No | No | No | +| Is the "add" right issued? | No | No | No | +| Who receives the rights key? | None | None | None | + +NOTE: In end-to-end mode, **no role affiliations** are issued during the import or synchronization. + +## Logging into Netwrix Password Secure + +Users imported in this mode can not login with the domain password. Rather, a password is generated +during import. This password is sent to the users by e-mail. If a user has not entered an e-mail +address, the user name is entered as the password. The initial password can be changed by the +administrator or the user himself at the first login. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md new file mode 100644 index 0000000000..08a0d7f4c0 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md @@ -0,0 +1,249 @@ +--- +title: "Masterkey mode" +description: "Masterkey mode" +sidebar_position: 20 +--- + +# Masterkey mode + +## Maximum convenience + +In contrast to [End-to-end encryption](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md), which places the main focus on +security, Masterkey mode provides the maximum level of convenience. It not only imports users, +organisational units and roles but also their links and affiliations. It can be synchronized to +update the information and affiliations. **In this scenario, Active Directory is used as a leading +system**. + +## Relevant rights + +The following options are required to add new profiles. + +### User right + +- Can add new Active Directory profiles +- Display organisational structure module +- Display role module + +## Creating profiles + +Profile management is started via the icon of the same name on the ribbon. + +![AD profile](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode_1-en.webp) + +The following information must be provided in the profile: + +- **Profile name** +- An optional **description** +- Masterkey mode is selected for the **encryption** + +NOTE: In the case of already created profiles, the encryption can no longer be changed. + +- The **domain** field is used to define which domain is to be read. The value entered here will + also be used for authentication if no alternative spellings have been saved under **Other domain + names**. +- A **local user** (for example, the administrator) or an already imported user must be specified. + The data will be imported under that user’s name. +- A **user** is required to access the AD. The user should be formatted as follows: Domain\User. It + must have access to the AD. +- Corresponding **user password** (domain password) for the user. +- \*_Direct search_ is recommended for very large domain trees. The tree structure is omitted, + elements can then only be found and selected via the search. +- By activating the checkbox **Restrict user import to role members only**, a simplified mode is + activated. In this mode, only AD users who are members of at least one role are imported. As soon + as they are no longer a member of at least one role, they are deleted from Netwrix Password + Secure. +- By activating the checkbox **Force update on next synchronization**, **ALL** records will be + updated on the next synchronization, regardless of whether the record has changed in the Active + Directory or not. (This checkbox is automatically activated when you have edited the other + responsible users and is deactivated again after the next synchronization). +- The **LDAP filter** can be used to directly specify an AD path as an entry point via an LDAP + query. +- Various security options – so-called AuthenticationTypes Enumeration (**Flags**) – can be selected + for the connection of the AD to Netwrix Password Secure: + - Secure + - SecureSocketsLayer + - ReadOnlyServer + - Signing + - Sealing + +NOTE: The first two options are already activated by default when configuring a new profile. If a +connection is not possible, deactivate SecureSocketsLayer and try again. + +- **Other responsible users or roles** can be used to define who is permitted to carry out the + synchronization with the AD. +- The option **Other domain names** can be used to save alternative spellings of the login domain. + These must correspond to the spelling entered in the login window. For example, if a connection is + being established to the domain **jupiter.local** or an IP address, the login can only be carried + out with **jupiter\user** if **jupiter** has been saved here. + +**CAUTION:** The master key is added in form of a certificate. It is **essential to back up** the +generated certificate! If the database is being moved to another server, the certificate also needs +to be transferred! Further information can be found in the section +[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md). + +NOTE: You can now use the option to integrate a RADIUS server. Read more in +[RADIUS authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). + +## Import + +You can start the import directly in the ribbon. A wizard guides the user through the entire +operation. + +![import icon](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_2-en.webp) + +## Organisational structure + +First, an organisational unit is selected for the import. If there are no organisational units in +the database yet, as in this example, the data is imported into the **main organisational unit**. + +![import wizard / organisational structure](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_3-en.webp) + +### Active Directory objects + +In the next step, select the profile you will use to import the data. Then, select organisational +units and/or users for the import. A search is available for this purpose. + +![import wizard / AD objects](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_4-en.webp) + +As you can see, the organisational units **Jupiter** and **Contoso** contain items to be imported. +The organisational units themselves will not be imported. The group **1099 Contractor** is imported +including all sub-elements. The check next to the group **Accounting** indicates that the group +itself will be imported along with some of its sub-elements. The ticks in the last column ensure +that the elements are observed in future synchronization sequences. + +There are different symbols which indicate the elements to be imported. + +The element itself and all possible sub-elements will be imported The element itself and some of its +sub-elements will be imported The element will not be imported; however, it contains elements that +will be imported + +Right-clicking in the list will launch a context menu. It provides helpful functions for the +selection of the individual elements. + +![select subjects](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_5-en.webp) + +NOTE: If individual users cannot be selected for import, they have already been imported via an +end-to-end encrypted profile. + +In the lower area you can specify whether the users just selected for import should be created as +**Light** or **Advanced User (View)**s. + +## Summary + +The last page summarizes which objects will be edited and in what form. It specifies the names of +the elements along with their descriptions. The **Status** column specifies whether the object is +added, updated, or disabled. The last column specifies the organisational unit into which the +element is imported. The number of objects can be seen at the bottom. + +![import wizard / summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_6-en.webp) + +## Importing + +The server imports data in the background. The individual elements then appear in the list one by +one. This may take some time, depending on the amount of import data. If the import was terminated, +this is symbolized by a hint. + +![Notification](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_7-en.webp) + +## Imported users and organisational units + +The users and organisational units imported in Masterkey mode cannot be edited in Netwrix Password +Secure. Therefore, any changes must be made in AD and synchronized. AD thus becomes the leading +system. Affiliations to roles are also synchronized and must be set in the AD. In organisational +units or roles created in Netwrix Password Secure, the users can be included directly in Netwrix +Password Secure. + +## Rights + +The rights will be issued as follows during the import or synchronization. + +### New objects + +| | User | Groups | Roles | +| --------------------------------- | ------------------------------------------------- | --------------------------- | ------------------------------ | +| Are rights inherited from the OU? | If no preset has been saved | If no preset has been saved | No | +| Are rights applied from a preset? | If a preset has been saved | If a preset has been saved | No | +| Is the "add" right issued? | No | Yes | No | +| Who receives the rights key? | Imported users and all with the "authorize" right | All | All with the "authorize" right | + +### Changed objects + +| | User | Groups | Roles | +| --------------------------------- | ------------------------------ | ------ | ------------------------------ | +| Are rights inherited from the OU? | If no preset has been saved | No | No | +| Are rights applied from a preset? | If a preset has been saved | No | No | +| Is the "add" right issued? | No | No | No | +| Who receives the rights key? | All with the "authorize" right | None | All with the "authorize" right | + +NOTE: If a user is imported, he will be given those roles that he also had in AD insofar as these +roles already exist in Netwrix Password Secure or have also been imported. + +## Logging into Netwrix Password Secure + +Users who are imported using this mode can log in with the domain password. Please note that no +domain needs to be specified when logging in. Of course, the login process can also be supplemented +with +[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). + +NOTE: Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server +is accessible, the users in the domain authenticate themselves via Kerberos using their domain +password. If the logon via Kerberos does not work – e.g. due to incorrect configuration of the +domain controller – the logon via the NTLM protocol is attempted. However, these are all settings +that have to be made on the domain controller and have nothing to do with Netwrix Password Secure. + +**CAUTION:** Logging on to Netwrix Password Secure using SSO via Kerberos is currently not possible. + +## Permissions to imported objects + +The rights to be issued to imported users are explained in the following example: + +![Permission MKM User](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode_7-en.webp) + +1. In Master Key mode, **all** users will be issued with the **read** right. +2. The **responsible user** will be issued with all rights and the key. This ensures that he can + also synchronize or change the user in the future +3. **Other responsible users** are issued with the same rights as the **responsible user** +4. The **Master Key** for the **Active Directory** profile will also be issued with all rights and + keys as it will be used for the synchronization +5. Finally, users will be issued with the rights for themselves + +NOTE: All users and roles issued with **rights** to the imported object also receive its rights key. + +## Synchronization + +During synchronization, all relevant information for users, organisational units and roles (names, +email, etc.) is updated. Changed affiliations for roles are adjusted. Likewise, users are activated +or deactivated according to the settings in the AD. If the membership of organisational units is to +be changed, this can be done by **Drag & Drop**. New users and correspondingly defined roles are +imported. + +NOTE: If the tick was not set in the Synchronization column when a user is imported, no changes are +made. + +### Manual synchronization + +The synchronization can be started manually at any time via the corresponding button in the ribbon. + +![manual synchronization](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode_8-en.webp) + +Select the required profile and start the synchronization. As is the case with the initial import, +the synchronization runs in the background. A hint indicates that the process has been completed. + +### Synchronization via system tasks + +The synchronization can also be carried out automatically. This is made possible via the +[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). + +### Deleting or removing users + +If a user is deleted in Active Directory, it is also deleted in Netwrix Password Secure during the +next synchronization. For this purpose, it is necessary for the user to be imported as a +**synchronizable** user. + +If the user is only deleted from Netwrix Password Secure but retained in Active Directory, a +synchronization needs to be carried out to delete it from the database. For this purpose, the wizard +is called up via **import**. The first step is to select an organisational unit. This has no effect +when simply deleting a user. The second step is to search for the user. Both ticks are removed. + +After checking the summary, the process is concluded. The synchronization is completed and the user +is deleted from the database. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md new file mode 100644 index 0000000000..9f6b032355 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md @@ -0,0 +1,38 @@ +--- +title: "RADIUS authentication" +description: "RADIUS authentication" +sidebar_position: 30 +--- + +# RADIUS authentication + +## What is the RADIUS authentication? + +RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol used primarily for +authentication and authorization of users during dial-up connections in corporate networks. Netwrix +Password Secure can also benefit from the advantages of a RADIUS server. In particular, multi-factor +authentication should be mentioned here. But all other RADIUS-typical functions can also be used. +Further information can be found for example at **Wikipedia**. + +## Requirements + +In order for Netwrix Password Secure to address a RADIUS server, the following requirements must be +met: + +- A RADIUS server must be available and accessible via the network. +- Access to the Netwrix Password Secure Server Manager must be set up on the RADIUS server. +- A corresponding Secret must be configured for access. +- In Netwrix Password Secure, users must have been imported from the AD in Masterkey mode. + +## Configuration + +The actual connection of the RADIUS server is simple: + +![radius integration](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/radius_authentication_1-en.webp) + +- **Use RADIUS** - First, the usage is activated. +- **Host Address** - The address of the RADIUS server is stored here. +- **Secret** - Refers to the secret stored for the Netwrix Password Secure Server Manager. +- **AUTH Port** - The so-called AUTH port of the RADIUS server is specified here. +- **ACT Port** - The ACCT port of the RADIUS server can also be stored; if required. +- **Timeout** - The time the RADIUS server has to react; can also be configured. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md new file mode 100644 index 0000000000..bad86ef5f7 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md @@ -0,0 +1,16 @@ +--- +title: "Directory services" +description: "Directory services" +sidebar_position: 30 +--- + +# Directory services + +It is possible to use existing user and group structures from external directories with Netwrix +Password Secure. + +Choose your preferred integration method: + +- [Microsoft Entra ID connection](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md) + +- [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/_category_.json new file mode 100644 index 0000000000..9604774739 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Microsoft Entra ID connection", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "entra_id_connection" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md new file mode 100644 index 0000000000..f2975dd9af --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md @@ -0,0 +1,170 @@ +--- +title: "Microsoft Entra ID connection" +description: "Microsoft Entra ID connection" +sidebar_position: 20 +--- + +# Microsoft Entra ID connection + +More and more companies use cloud services. Therefore, also the management of users is outsourced. +Instead of a classic Active Directory via LDAP, an Entra ID is used more often. Netwrix Password +Secure integrates the possibility to bring in users and roles from Azure. To use users and roles +from multiple Entra IDs, you can create multiple profiles. + +## Introduction + +## Why Entra ID? + +More and more companies use cloud services. Therefore, also the management of users is outsourced. +Instead of a classic Active Directory via LDAP, an Entra ID is used more often. Netwrix Password +Secure integrates the possibility to bring in users and roles from Azure. To use users and roles +from multiple Entra IDs, you can create multiple profiles. + +Remember, In order to use Azure login with the windows application, +[WebView2](https://developer.microsoft.com/de-de/microsoft-edge/webview2/) from Microsoft must be +installed on the client device. + +### Differences to the LDAP connection + +The connection to the Entra ID differs in one special point from the connection to a conventional +Active Directory. While Netwrix Password Secure queries the users, groups, and roles actively from +the conventional AD, the Entra ID is pushing them automatically to our server. For this a so-called +[SCIM service](https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management) is used. + +To login to Netwrix Password Secure, after entering the username a popup opens for the +authentication with the entered Microsoft account. Here, a possible configured second factor is also +requested. The authentication is handled via the +[Open ID Connect protocol](https://openid.net/connect/). + +### Linking Entra ID + +Below you will find instructions on how to connect Entra ID to Netwrix Password Secure. In the Azure +portal, go to the management page of your Microsoft Entra ID. Use an account with administrative +permissions for this. During this, login to Netwrix Password Secure with an account that has the +user right "Display organisational structure module", "Can manage Entra ID profiles", and "Can +create new Entra ID profiles" enabled. + +## Setup + +### New enterprise application + +Login to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of +your Microsoft Entra ID. + +NOTE: You need an account with administrative permissions + +- Write down your "Tenant ID" shown in the Azure console or by using PowerShell: + + +``` +Connect-AzureAD + +``` + +- Navigate in your Entra ID to "Enterprise applications" +- Add an own application, that is not listed in the Azure Gallery – in our example, we name it + "Netwrix Password Secure" + +NOTE: A key feature of Netwrix Password Secure is, that it is self-hosted by our customers. However, +to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure is not +available in the Azure Gallery. + +- When the application was created successfully, you are redirected to it automatically +- Write down the "Application ID" +- In the navigation, click "Users and groups" +- Add the Users and groups that should be available to Netwrix Password Secure + +**CAUTION:** The import of Azure groups as Netwrix Password Secure roles is only possible if you +have booked the Azure package Entra ID Premium P1! + +- Navigate to the "Provisioning" page +- Configure the Provisioning Mode to "Automatic" + +### Netwrix Password Secure Entra ID configuration + +NOTE: Your Netwrix Password Secure user need the following permissions: + + +``` +- Display organisational structure module +- Can manage Azure AD profiles +- Can create new Azure AD profiles + +``` + +- Navigate to the module "Organisational structure" +- In the toolbar, click on "Manage profiles" in the category "Entra ID" +- Create the profile with your information +- Insert the `Tenant ID` and the `Application ID` +- As soon as the profile has been saved, a popup opens for generating a token +- Choose a desired expiration date (max. 10 years) and click "Generate token" +- Write down the values of the fields "Tenant URL" and "Secret Token" + +### Azure provisioning configuration + +Fill the fields "Tenant URL" and "Secret Token" with the information provided by Netwrix Password +Secure Click "Test Connection" When the test has been successful, click on "Save" at the top of the +page Back on the "Provisioning" page, click "Start provisioning" In the settings of the +provisioning, check if "Provisioning Status" is set to "On" All allocated users and groups are +created in Netwrix Password Secure now + +NOTE: Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and +roles are shown in Netwrix Password Secure. + +**CAUTION:** Please note that Azure establishes the connection to Netwrix Password Secure. For this, +the client URL must be accessible from an external network / provisioning agent and any used SSL +certificate must be valid! If the users are not created in Netwrix Password Secure, consult the +Azure Enterprise Application Provisioning log for more information. + +### Azure login configuration + +To enable the Azure login for your users, a few more steps are required: + +- Navigate to the Overview page of your Entra ID +- Navigate to "App registrations" +- If no application is displayed, click "All applications" +- Click on "Netwrix Netwrix Password Secure" and navigate to "Authentication" +- Click on "Add a platform", select "Web" and configure the required URIs: + +| Client | URI | +| ------------------------ | ------------------------------------------------------------------------- | +| Web Application | `https://`Web Application_URL`/authentication/login-via-oidc` | +| Advanced view & Autofill | `https://login.microsoftonline.com/common/oauth2/nativeclient` | +| Google Chrome Extension | `https://bpjfchmapbmjeklgmlkabfepflgfckip.chromiumapp.org` | +| Microsoft Edge Extension | `https://ahdfobpkkckhdhbmnpjehdkepaddfhek.chromiumapp.org` | +| Firefox Extension | `https://28c91153e2d5b36394cfb1543c897e447d0f1017.extensions.allizom.org` | + +![web_configuration_entra_id](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/web_configuration_entra_id.webp) + +Click on "Add a platform", select "Mobile & desktop applications" and configure the required +mobile-app URI: + +| Client | URI | +| ------------- | ------------------ | +| iOS & Android | `psrmobile://auth` | + +![mobile_and_desktop_applications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/mobile_and_desktop_applications.webp) + +#### Create client secret + +Navigate to your Netwrix Netwrix Password Secure App registration -> Certificates & secrets -> +Client secret + +Create a client secret: + +![certificates-secrets-en_1544x311](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/certificates-secrets-en_1544x311.webp) + +Copy it over to the Netwrix Password Secure Entra ID profile: + +![entra_id_client_secret](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/entra_id_client_secret.webp) + +#### Set API permissions + +Finally, the API permissions for the Azure API have to be set, so the login to can be performed +successfully. + +1. Navigate to "API permissions" and click "Add a permission" +2. Select "Microsoft Graph" and then "Delegated permissions" +3. Set the checkboxes for "openid" and "profile" just under "OpenId permissions" +4. Click on "Add permissions" +5. Click on "Grant admin consent for YOUR_AD_NAME" diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md new file mode 100644 index 0000000000..8825ca490e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md @@ -0,0 +1,57 @@ +--- +title: "Microsoft Entra ID Services FAQ" +description: "Microsoft Entra ID Services FAQ" +sidebar_position: 10 +--- + +# Microsoft Entra ID Services FAQ + +## Is it possible to migrate from LDAP to Entra ID? + +Currently, an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is +not possible! + +## Which port is used for the SCIM endpoint for provisioning users/groups from Entra ID to the Application Server? + +11015 is the port that will be used for the communication from Entra ID to Netwrix Password Secure. + +## Does the Entra ID connection support nested groups? + +Due to Azure based technical limitations, Netwrix Password Secure does not support nested groups. + +## Does Entra ID work on servers that are only available internally? + +An integration on servers, that are not accessible from external sources, the integration of Entra +ID is also possible. For this, you can use the +[Entra ID on-premises application provisioning to SCIM-enabled apps](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-scim-provisioning). +This can be installed on all or only one application server. It must be noted that the IP or DNS +name of the "Tenent URL" specified in the subsequently created enterprise application is present in +the alternative application names in the server certificate. Tip: `https://127.0.0.1:11015/scim` can +also be specified as the "Tenent URL", in which case 127.0.0.1 must again be present in the +alternative application names in the server certificate. + +- Download the Provisioning Agent +- Install the Provisioning Agent on the server with the Netwrix Password Secure Server +- Start "AAD Connect Provisioning Agent Wizard" +- Select "On-premises application provisioning Entra ID to application", click next +- Click "Authenticate" and authenticate with a user.This user should be a Hybrid administrator or a + global administrator. +- Click "Confirm" +- Wait for the application to finish the registration in Azure +- Switch to the Azure Portal +- Click "Microsoft Entra ID" +- Click "Enterprise applications" +- Click "New application" +- Search for "On-premises SCIM app" +- Click "On-premises SCIM app" +- Adjust the name +- Click "Create" +- Wait for the operation to end +- Click the created application in the overview of "Enterprise applications" +- Click "Provisioning" +- Click "Get started" +- Set provisioning mode "Automatic" +- Unhide "On-Premises Connectivity" +- Assign the just installed agent to this application by selecting it and click "Assign Agent(s)" +- It takes about 20 minutes until the agent is correctly connected to your application and you can + proceed. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md new file mode 100644 index 0000000000..7499981f35 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md @@ -0,0 +1,64 @@ +--- +title: "First factor" +description: "First factor" +sidebar_position: 40 +--- + +# First factor + +## What is meant by first factor? + +It is a process that regulates access to our system. + +## Requirements + +With the user setting **Edit first factor** you have the possibility to define another factor for +authentication than the standard password. + +![Edit first factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_1-en.webp) + +## Factors + +### Smartcard (only on Advanced view) + +The configuration is done via the user setting **First factor**. + +![Smartcard 1st factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_2-en.webp) + +NOTE: This option is only valid for users in master key mode + +**CAUTION:** Be Aware" The smartcard logon tries to determine whether the certificate belongs to the +user to be logged on based on the applicant in the smartcard certificate. This is done using regex, +the default regex `^{username}[.@\\/-_:]({domain})$` or `^({domain})[.@\\/-_:]({username})$` is +applied to the applicant. In this case, `{username}` is replaced with the user to be registered and +`{domain}` is replaced with the domain in the AD profile in the regex and if the regex query is +positive, the user is registered. If the format of your applicant in your certificates is not +compatible with these two regex queries, you must set a custom regex query in the Server Manager. +Please note that `{username}` for username and `{domain}` for the AD domain SHOULD be present in the +regex query. If the domain must be explicitly specified, it must be written in capital letters. + +In addition, the smartcard certificate must of course also be valid on the server! + +## Fido2 (only at the Web Application) + +## Requirement + +For Fido2 it is mandatory that +SMTP ([Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md)) is configured. +In addition, an e-mail address must be stored for the AD users. + +Furthermore, the URL of the Web Application must be stored in the Server Manager: + +![Edit WebClient URL](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_3-en.webp) + +### Configuration + +The configuration is done via the user setting **First Factor**. + +![FIDO2](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_4-en.webp) + +As soon as an AD user logs on to the Web Application, he gets the following prompt + +![prompt](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_5-en.webp) + +After clicking on **Setup Fido2 access** in the mail, Fido2 is configured. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/_category_.json new file mode 100644 index 0000000000..5ab4bd9aa4 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Managing users", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "managing_users" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md new file mode 100644 index 0000000000..1cbe829669 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md @@ -0,0 +1,86 @@ +--- +title: "Managing users" +description: "Managing users" +sidebar_position: 10 +--- + +# Managing users + +## How are users managed in Netwrix Password Secure? + +The way in which users are managed is highly dependent on whether Active Directory is connected or +not. In Master Key mode, Active Directory remains the leading system. Accordingly, users are then +also managed in the AD. If Netwrix Password Secure is the leading system, e.g. in end-to-end mode, +users are managed in the organisational structures module. More details are provided in the relevant +sections. + +## Relevant rights + +The following options are required to add local users. + +### User rights + +Can add new users -Display organisational structure module + +## Adding local users + +In general, new users are added in the same way as creating a local organisational unit. Therefore, +only the differences will be covered below. + +### Creating users + +![create user](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/create-user-wc.webp) + +- **Allocated roles**: New users can directly be allocated one or more rolls when they are created +- **Change password on next login**: The user will be requested to change their user password on the + next login (obligatory) +- **Account is deactivated**: The user is created with the status "deactivated". The account is thus + not useable. The write rights for a user can be set/removed with this option. In editing mode, the + account can also be deactivated during ongoing operation. +- **Restricted user**: Controlling entities exist in many companies that are only tasked with + checking the integrity and hierarchies of various pieces of information with one another but are + not required to productively work with the information themselves. This could be a data protection + officer or also an administrator in some cases. This would be the case if an administrator was + responsible for issuing permissions to other people but should not be able to view the data + themselves. The property **restricted user** is used to limit the visibility of the password + field. It thus deals with purely administrative users or controlling entities. + +NOTE: Restricted users cannot view any passwords + +### Configuring rights + +The second tab of the wizard allows you to define the permissions for the newly created user. If an +allocated organisational unit or a rights template group was defined in the first tab, the new user +will inherit its permissions. Here, these permissions can be adapted if desired. + +### Configuring user rights + +Users always receive their user rights via role, which is either user-specific or global (see user +rights). If no role is defined in the first tab "Create user", the third tab will thus contain +globally defined user rights. + +## Importing users + +Importing from Active Directory can be carried out in two ways that are described in a separate +section. + +## User licenses + +There are two different types of licenses, **Advanced view** and **Basic view** licenses. In all +other editions you can only purchase Advanced view licenses. Please note that licensed Basic view +users are not able to use the Advanced view. However, Advanced view Users can also switch to the +Basic view. + +**CAUTION:** For licensing reasons, it is not intended to switch from a Advanced view user to a +Basic view user! + +Our sales team will be happy to answer any questions you may have about licensing. + +Display data to which the user is authorized In order to display the data to which a user is +authorized, you must right-click on the corresponding user in the organisational structure. In the +context menu that opens, you will find the following options under **displaying data records**: + +Password -Documents -Forms -Rolls -Uses -Password Reset -System Tasks -Seal templates + +NOTE: All authorizations for a data record are taken into account, regardless of whether you are +authorized by a role or the user. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md new file mode 100644 index 0000000000..c45176f6a7 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md @@ -0,0 +1,91 @@ +--- +title: "User passwords / logging in to client" +description: "User passwords / logging in to client" +sidebar_position: 10 +--- + +# User passwords / logging in to client + +## User passwords + +Depending on the type of user, they will either be allocated their password in Netwrix Password +Secure or the login will be carried out using access data for the domain. How the user logs in also +differs according to the type of user. + +### Differences between users and passwords + +- **Local users** Local users are those users that were directly created in Netwrix Password Secure. + These users must be directly assigned a password when they are created. If local users are + migrated from older versions, they receive a randomly generated password that is sent to them via + email. +- **AD users in end-to-end mode** These users must also be assigned a password in Netwrix Password + Secure. A new password will also be issued via email for these users in the case of a possible + migration. +- **AD users in Master Key mode** These users log in directly with access data for the domain. It is + thus not necessary to assign them a password. As these users directly authenticate themselves via + Active Directory, the currently saved password in Active Directory is thus always valid. These + users can still directly log in using the existing password even after a migration + +### Required rights + +Various rights are required in order to issue or change user passwords. One prerequisite is the user +right **Can display organisational structure module**. **Read** and **write** rights for the user +are also required. Finally, membership of the user is required. Normally, the user themselves and +the user who created or imported the user have the right to change their password. + +![Permission for user](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_1-en.webp) + +### Assigning and changing passwords + +As already explained, local users are directly assigned their initial password when the user is +created. The situation is different for users that are imported in end-to-end mode. They do not +possess a password directly after the import and can thus not log in. It is thus necessary to assign +passwords after the import. + +The passwords can be directly assigned or changed via the ribbon. Naturally, it is also possible to +select multiple users if e.g. several imported users should be assigned the same password. + +![change password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_2-en.webp) + +### Change password on next login + +Even if several users receive the same initial password, it is sensible to force them to change it +to an individual password. There is a corresponding option for this purpose. In the case of **local +users**, this can be activated during the creation of the user. In the case of **users in end-to-end +mode**, this option is directly activated during import for security reasons. This option is +automatically deactivated after the user has successfully logged in and changed the password. + +![change password next login](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_3-en.webp) + +### Security of passwords + +To guarantee that passwords are sufficiently strong, it is recommended that corresponding +[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) are created. It is +especially important to ensure here that user names are excluded. The password rule then still needs +to be defined as a user password rule. + +## Logging in to the database + +The process for logging into the database differs depending on the type of user. + +### Local user + +Local users simply log in using their user name and the assigned password. + +![login username](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_4-en_415x238.webp) + +![login password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_5-en.webp) + +## AD user + +If only one domain has been configured, the users from AD can also log in with their user name and +password the same as local users. If multiple domains have been configured or there is a local user +with the same name, the name of the domain must be entered in front of the user name + +The name of the domain must be entered as it is configured in the AD profile under **Domains**. The +option **Other domain names** can be used to save other forms of the domain name. + +![AD User](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_6-en.webp) + +NOTE: The logon to the client is automatically forwarded to the Autofill Add-on and other clients on +the same computer. The same applies to logging on to the Autofill Add-on. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/_category_.json new file mode 100644 index 0000000000..6af5368eaf --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Multifactor authentication", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "multifactor_authentication" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md new file mode 100644 index 0000000000..8ddd2d8284 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md @@ -0,0 +1,93 @@ +--- +title: "Multifactor authentication" +description: "Multifactor authentication" +sidebar_position: 50 +--- + +# Multifactor authentication + +## What is multifactor authentication? + +By means of multifactor authentication, you can save the login – in addition to the password – with +a further factor. Setting up a multifactor authentication can be done by either the administrator or +the user. + +## Requirements + +To use multifactor authentication on a database, it must firstly have been activated on the Server +Manager. In the database module, open the settings for the selected database via the ribbon. + +![database settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_1-en.webp) + +It is possible to separately define in the settings whether it is permitted to use each interface on +the database. + +![multifactor authentication](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_2-en.webp) + +### Other settings + +In the user settings, it is also possible to define the "Length of validity of a multifactor +authentication token" in minutes. + +NOTE: In order for a user (administrator) to be able to **configure** multifactor authentication for +other users, the user must have the rights **read**, **write**, **delete** and **authorize**. It is +important that these rights exist before Multifactor Authentication is set up. + +## Configuration of multifactor authentication + +In the [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) module, you select the user and +the interface "Multifactor authentication" in the ribbon. + +![TOTP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_3-en.webp) + +The desired type of authentication is selected and given a title. This name is also displayed to the +user when logging in. The subsequent process differs depending on the desired authentication type. + +### Google authenticator + +The prerequisite for this is that the relevant app has been started on a smartphone. After the name +has been assigned for the authentication, you generate a new secret via the corresponding button. A +QR code is displayed, which must be scanned using the Google Authenticator app on a smartphone. + +![google authenticator](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_4-en.webp) + +Once the Google Authenticator app has detected the QR code, it will return a 6-digit PIN. You must +then enter it in the appropriate field. Finally, click on **Create** in the ribbon. + +## RSA SecurID Token + +To set up multifactor authentication using RSA SecurID, simply enter the RSA user name and click +**Create** directly in the ribbon. + +![RSA SecurID Token](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_5-en.webp) + +NOTE: The prerequisite for the use of RSA SecurID token is that the access data has been stored in +the Database settings on the Server Manager. + +## Public key infrastructure + +For PKI setup, the **Select** button is used to open the menu for selecting the desired certificate. +All eligible certificates are displayed. + +![Public key infrastructure](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_7-en.webp) + +Now just select the desired certificate from the list to confirm the process. + +## Yubico One Time Password + +The configuration of multifactor authentication using Yubico One Time Password is described +in[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). + +## Delete Multifactor Authentication (MFA) + +The multifactor authentication can be deleted by the user himself or by another user with sufficient +authorization. The rights **Read**, **Write**, **Authorize** and **Delete** are required for another +user to perform the deletion. + +In order to delete a file, you should go to the main menu. Under **Account** you will find the item +**Multifactor Authentication**. An alternative way is to enter the management of multifactor +authentication via the organisational structure. To do so, select the corresponding user and click +on the **Multifactor Authentication** ribbon. + +In the administration of the multi-factor authentication you will then find in the ribbon the +possibility to delete the stored MFA. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md new file mode 100644 index 0000000000..7be3d97af0 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md @@ -0,0 +1,55 @@ +--- +title: "OTP (One-Time-Password)" +description: "OTP (One-Time-Password)" +sidebar_position: 20 +--- + +# OTP (One-Time-Password) + +## Using OTP in Netwrix Password Secure + +A one-time password is a password that is valid once and can be used for authentication or +transactions. Accordingly, each additional authentication or authorization requires a new one-time +password. + +## Establishment + +To set up OTP in Netwrix Password Secure, proceed as follows. + +- **Create form with OTP field** + +Create a new form or add an OTP field to an existing form: + +- **Create password** + +You assign the new or customized form to existing passwords and edit them or create a new password +with the new or customized form. + +Next, the OTP field must be configured. For this purpose the key (secret) of the desired +website/application is stored in Netwrix Password Secure. + +As soon as the secret has been deposited and the password saved, the setup is complete. + +## OTP in HTML WebViewer and Emergency WebViewer + +##### OTP in HTML WebViewer + +1. Set up OTP +2. Create + [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) +3. Open the created HTML WebViewer + +How to use the HTML WebViewer can be read in the chapter with the same name. + +##### OTP in Emergency WebViewer + +NOTE: The special feature of the Emergency WebViewer is that the stored OTP secret is also +displayed. + +In order to use the One-Time-Password in the +[EmergencyWebViewer](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md) +you have to proceed as follows: + +1. Set up OTP +2. Emergency HTML WebViewer Export Task Create +3. Open the created emergency WebViewer diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md new file mode 100644 index 0000000000..79b26a6621 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md @@ -0,0 +1,82 @@ +--- +title: "Yubico / Yubikey" +description: "Yubico / Yubikey" +sidebar_position: 10 +--- + +# Yubico / Yubikey + +## Setting up multifactor authentication + +### Requirements + +The following firewall release must be granted: + +- [https://api.yubico.com/wsapi/2.0/verify](https://api.yubico.com/wsapi/2.0/verify) + +### Requesting the Yubico API key + +An API key must be requested for configuration. For this purpose, use the following link and enter +an e-mail address: [Yubico Website](https://upgrade.yubico.com/getapikey/) + +![yubico setup](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_1-en.webp) + +Yubikey will then generate a **One Time Password**. The Yubikey used must only be touched in the +right place. + +![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) + +The **One Time Password** is entered directly into the corresponding field. + +![yubico OTP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_3-en.webp) + +Once the general terms and conditions have been approved, the API Key can be requested. + +![yubico key](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_4-en.webp) + +### Configuring the Yubikey API + +The actual setting up of the multifactor authentication is carried out on the Server Manager in the +**Database** module. First select the required data base; then open the "Features" in the ribbon. +The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and saved. + +![Configuration yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_5-en.webp) + +The interface is now ready and can be used. + +NOTE: The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for +communication with Yubico. Please make sure that the Netwrix Password Secure Server can connect to +this endpoint. + +## Configuring multifactor authentication for users + +Multifactor authentication can be configured in the Netwrix Password Secure client. It can be done +by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) +menu. In order to configure the Yubikey, simply select **Yubico OTP**. + +![setup second factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_6-en.webp) + +Now click in the field for the token and create a token using the Yubikey. For **Yubikey NEO**, you +only need to touch the touch panel. The same applies to **Yubikey Nano**. + +![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) + +The token is entered directly into the corresponding field. The multifactor authentication is +configured once you’ve clicked on configure. + +![Configuration yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_8-en.webp) + +## Logging in with the Yubikey + +To login with Multifactor Authentication, the database is first selected and then **User Name** and +**Password** are entered and confirmed. + +After the first password authentication, another window for the **Yubico Key** is displayed. + +![Login yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_10-en.webp) + +Click on the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. + +![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) + +The user is now logged on. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md new file mode 100644 index 0000000000..02c0ed46de --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md @@ -0,0 +1,113 @@ +--- +title: "Organisational structure" +description: "Organisational structure" +sidebar_position: 40 +--- + +# Organisational structure + +## What are organisational structures? + +The storage of passwords or documents always takes place according to the defined organisational +structures. The module enables complex structures to be defined, which later form the basis for the +systematic storage of data. It is often possible to define them on the basis of already existing +organization diagrams for the company or department. It is also possible to use other criteria, such +as the function / activity performed, as the basis for creating hierarchies. It is always up to the +customer themselves to decide which structure is most useful for the purpose of the application. + +![Organizational structure modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_1-en.webp) + +## Relevant rights + +The following options are required for adding new organisational structures. + +### User rights + +- Can add new organisational units +- Display organisational structure module + +## Module-specific ribbon functions + +The operation of the ribbon differs fundamentally in a couple of aspects to how it works in other +modules. The following section will focus on only those elements of the ribbon that differ. The +remaining actions have already be explained for the password module. + +![create new user/organisational unit](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_2-en.webp) + +- **New organisational unit/user**: New organisational units or new users can be added via the + ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right + mouse button. Due to its complexity, there is a separate section for this function: + [User management](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md) +- **Drag & Drop**: If this option has been activated, it is possible to move users or organisational + units in list view via drag & drop +- **Permissions**: The configuration of permissions within the organisational structure is important + both for the administration of the structure and also as the basis for the permissions in + accordance with + [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md). + The benefits of + [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) are + explained in a separate section. +- **Settings**: The settings can be configured for both users and also organisational units. More + information on [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md)… +- **Active Directory**: The connection to Active Directory is explained in a dedicated section + [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +- **Microsoft Entra ID**: The connection to Microsoft Entra ID is explained in a dedicated section +- **Multi Factor authentication**: Additional security during login is provided through positive + authentication based on another factor. More on this subject… +- **Reset password**: Administrators can reset the passwords with which users log in to Netwrix + Password Secure to a defined value. Naturally, this is only possible if the connection to Active + Directory is configured + via[End-to-end encryption](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the + alternative [Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the + authentication is linked to the correct entry of the AD password. + +NOTE: To reset a user password, membership for the user is a prerequisite. + +The example below shows the configuration of a user where only the user themselves is a member. + +![permission for user](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_3-en.webp) + +This configuration means that the user password cannot be reset by administrators. The disadvantage +is that if the password is lost there is no technical solution for "resetting" the password in the +system. + +**CAUTION:** It is not recommended to configure the permissions so that only the user themselves has +membership. No other interventions can be made if the password is then lost. + +## Adding local organisational units + +Both users and also organisational units themselves can be added as usual via the ribbon +(alternatively via Ctrl + N or via the context menu). These processes are supported by various +wizards. The example below shows the creation of a new organisational unit: + +### Create organisational unit + +![Add new organisational unit](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_4-en.webp) + +- **Allocated organisational unit**: If the new object is defined as a **main organisational unit**, + it is not allocated to an existing organisational unit +- **Rights template group**: If an already existing organisational unit was selected under + "allocated organisational unit", you can select one of the existing rights template groups. + +NOTE: The organisational unit marked in list view will be used as a default. This applies to the +fields "allocated organisational unit" and also "rights template". + +### Create role + +![Create role](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_5-en.webp) + +When creating a new organisational unit, the second tab in the wizard enables you to directly create +a new role. This role will not only be created but also given "read permission" to the newly created +organisational unit. + +### Configuring rights + +![Configuring rights](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_6-en.webp) + +The third tab of the wizard allows you to define the permissions for the newly created +organisational unit. If an allocated organisational unit or a rights template group was defined in +the first tab, the new organisational unit will inherit its permissions. These permissions can be +adapted if desired. + +NOTE: The **organisational structure** module is based on the Web Application module of the same +name. Both modules have a different scope and design but are almost identical to use. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/_category_.json new file mode 100644 index 0000000000..d844547bfe --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Permissions for organisational structures", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "permissions_for_organisational" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md new file mode 100644 index 0000000000..0d090cc864 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md @@ -0,0 +1,38 @@ +--- +title: "Inheriting permissions" +description: "Inheriting permissions" +sidebar_position: 10 +--- + +# Inheriting permissions + +## What is inherited in organisational structures? + +If you open the permissions for an organisational structure, the currently configured permissions +will be visible. In the following example, there are a total of four roles with varying permissions +for the organisational structure. + +![inheriting permission](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/inheriting_permissions_1-en.webp) + +## Relevant rights + +The following options are required to view "**inherit**" and "**overwrite**" icons. + +### User right + +- Can overwrite permissions +- Can inherit permissions + +The two highlighted options are now available on the ribbon. + +- **Inherit**: This means that all of the configurations defined in the current permissions mask are + inherited by underlying organisational structures when it is saved. The permissions are added to + existing ones +- **Overwrite**: This means that all of the configurations defined are applied to underlying + organisational structures when it is saved. The previous permissions are lost. + +Both mechanisms are protected by a confirmation prompt. If both "inherit" and also "overwrite" are +selected, "overwrite" is considered the overriding function. + +**CAUTION:** Both mechanisms are not protected by user rights. The **authorize** right for the +organisational structure is required to activate the inheritance or overwrite functions. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md new file mode 100644 index 0000000000..1a93abebea --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md @@ -0,0 +1,62 @@ +--- +title: "Permissions for organisational structures" +description: "Permissions for organisational structures" +sidebar_position: 20 +--- + +# Permissions for organisational structures + +## Relevance + +These permissions primarily define which users/roles have what form of permissions for +organisational structures. In addition, there are **two mechanisms** that directly build on the +permissions for organisational structures. + +1. **Limiting visibility**: It was already explained in the section on + [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) + that selectively withholding information is a very effective + [Protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md). + Configuration of the visibility is carried out directly when issuing permissions to + organisational structures. +2. **Inheriting permissions for records**: + [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md) + is defined as a system standard. This means that there is no difference between the permissions + for an organisational structure and the permissions for data that is stored in these + organisational structures. + +The way in which permissions for organisational structures are designed thus effects the subsequent +work with Netwrix Password Secure in many ways. The following diagram describes the above-mentioned +interfaces. + +![Permissions for organizational structures](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organizational_structures_1-en.webp) + +## Permissions + +The visibility and also inheritance mechanisms are not considered below. This section exclusively +deals with permissions for the actual organisational structure. It deals with which users and roles +have what form of permissions for a given organisational structure. Permissions for organisational +structures can be defined via the ribbon or also the context menu that is accessed using the right +mouse button. A permissions tab appears: + +![Permissions for OU](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organizational_structures_2-en.webp) + +NOTE: The basic mechanisms for setting permissions is described in detail in the Authorization +concept. + +**CAUTION:** It is important that the permissions displayed here are interpreted correctly! The +example above shows the permissions for the "organisational structure IT". + +The user Max Muster possesses all rights to the organisational structure IT and can thus edit, +delete and also grant permissions for this structure. + +## The add right + +The "add" right holds a special position amongst the available rights because it does not refer to +the organisational unit itself but rather to data that will be created within it. In general, it is +fair to say that to add objects in an organisational unit requires the add right. If a user wants to +add a new record to an organisational unit, the user requires the above-mentioned right. In the +example above, only the administrator has the required permissions for adding new records. Even the +IT manager – who possess all other rights to the organisational structure "IT" – does not have the +right to add records. + +**CAUTION:** The add right merely describes the right to create objects in an organisational unit. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/_category_.json new file mode 100644 index 0000000000..a3d9a19b3d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Password Reset", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "password_reset" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/configuration_2.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/configuration_2.md new file mode 100644 index 0000000000..c5ad12aed1 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/configuration_2.md @@ -0,0 +1,69 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 20 +--- + +# Configuration + +## Creating a Password Reset + +New Password Resets can be directly added via the ribbon or the keyboard shortcut "Ctrl + N" in the +Password Reset module. With regards to setting permissions, a Password Reset behaves in precisely +the same way as every other object. It is thus possible to precisely control which users can view +and use which Password Resets. + +## Configuration Guide + +The configuration of a new Password Reset comprises four steps. All of the necessary conditions and +variables for the configuration are defined in the following areas: "General", "Trigger", "Scripts" +and "Linked passwords". + +![configuration password reset](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_1-en.webp) + +### General + +- **Name**: Designation for the Password Reset +- **Responsible user**: All completed Password Resets are also recorded within Netwrix Password + Secure (logbook,…). To ensure these steps can be allocated to a user, a user who is registered in + Netwrix Password Secure is selected in the field "Responsible user". + +### Trigger + +Triggers describe the conditions that need to be fulfilled so that a Password Reset is carried out. +There are a total of three possible triggers available: + +- Reset the password x minutes after the password has been viewed +- Reset the password when it has not been changed for x days +- Reset the password when it has been expired for x days + +At least one trigger must be activated so that the Password Reset is activated. Deactivating all +triggers is equivalent to deactivating the Password Reset. All three triggers can be activated and +deactivated independently of one another. Only one selection can be made in each of the three +categories. + +NOTE: A separate system task within Netwrix Password Secure checks every minute whether a trigger +applies. + +### Scripts + +A new dialogue appears after the selection in which the type of system "to be reset2 can be defined. + +![new script password reset](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2-en.webp) + +- **Script type**: You select here from the possible script types. +- **Password**: The credentials for the record that will ultimately carry out the Password Reset. + The required information is specifically requested in each case. For example, if the reset is for + an MSSQL user, the MSSQL instance and the port used needs to be entered. + +The functions and configuration process are described in detail in the section Scripts. + +NOTE: It is not possible to create a Password Reset without an associated script. + +### Linked passwords + +All records that should be reset with the Password Reset according to the selected trigger are +listed under “Linked passwords”. Multiple objects can be entered. The linked Password Reset is also +visible in the footer of the reading pane once it has been successfully configured. + +![new script password reset](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md new file mode 100644 index 0000000000..a78d1678c9 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md @@ -0,0 +1,73 @@ +--- +title: "Heartbeat" +description: "Heartbeat" +sidebar_position: 50 +--- + +# Heartbeat + +## What is the heartbeat? + +The heartbeat checks whether passwords in Netwrix Password Secure match the login data on the +relevant systems. This process ensures that the passwords do not differ from one another. + +## Requirements + +The heartbeat is only available for passwords that are linked to a properly functioning Password +Reset. + +### Supported script types + +The passwords for the following script types can be tested: + +- Windows user +- MSSQL user +- Active Directory users +- Linux user + +Further information can be found in the section Scripts. + +## Testing using heartbeat + +The testing process using the heartbeat can be executed via various methods. + +## Testing via Password Reset + +The heartbeat is always carried out before the first resetting process using a Password Reset. After +the script has run, the testing process is carried out again. Further information on this process +can also be found in the section [Rollback](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md). + +### Manual testing + +The heartbeat can be executed in the ribbon for the password module by clicking on **Check login +data**. The currently marked password is always tested. + +### Automatic testing via the password settings + +It is also possible to configure the heartbeat to run cyclically. It can be configured either via +the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) or directly in the +[Password settings](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md). + +## Results of the tests + +The results of the test can be viewed in the **passwords module**. + +![result heartbeat](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/heartbeat/heartbeat_1-en.webp) + +The date when it was last executed can be seen at the top of the +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). The success of the testing +process is indicated alongside using a coloured icon. Further information can be displayed by moving +the mouse over the icon. + +The icon has three different versions. These have the following meanings: + +The last test was successful. The password is correct The test could not be performed. For example, +the password could not be reached. The last test was completed. However, the password is different +to the one on the target system. + +## Filtering the results + +The filter can be configured using the filter group **Status of the login data** so that the tested +records can be selected. + +![Filter heartbeat status](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/heartbeat/heartbeat_2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md new file mode 100644 index 0000000000..6b9cc63df7 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md @@ -0,0 +1,44 @@ +--- +title: "Logbook entries under Password Reset" +description: "Logbook entries under Password Reset" +sidebar_position: 70 +--- + +# Logbook entries under Password Reset + +Subsequently all possible logbook entries in connection with Password Reset are listed + +The password reset first checks with the first script (via the heartbeat) whether the password is +correct: + +| Logbook Type | Logbook Record | +| ------------------------------ | -------------- | +| Login data valid | Container | +| Login data invalid | Container | +| Check errors during login data | Container | + +Afterwards all scripts of the password reset are executed one after the other and the following +logbook entries are written: + +| Logbook type | Logbook record | +| --------------------- | -------------- | +| Execute | Password Reset | +| Execute Rollback | Password Reset | +| Execution Error | Password Reset | +| Error during rollback | Password Reset | + +If an attempt was made to perform a rollback, but the rollback cannot be performed because the old +password was incorrect before the reset, or the first script is of the type “user-defined”, the +following logbook entry is written: + +| Logbook type | Logbook record | +| --------------------- | -------------- | +| Error during rollback | Password Reset | + +If a password reset has failed and an attempt is made to perform a rollback, the reset is blocked +for one day and the following logbook entry is written: (It does not matter if the rollback worked +or not) + +| Logbook type | Logbook record | +| ---------------------- | -------------- | +| Password Reset blocked | Password Reset | diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md new file mode 100644 index 0000000000..c84a61949b --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md @@ -0,0 +1,29 @@ +--- +title: "Password Reset" +description: "Password Reset" +sidebar_position: 90 +--- + +# Password Reset + +## What is a Password Reset? + +The safest passwords are those that no one knows. A Password Reset enables passwords to be reset to +a new and unknown value according to freely definable triggers. A trigger could be a definable time +interval or a certain action by the user. **The value of the password is changed in both Netwrix +Password Secure and also on the target system.** + +![Password reset diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset_1-en.webp) + +This process will be explained below using a specific example. The password for the MSSQL user has +expired. The Password Reset changes the password in Netwrix Password Secure and also in the target +system to a new value. + +![Password reset process diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset_2-en.webp) + +NOTE: If an error occurs during the execution of a password reset, the affected reset is blocked +with all associated passwords. This is noted in the logbook with an entry "blocked". + +**CAUTION:** Due to the complexity of the process, it is strongly recommended that Password Reset is +configured **in combination with certified partners**. The desired simplification of work processes +using the above-mentioned automated functions is accompanied by numerous risks. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/requirements_1.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/requirements_1.md new file mode 100644 index 0000000000..8d2e1ac0d6 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/requirements_1.md @@ -0,0 +1,23 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 10 +--- + +# Requirements + +## Relevant rights + +The following options are required for creating a Password Reset. + +### User rights + +- Can add new Password Resets +- Display Password Reset module + +### Requirements for Password Resets + +- A password that has administrative rights to the relevant target computers must have been saved in + Netwrix Password Secure. +- The Microsoft Remote Admin Tools must be saved on the target system. +- The target system must be accessible via the network. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md new file mode 100644 index 0000000000..823b2016ae --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md @@ -0,0 +1,29 @@ +--- +title: "Rollback" +description: "Rollback" +sidebar_position: 60 +--- + +# Rollback + +## What is a rollback? + +If an error occurs while running a script, a rollback is initiated. This ensures that the original +password is restored. + +## When does a rollback run? + +The following diagram shows when and according to which criteria a rollback is initiated: + +![rollback run](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/rollback/rollback_1-en.webp) + +## Procedure + +If a rollback needs to be run, all scripts for the Password Reset are executed once again. The last +password in the history is used for this process. No new historical entry is created after the +rollback. + +## Logbook + +The logbook can be used to see if a rollback has been run and if it was successful. After a +rollback, the password should be checked once again as a precaution. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md new file mode 100644 index 0000000000..a1b706fffb --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md @@ -0,0 +1,82 @@ +--- +title: "Scripts" +description: "Scripts" +sidebar_position: 30 +--- + +# Scripts + +## Available scripts + +The following scripts are supplied and can be directly used. In all scripts, a password is firstly +selected in the upper section. This is not the password that will be reset on the target system. +Instead, a user should be entered here that can complete the rest of the process on the target +system. This password thus requires administrative rights to the target system. + +A delay can also be configured in every script. This may be necessary, for example, if a password is +changed in AD and it is firstly distributed to other controllers. + +![new script](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_1-en.webp) + +## Active Directory Password Reset + +This script is responsible for changing passwords for Active Directory users (domain users). Access +to Active Directory is configured here under **Hostname**. + +![Active Directory Password Reset](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_2-en.webp) + +## Service accounts + +This script changes the access data within a service. Both the user and also the password can be +changed. The **host name** – i.e. the target computer – and the **service name** are saved here. + +![Service accounts scripts](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_3-en.webp) + +Please note that the **display name** for the **service** needs to be used. + +![display name service](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_4-en.webp) + +The access data in the associated password can be saved as follows: + +### Local user + +[Username] [Username] .[Username] [Computer][Username] + +### Active Directory user + +[Domain][Username] + +## Windows user + +This script can be used to reset the passwords for local Windows users. Only the **host name** needs +to be saved here. + +![Windows user script](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_5-en.webp) + +## Linux user + +Linux users can also be reset in the same way as Windows users. It is also only necessary to enter +the **host name** and the **port** here. + +![Linux user script](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_6-en.webp) + +## MSSQL user + +This script resets passwords for local MSSQL users. It is only necessary to enter the **MSSQL +instance** and the **port**. + +![MSSQL user script](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_7-en.webp) + +The name of the MSSQL instance can be taken from the login window for the SQL Management Studio. + +![MSSQL user script](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_8-en.webp) + +If a domain user is being used to log in to the SQL server, the user needs to be managed via the +script **Active Directory user**. + +## Planned task + +The passwords for users of Windows Task Scheduler can be changed using this script. The **host +name** of the computer on which the task will run and the **name** of the task itself are entered. + +![planned task](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_9-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md new file mode 100644 index 0000000000..2a3c58fa5a --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md @@ -0,0 +1,79 @@ +--- +title: "User-defined scripts" +description: "User-defined scripts" +sidebar_position: 40 +--- + +# User-defined scripts + +## Individual solutions using your own scripts + +If your requirements cannot be met using the [Scripts](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible +to create your own Powershell scripts. These scripts need to meet certain requirements to be used in +Netwrix Password Secure. + +## Storage location, name and call + +The scripts must be saved in the following directory: +`C:\ProgramData\MATESO\Password Safe and Repository Service\System\PowerShell` + +The scripts are saved in the **format.ps1**. + +## Structure of the scripts + +The PowerShell scripts must have the following structure: + +### RunScript function + +Netwrix Password Secure always calls the RunScript function. + + +``` +function RunScript +param ( +        [String]$HostName, +        [String]$UserName, +        [String]$NewPassword, +        [String]$CredentialsUserName, +        [Security.SecureString]$CredentialsPassword +    ) + +``` + +The following standard parameters can be used here: + +- UserName: The user name for which the password should be changed +- Password: The password that should be reset +- CredentialsUserName: The user name of the user authorized to carry our the reset (e.g. + administrator) +- CredentialsPassword: The password of the authorized user + +### Scriptblock + +The **scriptblock** can be used when the script should run in the context of another user. The +actual change is then carried out in the **scriptblock**. + +It is important in this case that you provide Netwrix Password Secure with feedback about what has +been changed via a **Write-Output**. The following example simply uses the outputs **true** or +**false**. However, it is also conceivable that an error message or similar is output. + + +``` +    $scriptBlock = {param ($UserName, $Password) +    // Make changes to SAP +    if($OK) { +        Write-Output "true" +    } else { +        Write-Output "false" +    } + +``` + +Naturally, CredentialsUserName and CredentialsPassword can also be directly used in the script (i.e. +without the **scriptblock**). You can view the supplied MSSQL script as an example. + +### Invoke + +A credential then still needs to be created. This is then transferred to the **scriptblock** using +the **invoke** command. It is also important in this case to provide Netwrix Password Secure with +feedback about all errors via **Write-Output** or **throw [System.Exception]**. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/_category_.json new file mode 100644 index 0000000000..563e094d99 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Passwords", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "passwords" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md new file mode 100644 index 0000000000..66879a2767 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md @@ -0,0 +1,87 @@ +--- +title: "Creating new passwords" +description: "Creating new passwords" +sidebar_position: 10 +--- + +# Creating new passwords + +## What does creating new passwords/records mean? + +Saving a record/password stores information in the MSSQL database. This process is started in the +Passwords module for the client. It is accessed either via the icon in the ribbon, using the +keyboard shortcut "CTRL + N" or via the context menu that is accessed using the right mouse button +in list view. The next step is to select a suitable form that will open in a modal window. + +## Requirements + +The following 2 user rights are required: + +- Can add new passwords +- Display password module + +## Selecting a form + +When creating a new record, it is possible to select from all the forms for which the logged-in user +has the required permissions. To make the selection process as easy as possible, a preview of the +form fields included in the form is shown on the right hand side. + +![Select form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_1-en.webp) + +In this example, you can see that the "Password" form marked on the left contains three form fields +"Name", "User name" and "Password". Forms thus act as **templates** according to which their +information is saved. (Management of the forms including issuing permissions and editing existing +forms is covered in a separate section) + +## Entering data + +The window for creating a new record always open in a separate tab. As can be seen below, the +corresponding form fields for the previously selected form can now be filled. Password fields +deserve special mention here because they can be handled differently based on password rules. The +record can be saved via the ribbon when all fields have been filled. + +![new record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_2-en.webp) + +## Validity and tags + +Irrespective of the selected form, it is always possible to define the validity and tags for a +record. Both values are optional. + +![Validity and tags](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_3-en.webp) + +- The **validity** defines an end date until which the record is valid. This information can be + evaluated e.g. in the logbook or in reports. It is thus possible to create a list of all expired + passwords for a user or an authorized entity. However, it is not possible to limit the usability + of expired passwords for security reasons. +- **Tags** are freely definable properties of records that can be used as search criteria. This also + allows thematically linked information to be grouped together. + +## Setting permissions for new records + +In principle, there are various approaches for setting permissions for newly created records. All of +them have already been described in the Authorization concept section. It is important to note here +that **manual setting of permissions is only possible after saving** a record. Automatic permissions +are set before the record is saved. In this context, the selection of the organisational structure +and the permissions for a record are important aspects. + +![permissions new record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_4-en.webp) + +- **Manual setting of permissions**: If you want to manually set permissions for the record, select + the organisational structure in which the record should be saved. After saving the record, the + permissions can be manually amended via the permissions tab in the ribbon. If you only want to + create a personal record for which no other user will receive permissions, simply select your own + organisational structure and conclude the process with "save" via the ribbon. + +NOTE: If any kind of automatic permissions have been activated for the selected OU, this will always +be prioritized. + +**CAUTION:** Even when creating private records, inheritance of permissions based on the logged-in +user can also be activated as an option. This option is described in a separate section. + +NOTE: The user right Allow sharing of personal passwords can be used to define that personal +passwords cannot be released to other users. + +**Automatic setting of permissions**: Automatic setting of permissions is carried out before the +record is saved. Irrespective of whether predefined rights or rights inheritance is being used, the +configuration is always carried out in the organisational structure or permissions area. Saving the +record thus completes the process for creating the password including the issuing of permissions. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md new file mode 100644 index 0000000000..9d246adca8 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md @@ -0,0 +1,38 @@ +--- +title: "Form field permissions" +description: "Form field permissions" +sidebar_position: 40 +--- + +# Form field permissions + +## What are form field permissions? + +The authorization concept allows separate permissions to be set for each object. These objects could +be records, forms or users. Netwrix Password Secure goes one step further in this context. Every +single form field for a record can also be granted with separate permissions. It is thus possible to +grant different permissions for the password field of a record than are set for the other fields. + +## Relevant rights + +The following options are required to view "inherit" and "overwrite" icons. + +### User right + +- Can overwrite permissions +- Can inherit permissions + +## Configuration + +The associated form field permissions for the marked record can be opened via the ribbon using the +drop-down menu under "Permissions". + +![form field permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions_1-en.webp) + +The window that opens allows you to select the relevant form field for which you want to grant +permissions. The following example focuses on the password field. + +![permissions of password field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions_2-en.webp) + +The permissions configured here now exclusively apply to the password field. The other form fields +remain unaffected. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md new file mode 100644 index 0000000000..2b897e9f10 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md @@ -0,0 +1,56 @@ +--- +title: "History" +description: "History" +sidebar_position: 60 +--- + +# History + +## What is the history? + +Alongside saving passwords and keeping them safe, the ability to trace changes to records also has +great relevance. The history maintains a seamless account of the versions for all form fields in a +record. Every change to records is separately recorded, saved and can thus also be restored. In +addition, it is always possible to compare historical values with the current version. The history +is thus an indispensable component of every security concept. + +## The history in the reading pane + +The optional footer area can be used to already display the history when in the reading pane. All of +the historical entries are listed and sorted in chronological order. + +![history in footer](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_1-en.webp) + +The different versions are displayed one below the other on the left. The info for each respective +version can then be seen alongside on the right. A quick view can be displayed via the **History** +in the ribbon or via a double click. + +![quick view history](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_2-en.webp) + +## Detailed history in the Extras + +The detailed history for the record marked in list view can be called up in the Start/Extras tab. + +![History](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_3-en.webp) + +The history for the marked record opens in a separate tab. In list view, all of the available +versions with the date and time of their last change are sorted in chronological order. + +![history list view](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_4-en.webp) + +## Comparison of versions + +At least two versions need to be selected in order to carry out a comparison. In list view, mark the +first version and then add another version via the “Add” button on the right of the reading pane to +compare with the first one. + +![comparison of history versions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_5-en.webp) + +If deviations exist between the two versions, these will be highlighted in color. + +![difference between password history](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_6-en.webp) + +## Restoring versions + +A selected status can be restored via the ribbon. The current state is overwritten and added to the +history diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/moving_passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/moving_passwords.md new file mode 100644 index 0000000000..345a9483b1 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/moving_passwords.md @@ -0,0 +1,48 @@ +--- +title: "Moving passwords" +description: "Moving passwords" +sidebar_position: 30 +--- + +# Moving passwords + +## What happens when records are moved? + +Data can be moved within Netwrix Password Secure to another organisational structure. This does not +necessarily have to be linked to a change in permissions (the effects are described separately +below). Moving records without changing the permissions mainly has effects on the filtering or +search functions for records. + +## How do you move a record? + +The (marked) records are moved either via the ribbon or via the context menu that is accessed using +the right mouse button. + +![moving password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_1-en.webp) + +Multiple records can also be marked and moved. The selected permissions are then valid for all +records in this case. + +### Required permissions + +No special user rights/settings are required in order to move records. The “move” right for the +record is the only deciding factor. + +![required permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_2-en.webp) + +## Effects on existing permissions + +![effects on existing permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_3-en.webp) + +- **Retain permissions**: The permissions for the record are not changed by moving it and are + retained +- **Overwrite permissions**: The permissions for the record are overwritten by the target OU +- **Extend permissions**: The existing permissions are extended to include the permissions for the + target OU + +**CAUTION:** From a technical perspective, all rights will be removed from the record when +overwriting the permissions. The permissions will then be applied to the record in accordance with +the rights template or inheritance from organisational structures. It is important to note here that +it is theoretically possible to remove your own rights to the record! The rights change will only be +carried out if at least one user retains the right to issue permissions as a result. Otherwise, the +rights change will be cancelled with a corresponding message. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md new file mode 100644 index 0000000000..bcb187aa92 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md @@ -0,0 +1,33 @@ +--- +title: "Password settings" +description: "Password settings" +sidebar_position: 50 +--- + +# Password settings + +## What are password settings? + +The password settings can be used to define a diverse range of options. These can be found in the +ribbon in the subsection “Extras”. The settings open up in a new tab. + +![password settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/password_settings_1-en.webp) + +### Category: Browser + +- **Default browser**: This option can be used to define a default browser for every record + separately. You can select from all browsers that have been registered as a browser in Windows. + +### Category: SSO + +- **Browser Extensions**: **Exact domain check**: This setting defines whether the domain for + displaying the record should be subjected to an exact domain check or not. Further information on + this subject can be found under Add-ons. +- **Browser Extensions**: Automatically fill login masks: This setting defines whether the login + masks are automatically filled when logging in via SSO. This is the case when the user is located + on a login page. If the record for this page has been saved, the login mask will be filled if this + option has been activated. Otherwise, this step needs to be carried out manually via the add-on. + If multiple records have been saved for this page, the user must complete this step manually via + the add-on in both cases. +- **Browser Extensions**: Automatically send login masks: If this option has been activated, the + login button is automatically pressed after filling in the login information. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md new file mode 100644 index 0000000000..205a7fddfa --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md @@ -0,0 +1,115 @@ +--- +title: "Passwords" +description: "Passwords" +sidebar_position: 10 +--- + +# Passwords + +## What are passwords? + +In Netwrix Password Secure v8, the data record with the passwords represents the central data +object. The Passwords module provides administrators and users with central access to the passwords +for the purpose of handling this sensitive data that requires protection. Search filters in +combination with color-highlighted tags enable very focussed work. Various approaches can be used to +help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module +helps all users to use Netwrix Password Secure in an efficient and targeted manner. + +![Password modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_1-en.webp) + +## Prerequisite + +The following user right is required for adding new passwords: + +- **Can add new passwords** + +## Module-specific ribbon functions + +The ribbon offers access to all possible actions relevant to the situation at all times. Especially +within the "Passwords" module, the ribbon plays a key role due to the numerous module-specific +functions. General information on the subject of the ribbon is available in the relevant section. +The module-specific ribbon functions will be explained below. + +![ribbon functions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_2-en.webp) + +### New + +- **New password**: New passwords can be added via this icon in the ribbon, via the context menu + that is accessed using the right mouse button and via the shortcut (Ctrl + N). The next step is to + select a suitable form. +- **Open**: Opens the object marked in list view and provides further information about the record + in the reading pane. +- **Delete**: Deletes the object marked in list view. A log file entry is created (see logbook). +- **Reveal**: The function **Reveal** can be used for all records that have a password field. The + passwords in the reading pane will be revealed. In the example, the passwords have been revealed + and can be hidden again with the **Hide** button. + +![hide password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_3-en.webp) + +### Actions + +- **Notifications**: Defining notifications enables a constant flow of information about any type of + interaction. The issuing of notifications is carried out in the module designed for this purpose. +- **Duplicate**: Duplicating creates an exact copy of the record in a new tab. +- **Move**: Moves the record marked in list view to another organisational structure. +- **Toggle** **Favorite**: The selected record is marked as a favorite. It is possible to switch + between all records and favorites at any time. +- **Quick view**: A modal window opens for the selected record for 15 seconds and displays all + available information **including the value of the password**. +- Notifications: A list of all configured notifications + +### Permissions + +- **Permissions**: The drop-down menu can be used to set both password permissions and also form + field permissions. This method only allows the manual setting of permissions for data (see + + authorization concept) + +- **Password masking**: Masking passwords that need to be protected from unauthorized users is an + important feature of the security concept in Netwrix Password Secure. +- **Seal**: The multi-eye principle in Netwrix Password Secure is covered in its own section. Seals. + +### Clipboard + +The clipboard is a key element in the ribbon. This only exists in the "Passwords" module. **Clicking +on the desired form field for a record in the ribbon** will copy it to the clipboard. + +![Clipboard](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_4-en.webp) + +The message in the style of the "Balloon Tips" in Windows shows that the password has now been saved +in the clipboard for 300 seconds. (Note: the time until the clipboard is cleared is 60 seconds by +default. In the present case, this has been adjusted via the user settings.) + +### Start + +Conveniently working with passwords is only possible via the efficient usage of automated accesses +via RDP, SSH, general Windows applications or websites. This makes it possible to dispense with +(unsecure) entries via "copy & paste". + +- **Open web page**: If an URL is saved in the record, this menu option can be used to directly open + it. +- **Applications**: If applications have been linked to records, they can be directly opened via the + "start menu". + +### Extras + +- **Create external link**: This option creates an external link for the record marked in list view. + A number of different options can be selected: + +![external link](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_5-en.webp) + +**CAUTION:** If several sessions are opened on a client, an external link is always called in the +first session. + +- **History**: This icon opens the history for those records selected in list view in a new tab. Due + to the comprehensive recording of historical versions of passwords, it is now possible to compare + several versions with one another. +- **Print**: This option can be used to open the print function. +- **Export**: It is possible to export all the selected records and also the data defined by the + filter to a .csv file. +- **Change form**: It is possible to change the form used for individual records. "Mapping" of the + previous form fields can be directly carried out in the process. +- **Settings**: The password settings are described in a separate section. + +NOTE: The password module is based on the module of the same name in the Web Application. Both +modules have a different scope and design. However, they are almost identical to use. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md new file mode 100644 index 0000000000..9e3a039c62 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md @@ -0,0 +1,26 @@ +--- +title: "Recycle Bin" +description: "Recycle Bin" +sidebar_position: 70 +--- + +# Recycle Bin + +This option allows you to view and permanently delete deleted passwords to which you are entitled. + +## Procedure for deleting passwords + +To put passwords into the recycle bin there are 2 possible procedures. Select the passwords you want +to delete and click on **Move to bin (1)** or right-click on the passwords and select **Move to +bin(2)**. + +![bin_2](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/bin_2.webp) + +You will then be asked if you actually want to perform this action. + +![bin_3](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/bin_3.webp) + +## Managing the Recycle Bin + +The management of the recycle bin can be found in chapter +[Bin](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/trash.md). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/revealing_passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/revealing_passwords.md new file mode 100644 index 0000000000..f9080a3f71 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/revealing_passwords.md @@ -0,0 +1,68 @@ +--- +title: "Revealing passwords" +description: "Revealing passwords" +sidebar_position: 20 +--- + +# Revealing passwords + +## What is involved in revealing passwords? + +Not all information is encrypted by the MSSQL database in Netwrix Password Secure for performance +reasons. Only the password itself (=secret) is encrypted with the help of the used encryption +algorithms and is then saved in the MSSQL database. As access to the MSSQL server is otherwise +secured via access permissions, this process enables the **maximum possible working speed** with a +**unchanged high level of security** through the use of **sophisticated**, **cryptographic +methods**. Revealing passwords describes the mechanism by which a password is made visible to the +user in the client. This process for dealing with passwords very precisely reflects the importance +of data security in Netwrix Password Secure – and this process will thus be described in detail +below. + +### Example case + +The record "Blogger" has been saved in the database and is visible to the logged-in user. It can +thus be deduced that the user has at least a read right for the record. As can be gathered from the +authorization concept, the user thus also generally has a read right to the password itself. This +means the user can view the value of the password using the "reveal" function. + +![Show password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/revealing_passwords_1-en.webp) + +## Revealing passwords – diagram + +In this context, it is important to note that the word "reveal" does not really accurately describe +this process. It creates the **incorrect** impression that the client already has the password and +only needs to reveal it. However, the processes running in the background until the password are +revealed are much more complex and will thus be described below. + +![revealing password diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/revealing_passwords_2-en.webp) + +### Saving the password on the server + +Even though you would assume the opposite, at the start a masked password (\*) is neither available +on the client nor the server in plain text! The password is stored as part of the MSSQL database in +a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it is not +currently possible either on the server or the client to view the password. If you mark a record, +the password is not available at all on the client and is encrypted on the server before it is +revealed. + +### The encrypted password is requested + +Pressing the "reveal"- button triggers the process for requesting the password. A request is sent to +the server to apply for the encrypted password to be released. The server itself does not possess +the required key (private key) to decrypt the password. Therefore, it can only deliver the +**encrypted value**. + +### Checking the permissions + +Whether the request sent in step 2 is approved is defined in the authorization concept. Once the +request has been received, the server checks whether the user possess the required rights. It also +checks the possible existence of other security mechanisms such as a seal or password masking. If +the necessary requirements for releasing the password have been met, the server now sends the +**encrypted password**. In the same step, a **log file entry** is saved that documents the user’s +access to the password. + +### Decrypting the password on the client + +The user now has the encrypted password which has been delivered by the server. The user himself +possesses the **private key** required for decrypting the password and can now view the actual +password. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md new file mode 100644 index 0000000000..49929697c6 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md @@ -0,0 +1,79 @@ +--- +title: "Roles" +description: "Roles" +sidebar_position: 50 +--- + +# Roles + +## What are roles? + +Each employee in a company is ultimately a member of a department and / or part of a particular +function level. These departments or groups are mapped within Netwrix Password Secure using the role +concept. The authorizations can be configured and inherited in a role-based manner. The **Roles +module** should only be made available to administrators. Accordingly, it is recommended to limit +the visibility of the role management. It is also possible to delegate the management of departments +or separate areas completely to third parties via the role concept. The authorization concept +ensures that users are only granted access to those roles to which they are entitled. + +![Roles module](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_1-en.webp) + +## Relevant rights + +The following options are required. + +### User right + +- Can add new roles +- Display role module + +## Roles in focus + +The configuration of roles is the basis for the authorization concept. The permissions for data +could also be set at a user level. However, the use of roles can dramatically reduce the +administrative workload, and it helps to keep an overview. In addition to the authorizations for +data, user rights are also mapped in the best case via roles. + +![Permissions meaning for Roles](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_2-en.webp) + +Roles are the central objects within Netwrix Password Secure. They form the indispensable bridge +between users and authorizations of any kind. + +## Creating and granting permissions for new roles + +If you are in the **roles module**, the process for creating new roles is the same as for +[Creating new passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md). Roles can be created via the +ribbon and also via the context menu that is accessed using the right mouse button. + +![creating new role](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_3-en.webp) + +## Planning phase + +Just like the [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md), +you should also familiarize yourself with the intended role concepts. The mapping of structures +present in a company is the starting point for the success of Netwrix Password Secure. You should +design the roles in Netwrix Password Secure only once a detailed design has been drawn up, and all +the requirements of all project participants have been met. + +## Why are there no groups? + +Netwrix Password Secure enforces the avoidance of unnecessary structures through the role concept. A +group-in-group nesting is not supported – and is not necessary at all. The resultant increase in +performance as well as increased overview promotes efficiency and effectiveness. The elegant +interplay of organisational structures, roles, and granular filter options can cover all +customer-specific scenarios. + +NOTE: This architecture makes nesting of roles obsolete. + +## Overview of members for a role + +As well as being able to view the **members** in the permissions dialogue, a list of all members for +a role is already made available in the +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). All of the other users with +permissions but without membership of the role are not taken into account. + +![role overview](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_4-en.webp) + +NOTE: The roles module is based on the +[Roles module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md) of the Web +Application. Both modules have a different scope and design but are almost identical to use. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/_category_.json new file mode 100644 index 0000000000..4230fa2e53 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Main menu", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "main_menu_fc" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md new file mode 100644 index 0000000000..b4f38d29cf --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md @@ -0,0 +1,89 @@ +--- +title: "Account" +description: "Account" +sidebar_position: 20 +--- + +# Account + +## What is an account? + +Users can configure all user-specific information in their account. It should be noted that if the +[Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md) +process is used, user data will always be taken from Active Directory – editing this information in +Netwrix Password Secure is thus not possible. + +![account](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/installation_with_parameters_123-ewn.webp) + +## Edit profile + +All of the information in the contact and address sections can be defined under “Edit profile”. Some +areas of the profile overlap with the **management of users.** This information is explained in +[Managing users](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md). + +NOTE: No changes can be made to users that were imported from AD using Master Key mode. In this +case, all information will be imported from AD. + +#### Editing user image + +A new image can be added or the existing one replaced or deleted by clicking on the profile image. + +NOTE: No changes can be made to users that were imported from AD with the aid of Master Key mode. If +an image has been saved in AD, it will be used here. + +#### Change password + +It is recommended that the user password is changed on a regular basis. If you want to use a new +password, it is necessary to enter the existing password in advance. The strength of the password +will be directly displayed. + +NOTE: Users who were imported from AD with the aid of Master Key mode log in with the domain +password. Therefore, no password can be configured in this case. + +NOTE: The strength of the user password can be stipulated by administration through the issuing of +password rules. + +NOTE: If a user changes his or her password, all sessions that are still open are automatically +terminated. + +#### Multifactor authentication + +Multifactor authentication provides additional protection through a second login authentication +using a hardware token. The configuration is carried out via the ribbon in the “Security” section. +See also in +[Multifactor authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md) + +![installation_with_parameters_124](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/installation_with_parameters_124.webp) + +#### Configure autologin + +This option can be used to automate the login to Netwrix Password Secure. For setup, just enter the +password twice and save it. + +The autologin is linked to the hardware and thus will not work on a different computer. If you +change the hardware or the hardware ID, an existing autologin needs to be recreated. + +#### Relevant right + +Option to manage the autologin + +User right + +- Can manage autologin + +**CAUTION:** The automatic login should be handled as a process critical to security. It is +important to note that all data can be accessed, for example, if you forget to lock the computer. + +NOTE: For security reasons, the autologin is only valid for 180 days and then needs to be +subsequently renewed. + +#### Reset settings + +Clicking on this button resets all user-specific settings such as the column width, colour scheme, +etc. to the default values. + +#### Start offline synchronization + +If you have made changes to the database and do not want to wait for the next automatic +synchronization, an offline synchronization can also be started manually. The synchronization runs +in the background and is indicated by a status bar in the footer as well as by the icon. More… diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md new file mode 100644 index 0000000000..07d7869388 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md @@ -0,0 +1,44 @@ +--- +title: "Administration" +description: "Administration" +sidebar_position: 60 +--- + +# Administration + +## Sessions + +Via the menu item **Sessions**, all users connected to the database can be displayed. This page is +purely informative in character and thus no configurations can be made here. + +![installation_with_parameters_120](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_120.webp) + +The session view starts in the currently active module in a separate tab. + +#### Locked users + +All currently locked users can also be retrieved. There are two scenarios here: + +1. User name correct, password incorrect: The user name is displayed +2. User name incorrect: The client is displayed + +In addition, the number of attempted logins and the length of time that the user was locked in each +case can be seen. + +![installation_with_parameters_121](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_121.webp) + +#### Default password rules + +Password rules can be defined for both user passwords and also for WebViewer exports that then need +to be fulfilled. In the following example, a user password must correspond to the “default password” +rule in order to be valid + +![Standard password rule](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_122-en_677x129.webp) + +#### Relevant right + +There is a separate option for defining the password rules for named passwords. + +**User right** + +- Can configure standard password rules diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/_category_.json new file mode 100644 index 0000000000..badb938bf9 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Export", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "export" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md new file mode 100644 index 0000000000..f3eb6de3bb --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md @@ -0,0 +1,56 @@ +--- +title: "Export" +description: "Export" +sidebar_position: 80 +--- + +# Export + +## What is an export? + +An export is used for extracting the data saved in the MSSQL database. Both selective (manual) and +automated [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) can extract information from +Netwrix Password Secure in this manner. + +**CAUTION:** Please note that extracting passwords is always associated with a weakening of the +security concept. The informative value of the logbook will suffer when data is exported because the +revision of this data will no longer be logged. This aspect needs to be taken into account +particularly in conjunction with the Netwrix Password Secure +[Export wizard](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result is not separately secured +by a password. + +The export function is accessed via the Main menu/Export. There are two fundamental types of export +– the WebViewer export and the export wizard. However, the latter is divided into four +subcategories. + +![installation_with_parameters_63](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_63.webp) + +The [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) creates a HTML file +protected by a password. In contrast, the export wizard creates an open and unprotected .csv file. + +## Requirements + +Permissions are used to define whether a record can be exported or not. Various protective +mechanisms can be applied. Restrictions can be placed on either the record itself and also via user +rights + +- **The permissions for the record:** The permissions for the record define whether a record can be + exported + +![Export in the ribbon](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_64-en.webp) + +In this example, the marked role IT employee does not have the required permissions to export the +record. In contrast, the IT manager does have the required permissions. In addition, the +administrator possesses all rights, including the right to export. + +#### Relevant right + +The following option is required. + +User right + +- Can export + +NOTE: If a record is exported, this user right and also the corresponding permissions for the record +must be set. The user right defines whether a user can generally export data, while the permissions +for the record define which records can be exported. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md new file mode 100644 index 0000000000..bd0b2731a5 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md @@ -0,0 +1,58 @@ +--- +title: "Export wizard" +description: "Export wizard" +sidebar_position: 20 +--- + +# Export wizard + +## What export wizards are there? + +There are a total of four different export wizards. + +![installation_with_parameters_74_548x283](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_74_548x283.webp) + +The functionality of these wizards only differs based on the data to be exported. A distinction is +made between passwords, organisational structures, forms and applications. **As all four wizards are +handled in the same way, the following section will only describe the password export wizard.** The +remaining three wizards function in the same way. + +## What is the password export wizard? + +This wizard allows records to be exported in standard.csv format. In contrast to the +[HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md), the resulting file is +not protected by a password. It goes without saying that this feature must be used carefully. + +## Starting the password export wizard + +The export wizard can be accessed in a variety of different ways: + +- **Starting via Main menu/Extras:** If the wizard is opened, the export will include all passwords + for which the registered user has the required permissions. If the user is an administrator with + permissions for all records, the export will include all passwords in the database. +- **Starting via the ribbon:** The export can also be started via the + [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) in the + [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md) module. + +![Export ribbon](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_75-en.webp) + +The password export wizard can be started via the ribbon in two ways. **Selected passwords** exports +only those passwords marked in list view, whereby **Passwords based on the filter** uses the +currently defined filter settings as the criteria. + +The wizard + +A diverse range of variables for the export and the storage location can be defined in the wizard. A +corresponding preview is also provided. + +![installation_with_parameters_76](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_76.webp) + +Once the wizard has been completed, the desired export is created and saved to the defined storage +location. + +**CAUTION:** It is important to once again point out the sensitive nature of this export function +that could have critical consequences from a security perspective. As the required permissions for +this export are generally only granted to users/roles with higher positions in the hierarchy, this +subject is even more relevant from a security perspective: It is possible to export all passwords +for which a user has the required permissions. Administrators could thus (intentionally or +unintentionally) cause more damage per se. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md new file mode 100644 index 0000000000..1b647773b8 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md @@ -0,0 +1,131 @@ +--- +title: "HTML WebViewer export" +description: "HTML WebViewer export" +sidebar_position: 10 +--- + +# HTML WebViewer export + +## What is a HTML WebViewer export? + +The **WebViewer** is an option inNetwrix Password Secure for exporting passwords in an encrypted +**HTML file**. The records are selected using the +[Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) function. The passwords for which the user +has the corresponding permissions are exported. They are displayed in a current browse that has +**JavaScript activated**. + +## Data security + +- Naturally, the HTML WebViewer file is **encrypted** +- The export of the file is protected using a corresponding + [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) +- The user requires the **export right** for the passwords + +## Required rights + +The **export right for the WebViewer** is configured via the **user rights**: + +User right + +- Can export HTML WebViewer + +The **export right** for the password is configured as normal via the ribbon: + +![installation_with_parameters_65](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_65.webp) + +## Exporting a HTML file + +The **HTML file** is created on the user\*s client and started in the **Main menu** under **Export +WebViewer**. + +![installation_with_parameters_66](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_66.webp) + +The **HTML WebViewer Wizard** carries out the \* WebViewer export\*. + +###### Create WebViewer + +General information and notes about the export are displayed under **Create WebViewer**. + +###### Settings + +General information such as the **Name** and **Export path** for the **HTML file** can be entered +here. + +**File name**: Freely selectable name + +**Export path:** Storage location for the file on the client + +**Time until logout**: Time in seconds for which the window remains open without any activity + +**Standard value:** 60 seconds, user can define the time + +Export **WebViewer** with **user password** or new freely **definable password**: You can decide +here whether to issue a new password for the export. + +![installation_with_parameters_67](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_67.webp) + +- WebViewer export with an Active Directory user + +If an **Active Directory user** is carrying out the **WebViewer** export, a **password** needs to be +explicitly entered. + +![installation_with_parameters_68](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_68.webp) + +###### Export filter + +The export filter works in the same way as the filters for the modules. + +![installation_with_parameters_69](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_69.webp) + +#### Finish + +The information about the exported passwords is displayed in the **Finish** ribbon. Clicking on the +**Finish** + +button will then create the **HTML** **file** in the export path and close the window. + +![installation_with_parameters_70](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_70.webp) + +A subsequent note provides you with information about the export process. + +![installation_with_parameters_71](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_71.webp) + +## Using the HTML WebViewer file + +The **HTML file** is created in the export path and can be copied to a mobile data medium (USB +stick, external HDD, …). The **HTML file** can be opened in a standard browser and displays the +**Netwrix Password Secure – HTML WebViewer / Login** when started. The **database** and the **user +name** are predefined. The user \*password is used for the login. + +**CAUTION:** The login mask is blocked for a period of time if the password is incorrectly entered! + +1. Database: Predefined +2. User: Predefined +3. Password: Entered by the user + +![Login HTML WebViewer](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_72-en.webp) + +###### Overview + +After logging in to Netwrix Password Secure, the overview page for the \*HTML- WebViewer \* with the +passwords is displayed. + +NOTE: Use the password search function in the event of more than 20 passwords! + +1. Displayoftherecords(max.20) +2. Detailedinformationontheselectedrecord +3. Search,logout,timeout +4. Copytoclipboard +5. Reveal + +![Entry in HTML WebViewer](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/installation_with_parameters_73-en.webp) + +#### Closing the HTML WebViewer overview + +You can log out by clicking on **Logout**. In the event of a longer period of inactivity, the user +will be **automatically logged out after a set period of time has expired (time until logout).** + +NOTE: You have been logged out due to inactivity. + +The browser will then show the **Netwrix Password Secure– HTML WebViewer / Login** again and also +the reason for being logged out. It is possible to log in again. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/_category_.json new file mode 100644 index 0000000000..e42f1173a8 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Extras", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "extras" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md new file mode 100644 index 0000000000..8a61adb4c0 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md @@ -0,0 +1,23 @@ +--- +title: "Extras" +description: "Extras" +sidebar_position: 10 +--- + +# Extras + +## What are Extras? + +Netwrix Password Secure provides a diverse range of supporting features that do not directly provide +added value but mostly build on existing approaches and expand their functionalities. They are +work-saving features that in total simplify the process of working with Netwrix Password Secure. + +![installation_with_parameters_77_517x414](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/installation_with_parameters_77_517x414.webp) + +- [Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) +- [Password generator](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md) +- [Reports](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md) +- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) +- [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) +- [Tag manager](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md) +- [Image management](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md new file mode 100644 index 0000000000..b177af37e5 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md @@ -0,0 +1,75 @@ +--- +title: "Image management" +description: "Image management" +sidebar_position: 70 +--- + +# Image management + +## What is image management? + +All logos and icons are managed in the image management. They can then be linked to the +corresponding data records. The images are then displayed in the Basic view as well as in the list +view of the client. + +![Icon/logos in NPS](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_106-en.webp) + +## Relevant rights + +The following options are required: + +- Can upload new password images +- Can manage password images + +NOTE: It is important that the setting “Ask for Favicon-Download “ is only considered, if the right +“Can upload new password images “ has been activated! + +#### Managing Icons/Logos + +There are two ways to upload icons. + +1. By creating or saving the dataset. + +In order to import favicons directly when saving the data set, the following preconditions must be +met: + +- Setting “Ask Favicon-Download “ is activated. +- A URL is stored in the data record. + +If these preconditions are met, the stored URL is checked for the favicon when saving the data +record. If a favicon is found, it will be imported into the database and displayed in the data +record in future. + +NOTE: If there are several deposited, always use the first one. + +2. Manual filing + +In the main menu in [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md) you can find the image management. Here, you have the +possibility to store icons and logos manually. + +![Image management](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_107-en.webp) + +Click on the + symbol to open the mask for creating images. + +![add image](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_108-en.webp) + +- **Name** Name the picture here. + +- **Search** **value** The following priority must be observed: + + - **Passwords**: first URL in the password (if several URLs are stored) -> attached tags -> + password name -> names of connected applications + - **Applications**: URL stored in the application -> attached tags -> application name + +- ![icon_open_folder](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/icon_open_folder.webp) + This symbol can be used to upload locally saved icons and logos. + +NOTE: Please note that the icons and logos are not stored locally, but in the database. + +## Conditions + +The following conditions must be met for icons/logos to be uploaded and saved accordingly: + +- The maximum size of an image file is 100 MB. +- Supported formats are png, jpg, bmp, ico, .svg +- Several search values can be separated by a comma (“Netflix.de, Netflix.com”). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md new file mode 100644 index 0000000000..a3ad8828e5 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md @@ -0,0 +1,68 @@ +--- +title: "Password generator" +description: "Password generator" +sidebar_position: 20 +--- + +# Password generator + +## What is the password generator? + +The complexity of passwords is generally determined by their randomness. In order to be able to rely +100% on the fact that the passwords are randomly generated, an algorithm for generating passwords is +indispensable. The password generator performs this function and is completely integrated into the +software. + +![installation_with_parameters_82](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/installation_with_parameters_82.webp) + +## Opening the password generator + +The password generator can be opened in different ways: + +- **Main menu/Extras/Password generator:** Here, the password generator is accessed directly. + Passwords generated in the password generator can be copied to the clipboard. + +![Password generator](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/installation_with_parameters_83-en.webp) + +- **When creating new records:** Once the password field has been selected in the reading pane, the + password generator can then be directly opened in the “Form field” tab via the ribbon. Passwords + generated here can be directly entered into the password field for the new record using the + “Adopt” button. Alternatively: The password generator can also be accessed on the right in the + password field in the reading pane. + +## Functionality + +The Character section is used to define the character groups that should form part of the password. +This section can also be used to exclude (special) characters. Once the password length has been +defined, a preview of a password that corresponds to the configured criteria is displayed on the +bottom edge of the password generator. The “shuffle function” can be activated via the icon on the +right next to the password preview. This will generate a new password in accordance with the defined +criteria. + +#### Phonetic passwords + +This type of password can be recognised by the fact that it is relatively easy to remember (they are +“readable”) but do not have any association to terms found in dictionaries. Only the number of +syllables + +and the total length are defined in this case. Options that can be set are how the syllables are +separated and whether to use LeetSpeak. + +![installation_with_parameters_84](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/installation_with_parameters_84.webp) + +Password rule + +Already defined[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) can be utilised for the +automatic generation of new passwords + +## Multigenerator + +The multigenerator makes it possible to automatically generate up to 200 passwords. The convention +used for generating these passwords is always the previously defined default. This could be: + +- User defined +- Phonetic passwords +- Password rules + +The generated passwords are saved in a text file in the local user directory and can be opened +immediately if desired. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md new file mode 100644 index 0000000000..a13e0f3ff4 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md @@ -0,0 +1,82 @@ +--- +title: "Password rules" +description: "Password rules" +sidebar_position: 10 +--- + +# Password rules + +## What are password rules? + +It is generally recommended that passwords should consist of at least 12 different characters, be +complex and be automatically created. Rules set guidelines that can be made binding for users – +meaning that the use of passwords with a certain level of complexity is enforced. Existing rules can +also be reused in other areas. + +![Password rules](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_97-en.webp) + +## Relevant right + +The following option is required to manage password rules. + +User right + +- Can manage password rules + +## Managing password rules + +If “Password rules” is selected under Main menu/Extras, the available password rules will appear in +a separate tab in the currently active module. + +![installation_with_parameters_98](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_98.webp) + +In this screenshot, a total of 3 password rules are shown. As the rule “Very secure password” has +been selected in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) on the right displays the +configuration for this rule: + +- **General:** The Password length of 25 is the minimum number of characters that a password needs + to contain according to this rule. The required Password quality is an internal measure of + security, which is calculated for this rule. This value always lies between 1 (very unsecure) and + 100 (maximum security). +- **Categories:** A password can consist of a total of four categories. It is possible to define + which of these categories to use and also how many of them to use. +- **Forbidden characters**: It is also possible to exclude some special characters. These characters + need to be entered in the list without separators. +- **Forbidden passwords:** Some passwords and the user name can also be added to the list of + forbidden passwords +- **Preview rules:** When new rules are created, an example password is generated that conforms to + the configured rules. This is only the case for passwords with a minimum length of 3 characters! + +## Using password rules + +Once password rules have been defined, they can be productively used in two different ways: + +- Use within the [Password generator](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md) +- Default for the password field in a form: + +When a password field is defined in a form, one of the defined password rules can be set as the +default. This means that the default will always be used when a new password is created. In this +way, it is possible to ensure that the required level of complexity is maintained for certain +passwords. + +![installation_with_parameters_99](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_99.webp) + +If one of these password rules is defined for a form, it is only possible to define a new random +value for the password if a new password is created. The icon on the right hand side of the password +field is used for this purpose. + +![installation_with_parameters_100](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_100.webp) + +## Defining standard rules for user passwords + +If Master Key mode is not being used, users can change their passwords in Netwrix Password Secure. +The administrator can define the password strength required for these passwords by using standard +password rules. + +## Visibility + +The password rules themselves are not subject to any permissions. All defined rules are therefore +available to all users. The rules are managed from the Main menu. + +NOTE: Users can only manage the rules if they have the appropriate user right diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md new file mode 100644 index 0000000000..11695c9f73 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md @@ -0,0 +1,57 @@ +--- +title: "Reports" +description: "Reports" +sidebar_position: 30 +--- + +# Reports + +## What are reports? + +Comprehensive reporting is an important component of the ongoing monitoring of processes in Netwrix +Password Secure. Similar to selectively configurable +[Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md), reports also contain +information that can be selectively defined. The difference is mainly the trigger. Notifications are +linked to an event, which acts as the trigger for the notification. In contrast, reports enable +tabular lists of freely definable actions to be produced at any selected time – the trigger is thus +the creation of a report. This process can also be automated via +[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). + +![reports](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_78-en.webp) + +NOTE: Reports only ever contain information for which the user has the required permissions. + +A separate tab for managing existing reports and creating new reports can be opened in the current +module via the Main menu/Extras/Reports. The module in which the report is opened is irrelevant, the +contents are always the same. + +![installation_with_parameters_79](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_79.webp) + +The filter on the left has no relevance in relation to reports. Although reports can also be +“tagged” in theory, filtering has no effect on the reports. In +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), there are currently three +configured report requests shown. + +#### Creating a report request + +New report requests can be created in list view via the ribbon or also the context menu that is +accessed using the right mouse button. The form for creating a new report request again opens in a +separate tab. Alongside a diverse range of variables, the report type can be defined using a +drop-down list. There are currently dozens of report types available. + +![installation_with_parameters_80](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_80.webp) + +The filter can be used to define the scope of the report e.g. to focus on a certain OU or simply a +selection of tags. Once saved, the report will now be shown in the list of report requests. + +###### Manually create reports + +You can now create a manual report via the ribbon. This will open in a separate tab and can be +displayed in the default web browser if desired. + +![installation_with_parameters_81](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_81.webp) + +Automated sending of reports via system tasks + +In general, reports are not manually created but are automatically sent to defined recipients. This +is apossible via system tasks, which can run processes of this nature at set times. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md new file mode 100644 index 0000000000..dc3111ef56 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md @@ -0,0 +1,34 @@ +--- +title: "Seal templates" +description: "Seal templates" +sidebar_position: 50 +--- + +# Seal templates + +## What are the seal templates? + +The configuration of +[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) must be +well-thought-out and error-free. It is absolutely essential to save the once-invested effort in the +form of seal templates. The automation of ever-recurring tasks will, in this context, extremely +speed up the timing of the work. Once defined, templates can be attached to data records in a few +simple steps. The adaptation of already created stencils is presented in the seal templates as clear +and very fast. + +![Seal templates](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/installation_with_parameters_101-en.webp) + +NOTE: A separate tab opens in the active module in order to edit the default templates + +## Creating templates + +**CAUTION:** The right Can manage seal templates is required + +When creating seals, the seal can be saved as a template using the wizard. All templates saved in +this way are listed in the overview of the seal templates. Furthermore, it is possible to edit +existing templates directly or create new ones via the button in the ribbon. This is done in the +same way as the seal assistant. + +![installation_with_parameters_102](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/installation_with_parameters_102.webp) + +Once templates have been added, they can be immediately used for the creation of new seals. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/_category_.json new file mode 100644 index 0000000000..2c51c5c2d4 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "System tasks", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "system_tasks" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md new file mode 100644 index 0000000000..eaf537bab3 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md @@ -0,0 +1,165 @@ +--- +title: "EmergencyWebViewer" +description: "EmergencyWebViewer" +sidebar_position: 10 +--- + +# EmergencyWebViewer + +## What is an Emergency WebViewer export? + +Safeguarding data is essential and this should be carried out using +[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md). +However, a backup is not sufficient in some cases e.g. if a backup cannot be directly restored due +to a hardware problem. In these cases, **Netwrix Password Secure** offers the backup feature +**Emergency WebViewer Export**. + +The **Emergency WebViewer Export** is based on an encrypted **HTML file** which can be decrypted +using a corresponding **key**. Both files are required to view the passwords in a browser and form +the core system of the backup mechanism. + +## Creation of the file and key + +The **Emergency WebViewer Export** is created in Netwrix Password Secure as a +**[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task can be used to guarantee a regular backup of +the records (passwords) by entering an interval. When setting up the system task, the user thus +defines the cycle at which the **Emergency WebViewer.html file** is created on the Server Manager. +The existing file is overwritten in each case by the latest version at the defined interval. The +associated key is only created once at the beginning and needs to be saved. The current version of +the **HTML file** can only be decrypted using this **key**. + +**CAUTION:** The key (PrivateKey.prvkey) and the file (Emergency WebViewer.html) must be saved onto +a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location! + +## Data security + +• Naturally, the HTML WebViewer file is encrypted + +• The export of the file is protected using a corresponding +[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) + +• The file can only be encrypted using the **PrivateKey.prvkey** file + +**CAUTION:** The export right for the passwords is not required for the Emergency WebViewer Export! + +## Required rights + +The user requires the following right to create a **Emergency WebViewer Export system task:** + +![installation_with_parameters_89](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_89.webp) + +## Emergency WebViewer.html and PrivateKey.prvkey + +The **Emergency WebViewer Export** creates two associated files. + +1. The file **Emergency WebViewer.html** is created on the computer executing the task +2. The associated key **PrivateKey.prvkey** is created on the client. + +## Calling up the Emergency WebViewer Export + +The Emergency WebViewer Export is set up as a **system task**. It can be called up in the main menu +under **Extras -> System Tasks**. + +![installation_with_parameters_90_831x487](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_90_831x487.webp) + +## Creating a Emergency WebViewer Export file + +Clicking on New opens a new window and the **Emergency WebViewer Export** can be selected. The +**configuration page** is then displayed. + +![installation_with_parameters_91_578x390](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_91_578x390.webp) + +It is not possible to use the **Emergency WebViewer Export** with an **Active Directory user.** + +![installation_with_parameters_92_467x103](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_92_467x103.webp) + +## Configuration page for the Emergency WebViewer Export task + +A new tab is displayed: **New emergency HTML WebViewer export task** This now needs to be configured +in accordance with the requirements. + +![new emergend HTML](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_93-en_925x527.webp) + +1. **General** Name: Enter a unique name Description: Enter additional information + Status: Execution: \*Activated\*/Deactivated +2. **Overview** Last run: Information display Next run: Information display +3. **Task settings** Folder path: Enter from the perspective of the server + Private key: needs to be saved +4. **Interval** Setting for when the system task is executed +5. **Executing server (optional)** Address (IP) of the additional server +6. **Tags** Freely definable characteristics of records + +**CAUTION:** The private key for the Emergency WebViewer must be saved before the system task can be +saved! + +## Displaying the Emergency WebViewer Export tasks + +Once the configuration has been completed, the **system task** is displayed in the current module in +the + +**System Tasks** tab. The user has the option of checking the data here + +![installation_with_parameters_94_914x671](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_94_914x671.webp) + +## Using the Emergency WebViewer.html file + +After the **system task** has been successfully executed, **two files** will have been created for +the password backup. + +1. Emergency WebViewer.html +2. PrivateKey.prvkey + +**CAUTION:** The file Emergency WebViewer.html is saved on the server executing the task. The + +**CAUTION:** key PrivateKey.prvkey needs to be securely saved by the user!\* + +The **Emergency WebViewer Export** is used in the same way as the **WebViewer export**. The +**passwords** are displayed in a current browser. The passwords are accessed in the **Emergency +WebViewer Export** with the **user password** and the **key** saved for the user. The search +function is used to select the **key (PrivateKey.prvkey)** and also to check its **validity**. If +all data has been correctly entered, it is then possible to log in. + +NOTE: The current user needs to log in using their password. If an incorrect password is entered, +access is temporarily blocked. + +Login data + +- Database: Predefined +- User: Predefined +- Password: User password (must be entered by the user) +- Key: PrivateKey.prvkey + +![emergency-webviewer](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/emergency-webviewer.webp) + +## Overview + +After successfully logging in, the **overview page** for the **Emergency WebViewer Export** is +displayed. This contains information about the saved **passwords** just like with the WebViewer +export. The passwords are now available to the user. + +Overview: Emergency HTML WebViewer / passwords + +![password in emergency webviewer](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_96-en.webp) + +The following data is displayed in the overview: + +Overview data: + +1. Display of the currently available records +2. Detailed information on the selected record +3. Search, logout, timeout until logout +4. Copy password to clipboard +5. Reveal password + +## Security note + +The existing **passwords** are now available to the user for further processing. The HTML page is +closed by clicking on **Logout**. + +If the user is **inactive** for **60 seconds**, he is automatically **logged out** and the **login** +is displayed with additional information. + +NOTE: You have been logged out due to inactivity + +The user can log in again using the **password** and **key** as described above. After successfully +logging in, the **Emergency WebViewer Export overview** is displayed again. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md new file mode 100644 index 0000000000..7433e80cc0 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md @@ -0,0 +1,98 @@ +--- +title: "System tasks" +description: "System tasks" +sidebar_position: 40 +--- + +# System tasks + +## What are system tasks? + +Netwrix Password Secure supports administrators and users by automating repetitive tasks. These are +represented as system tasks. Predefined tasks can thus be carried out at freely defined intervals. + +![System Tasks](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_85-en.webp) + +## Relevant rights + +The following options are required for managing system tasks. + +User right + +- Can manage Active Directory system tasks +- Can manage system task reports +- Can manage discovery service system tasks +- Can manage Emergency WebViewer export system tasks +- Can manage WebViewer export system tasks + +## What can be automated? + +There are currently four different work processes that can be automated using system tasks: + +- **HTML WebViewer export:** Exports a freely definable selection of records in an AES-256 encrypted + HTML file. The file is saved in the form of notifications. +- **Reports:** Automatically creates a report that is issued in the notifications. This requires a + report request to be created in advance. +- **Network service scan:** Searches for service accounts on the network at defined cycles +- **Active Directory synchronization:** The comparison with Active Directory can also be automated + via system tasks. This requires an active directory profile to be created in advance. It is + important to note that only the Master Key profile can be automatically compared. + +## Creating system tasks + +System tasks can be initiated as usual via the ribbon or also the context menu that is accessed +using the right mouse button. The desired process to be automated using system tasks is then +selected from the four above-mentioned work processes. + +![installation_with_parameters_86](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_86.webp) + +Naturally, the four work processes also share some similarities in their configuration. + +- **Status:** The system task is normally activated and then starts immediately after it has been + saved according to the defined intervals. If the system task is deactivated here, it is still + saved but is not yet activated. +- **Next run:** This setting describes when the system task will be performed or when it was already + performed for the first time (if this task was already created and is now being edited) +- **Interval:** The interval at which the system task should be executed is defined here. All + increments between every minute and once only are possible. It is also possible to enter an end + date. + +The differences between the four work processes to be automated are described below. These +differences are always part of the task settings within the system task form – the example here +shows an HTML WebViewer export to be configured. + +![installation_with_parameters_87](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_87.webp) + +WebViewer generator + +- Filter: The passwords that should be exported are defined using a filter. +- Password: The HTML WebViewer creates an encrypted HTML file. The password is defined here and must + then be confirmed. + +Reports + +- Report request: The report requests defined in Reports are available and can be selected here. + +Discovery Service + +- The Discovery Service scans the network and lists all of the services for which a service user has + been saved. These can then be maintained using Netwrix Password Secure. The information collected + can then be directly transferred to the Password Reset for this purpose. + +Active Directory synchronization + +- The Active Directory profile required for the synchronization is selected from those available. + +Emergency WebViewer export + +- The Emergency WebViewer export creates an encrypted HTML file that contains all passwords. In an + emergency, the data required to get the system up and running again can be accessed in this file. + +NOTE: Tags could be defined for individual tasks – yet they have no relevance and can also not be +used as filter criteria in the system tasks. + +Status + +A corresponding note will be displayed to indicate if a task is currently being executed. + +![installation_with_parameters_88](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_88.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md new file mode 100644 index 0000000000..5453fe4a64 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md @@ -0,0 +1,34 @@ +--- +title: "Tag manager" +description: "Tag manager" +sidebar_position: 60 +--- + +# Tag manager + +## What is the tag manager? + +All existing tags can be viewed, edited and deleted directly in the tag manager. This can be +achieved via the filter, within the “Edit mode” of a data set as well as via the main menu under the +group [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md). + +![how to open the tag manager](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/installation_with_parameters_103-en.webp) + +![Tag management](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/installation_with_parameters_104-en.webp) + +The tag manager itself is a clearly structured tool with which you can view and edit all relevant +information. The colours can also be assigned here. The “Number used” column indicates how often an +object has been tagged with the tag. In this way, you can keep track of and remove tags that are no +longer needed. + +![All tags](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/installation_with_parameters_105-en.webp) + +## Relevant rights + +The following option is required for managing tags + +User right + +- Manage tags + +**CAUTION:** It is only possible to delete tags if there are no more data associated with them diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/trash.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/trash.md new file mode 100644 index 0000000000..acce29979c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/trash.md @@ -0,0 +1,24 @@ +--- +title: "Bin" +description: "Bin" +sidebar_position: 80 +--- + +# Bin + +Here the logged-in user can manage his recycle bin. All deleted passwords to which the user is +entitled are displayed. + +## Functions + +The following functions are available: + +![bin_4](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/trash/bin_4.webp) + +- **Restore**: The selected passwords are restored. + +- **Delete permanently**: The selected passwords are permanently deleted. This means that they can + no longer be restored. + +- **Empty entire bin**: The entire recycle bin is permanently deleted, so none of these passwords + can be recovered. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md new file mode 100644 index 0000000000..51f8c4cfc6 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md @@ -0,0 +1,38 @@ +--- +title: "General settings" +description: "General settings" +sidebar_position: 30 +--- + +# General settings + +## What are general settings? + +The **general settings** relate to users. Thus, each user can customize the software to their own +needs. The following options can be configured: + +Colour scheme + +Various Windows colour schemes are available. The colour scheme Colorful provides e.g. different +colours which make it easier to distinguish between the modules in the software. If the colour +scheme is changed, the client must be restarted. + +Language + +The user can toggle between English and German. After changing the language, the client must be +restarted. + +Starting the application minimised in the notification area + +You can start the client minimized if you wish to run Netwrix Password Secure in the background. You +will be able to access it through the notification area. + +Minimise the application on closing + +If this option has been activated, the Netwrix Password Secure client will not end when the window +is closed but will merely be minimised. It will continue to run in the background. It is then only +possible to properly end Netwrix Password Secure via the main menu. + +Starting with Windows + +Of course, you can start the Netwrix Password Secure Client directly with Windows. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md new file mode 100644 index 0000000000..6af89d4ad8 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md @@ -0,0 +1,69 @@ +--- +title: "Import" +description: "Import" +sidebar_position: 70 +--- + +# Import + +## What is an import? + +If another password management tool was used before Netwrix Password Secure, these data can be +imported into Netwrix Password Secure. The formats .csv and especially Keepass (.xml) are supported. +Both variants can be set up in the import wizard, which is started via the Main menu/Import. + +![Import](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_57-en.webp) + +## Requirements + +Whether the user is permitted to import data is controlled by the corresponding +[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md). + +![installation_with_parameters_58](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_58.webp) + +## The import wizard + +The wizard supports the import of data into Netwrix Password Secure in four steps. + +Select type + +![installation_with_parameters_59](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_59.webp) + +The first step is to define the file that is to be used for the import. It is only possible to +proceed to the second step when the defined type corresponds to the stated file to be imported. The +second step is the settings. + +Settings + +![installation_with_parameters_60](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_60.webp) + +1. The settings are used to firstly define the level in the hierarchy for saving the imported + structure. As can be seen in the example, the import will take place in the main organisational + unit. One of the existing organisational units can also be defined as a parent instance via the + drop-down menu. +2. The slider defines whether the imported structures should be imported as an organisational unit + or as a tag. If the slider is fully moved to the left, only tags are created. If it s moved to + the right, all objects are imported as an organisational structure. In addition, every object can + be configured separately via the context menu that is accessed using the right mouse button. It + is also possible to ignore folders. + +NOTE: No folders exist in Netwrix Password Secure. For this reason, it is necessary to define +whether a folder is saved as an organisational structure or as a tag during the import. The same +process is also used for the migration. + +Assignment of the form fields + +![installation_with_parameters_61](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_61.webp) + +The third step is to assign the forms from the file to be imported to already existing forms. As +form fields may also have different names, the assignment process must be carried out manually via +drag & drop. Depending on which form was selected on the top line, form fields from the list on the +right can now be assigned to the form fields to be imported via drag & drop. It is also possible to +create new forms. + +Finish + +![installation_with_parameters_62](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_62.webp) + +In the final step, the configured settings are summarised as a list of the objects to be imported. +The button “Finish” closes the wizard and starts the import. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md new file mode 100644 index 0000000000..7b0702b5b0 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md @@ -0,0 +1,23 @@ +--- +title: "Main menu" +description: "Main menu" +sidebar_position: 30 +--- + +# Main menu + +## What is the Main menu/Backstage? + +All settings that are not linked to a particular module are defined in the Backstage (main menu). +This makes it easy to access the settings at any time and in any module. + +![Main menu](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/installation_with_parameters_56-en.webp) + +- [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md) +- [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) +- [General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md) +- [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) +- [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) +- [Administration](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md) +- [Import](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md) +- [Export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/_category_.json new file mode 100644 index 0000000000..2c2eb8b19a --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User rights", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "user_rights" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md new file mode 100644 index 0000000000..cf524ad8cc --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md @@ -0,0 +1,116 @@ +--- +title: "Overview of all user rights" +description: "Overview of all user rights" +sidebar_position: 10 +--- + +# Overview of all user rights + +This section lists all of the existing user rights. If a right is explained in more detail in +another section, you can navigate directly to this section by clicking on the link in the Section +column. The rights are grouped according to categories to provide a better overview + +| Category: General | Section | +| ------------------------- | ---------------------- | +| Can overwrite permissions | Form field permissions | +| Can inherit permissions | Form field permissions | + +| Category: Configuration | Section | +| ------------------------------------------------------------------------------------------------------------------- | ------- | +| Can add seal | | +| Can apply password masking | | +| Can change form for a password | | +| Can close tab of own organisational unit in LightCliet | | +| Can edit filter | | +| Can export | | +| Can import | | +| Can manage password form fields | | +| Can manage password images | | +| Can manage seal templates | | +| Can manage tags | | +| Can print | | +| Category: Mobile synchronisation | Section | +| --- | --- | +| Can synchronise with mobile devices | | +| Category: New records | Section | +| --- | --- | +| Can add new Active Directory profiles | | +| Can add new RDP applications | | +| Can add new SSH applications | | +| Can add new SSO applications | | +| Can add new web applications | | +| Can add new SAML applications | | +| Can add new users | | +| Can add new documents | | +| Can add new forms | | +| Can add new organisational units | | +| Can add new Password Resets | | +| Can add new passwords | | +| Can add new roles | | +| Can add new tags | | +| Can add individual passwords via Basic view | | +| Can add new passwords images | | +| Can add new Entra ID profiles | | +| Category: Offline mode | Section | +| --- | --- | +| Offline mode | | +| Timespan for how long the offline mode can be used without connection to the server | | +| Categorie: Rights | Section | +| --- | --- | +| If non-administrators select “Override permissions” when moving items, keep existing permissions for administrators | | +| Category: Rights templates | Section | +| --- | --- | +| Can edit members when using a rights template | | +| Can manage rights templates | | +| Can view selection of rights templates | | +| Can switch standard rights template | | +| Category: Security | Section | +| --- | --- | +| Is database administrator | | +| Can manage Active Directory profiles | | +| Can authorize other users to use personal passwords | | +| Can manage records for an application | | +| Can manage autologin | | +| Can set owner rights | | +| Can manage database sessions | | +| Can permanently delete the deleted users | | +| Can permanently delete the deleted organisational structures | | +| Can view deleted organisational structures | | +| Can permanently delete the deleted roles | | +| Can view deleted roles | | +| Can manage locked users | | +| Can edit global settings | | +| Can export HTML WebViewer | | +| Can change security level options | | +| Can manage password rules | | +| Can create personal records | | +| Can configure standard password rules | | +| Can carry out batch processing for permissions based on a filter | | +| Can manage password images | | +| Category: Visibility User right new | Section | +| --- | --- | +| Display application module | | +| Display notification module | | +| Show discovery service module | | +| Display document module | | +| Display form module | | +| Display logbook module | | +| Display organisational structure module | | +| Display Password Reset module | | +| Display password module | | +| Display roles module | | +| Category: System tasks | Section | +| --- | --- | +| Can manage Active Directory system tasks | | +| Can manage system task reports | | +| Can manage discovery service system tasks | | +| Can manage Emergency WebViewer export system tasks | | +| Can manage WebViewer export system tasks | | + +NOTE: There is a version selection box in the user rights. The options that were newly added in the +selected version are correspondingly marked in the list. + +![installation_with_parameters_115](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) + +This makes it easier for administrators to correctly configure new options before they release the +update for all employees. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md new file mode 100644 index 0000000000..2561e4a79e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md @@ -0,0 +1,75 @@ +--- +title: "User rights" +description: "User rights" +sidebar_position: 50 +--- + +# User rights + +## What are user rights? + +In the user rights, access to functionalities is configured. Amongst tother things, this category +includes both the visibility of individual [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md), as +well as the use of the import, export or management of rights templates functions. A complete +listing is directly visible in the user rights. + +## Administration of user rights + +Managing all user rights exclusively at the level of the user would be a time intensive process and +thus require a disproportionate amount of care and maintenance. In the same way as with the +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md), +an approach can be used in which several users are grouped together. Nevertheless, it must still be +possible to additionally address the specific requirements of individual users. Some +functionalities, on the other hand, should be available to all users. In order to do this, Netwrix +Password Secure offers a three-step concept. + +![installation_with_parameters_111](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_111.webp) + +When it comes to user rights, the focus is always on the user. The user can receive user rights in +one of the following three ways: + +1. The **personal user right** only applies to a specific user. This is always configured via + the[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). + +**User rights to role**s apply to all members of a role and are specified in the +[Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) + +1. The **global user right** applies to all users of a database without exception. You can configure + it in the client settings. + +How a user receives a user right is irrelevant. The only important thing is that the user actually +receives a required right in one of the three ways mentioned above. It is recommended that you link +user rights to roles and, if necessary, supplement them with global user rights. + +**CAUTION:** In addition to personal and global user rights (as opposed to settings), user rights +are assigned via roles and not via organisational units! + +NOTE: Only those user rights that the current user possesses themselves can be issued. However, all +rights can be removed. + +![installation_with_parameters_112](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) + +## Configuring the security level + +The **security level** is an essential element that is also specified in the user rights. This is +the basis for the configuration of the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). + +![installation_with_parameters_113](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_113.webp) + +## Searching within user rights + +Due to the large number of possible configurations, the search function helps you to quickly find +the desired configuration. This process is based as usual on the List +[Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md). + +![installation_with_parameters_114](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_114.webp) + +#### Database administrator + +Special attention should be given to the right Is database administrator. This right has the +following effects: + +- The user can also issue rights that he does not possess himself. +- The user can only have their rights removed by other database administrators. +- The user can unlock other users on the Server Manager. +- The user can also remove other users from the rights if they have the owner right. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/_category_.json new file mode 100644 index 0000000000..6ac028f85d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User settings", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "user_settings" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md new file mode 100644 index 0000000000..374f18d86f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md @@ -0,0 +1,169 @@ +--- +title: "Overview of all settings" +description: "Overview of all settings" +sidebar_position: 10 +--- + +# Overview of all settings + +This section lists all of the existing settings. If a setting is explained in more detail in another +section, you can navigate directly to this section by clicking on the link in the Section column. +The settings are grouped according to categories to provide a better overview + +| Category: General | Section | +| -------------------------------------------- | ------- | +| Number of allowed widgets | | +| Mark notifications as read when opening them | | +| Can search for updates | | +| Allow a tab to be opened multiple times | | +| Display module name on dashboard | | +| Open quick search in new tab | | +| Edit tab after opening | | +| Close tab after saving | | +| Close tab after discarding | | +| Tab width | | +| Restore last tabs opened | | +| Ask for favicon download | | + +| Category: Display | Section | +| ------------------------------------------------------------------------ | ------- | +| Customizable window caption | | +| Display fold-down details in permissions view | | +| Change lists when widening in table view | | +| Display path for the organisational structure in the header | | +| Scaling value for the user interface | | +| Display kind of password in full client | | +| Display kind of passwords in Basic view | | +| Switch logo view on mouse over in Basic view | | +| Category: Browser | Section | +| --- | --- | +| Standard browser | | +| Category: Dashboard | Section | +| --- | --- | +| Display dashboard on startup | | +| Display remaining amount of data in the widget | | +| Category: Record | Section | +| --- | --- | +| Number of initially loaded records | | +| Display records as “about to expire” if the remaining days are less than | | +| Apply form changes to passwords | | +| Display total number of filter results | | +| Maximal number of search results for all | | +| Categorie: Documents | Section | +| --- | --- | +| Document history | | +| Permitted document extensions | | +| Maximum size in MB | | +| Category: Print | Section | +| --- | --- | +| Font size | | +| Category: Real-time update | Section | +| --- | --- | +| Refresh notifications in real time | | +| Category: Filter | Section | +| --- | --- | +| Display mode | | +| Jump to filter on quick search | | +| Can use filter negation | | +| Automatically use last filter | | +| Display mode status when starting the program | | + +| Category: Footer area | Section | +| --------------------------------------------------------------------------------------------------------------- | ------- | +| Show notifications in the footer area | | +| Show documents in the footer area | | +| Display footer area | | +| Show history in the footer area | | +| Show logbook in the footer area | | +| Show metadata in the footer area | | +| Show Password Resets in the footer area | | +| Category: Configuration | Section | +| --- | --- | +| Display animation in SSO configuration window | | +| You must enter a reason for establishing the RDP connection | | +| You must enter a reason for establishing the SSH connection | | +| Netwrix Password Secure user directory | | +| Default form (for Basic view) | | +| Start Basic view on next login | | +| Include subordinated organisational units in Basic view | | +| Category: Reading pane | Section | +| --- | --- | +| Orientation for Active Directory | | +| Orientation for applications | | +| Orientation for notifications | | +| Orientation for reports | | +| Orientation for documents | | +| Orientation for forms | | +| Orientation for logbook | | +| Orientation for organisational structure | | +| Orientation for Password Reset | | +| Orientation for passwords | | +| Orientation for rules | | +| Orientation for roles | | +| Orientation for seal templates | | +| Orientation for system tasks | | +| Orientation for forwarding rules | | +| Size of profile image in reading area | | +| Category: Mobile synchronisation | Section | +| --- | --- | +| Validity of the mobile database without synchronisation in days (0 = no limit on validity) | | +| Maximum number of login attempts before deleting the database (0 = unlimited) | | +| Category:Offline mode | Section | +| --- | --- | +| Automatic synchronisation after an interval in minutes (0 for deactivated) | | +| Offline synchronisation after saving a record | | +| Path where the offline database should be saved (empty for standard) | | +| Category:Proxy | Section | +| --- | --- | +| Address | | +| User name | | +| Password | | +| Use Windows proxy | | +| Category:Rights | Section | +| --- | --- | +| Clear user field after adding | | +| Inherit permissions for new objects (without rights template) | | +| Existing passwords inherit changes to the permissions for organisational units | | +| Permission search: Add gradually | | +| Delete user from the permissions for new objects when the user creating the new object is authorized via a role | | +| Hide deleted users and roles in permissions | | +| Category:Security | Section | +| --- | --- | +| Change rule for the user password | | +| Disconnect database connection due to inactivity after | | +| Deactivate inactive users | | +| Length of validity of the multifactor authentication token (minutes) | | +| Confirmation of authenticity on login | | +| Minimum score for password quality level “good” | | +| Minimum score for password quality level “strong” | | +| Display password in quick view | | +| PKI: Enforce validity period for certificates | | +| PKI: Certificate hash methods | | +| PKI: Checking mode for certificate chains | | +| Time period after which inactive sessions will be deleted from the server | | +| Category:SSO | Section | +| --- | --- | +| Browser Extension: Exact domain check | | +| Browser Extension: Automatically send login masks | | +| Browser Extensions: Automatically fill login masks | | +| Browser addons: Show password | | +| Category:Keyboard shortcuts | Section | +| --- | --- | +| Execute script to enter the password in the selected windowk | | +| Execute script to enter the user name in the selected window | | +| Execute script to enter the user name and password in the selected window | | +| Execute script to enter the user name and password in the selected window using the Enter button | | +| Category:Clipboard | Section | +| --- | --- | +| Clearing the clipboard | | +| Clear clipboard on closing | | +| Clear clipboard on minimising | | +| Clipboard gallery | | + +NOTE: There is a version selection box in the settings. The options that were newly added in the +selected version are correspondingly marked in the list. + +![installation_with_parameters_115](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) + +This makes it easier for administrators to correctly configure new options before they release the +update for all employees. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md new file mode 100644 index 0000000000..7cb5307c11 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md @@ -0,0 +1,79 @@ +--- +title: "User settings" +description: "User settings" +sidebar_position: 40 +--- + +# User settings + +## What are user settings? + +There are many functions within Netwrix Password Secure that can be adapted to the needs of users. +It is also possible to define various parameters for optical representations. This can be inherited +both at \* user level \*, \* global \* and \* organisational units \*. In addition, there is a +security level concept, which categorizes the users into five layers. The administration of settings +can thus be linked to the presence of the required security level. + +## Managing user settings + +You can configure user settings similarly to [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md). Here too, +there are a total of three possibilities with which a user can define his settings or be configured +from another location. For the sake of easy manageability, it is again a good idea to configure the +users not individually, but to provide several equal users with settings. + +![installation_with_parameters_116](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_116.webp) + +The focus is always on the user, also when it comes to user rights. It can obtain its settings in +one of the following three ways: + +1. Personal settings only apply to a specific user. These are always configured via the + organisational structure module. +2. Settings for organisational structures apply to all members of a role, and are specified in the + organisational structure module +3. Global settings apply to all users of a database without exception. You can configure them in the + client settings. + +**CAUTION:** In addition to personal and global settings (as opposed to authorizations), settings +are not assigned via roles, but via organisational units! + +![installation_with_parameters_112](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) + +### Inheritance of user settings + +If you leave the personal settings on the outside, there are two ways to inherit settings: + +1. Global inheritance +2. Inheritance on the basis of membership in organisational units (OU) + +Global settings are configured as usual in the [Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md). The organisational +units are inherited via the +[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). +All users who are assigned to an organisational unit inherit all user settings for this OU. In the +present case, the users “Jones” and “Moore” inherit all settings from the “IT” organisational unit: + +![inherit permissions](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_117-en.webp) + +The “Settings” button in the ribbon allows you to see the settings for both organisational units and +users. The many setting options can be restricted by the known +[Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) mechanisms. + +![installation_with_parameters_118](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_118.webp) + +The diagram shows the settings for the user “Jones”. The search has been filtered by the term +“Detail”. The column **“Inherited from”** shows that some settings have been inherited globally, or +by the organisational unit “IT”. The top two options have no value in the column. This is because +this parameter has been defined at user level. + +NOTE: The inheritance for individual settings can be deactivated in the ribbon! + +## Security levels + +Option groups were created in the global settings to ensure that users can control only those +settings for which they hold permissions. Categorising security levels from 1 to 5 allows you to +combine similar options and thus make them available to the users. + +![user settings](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_119-en.webp) + +The [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) define who has the required permissions to change +which security levels. As with all rights, this is achieved either through global inheritance, the +role, or as a right granted directly to the user. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/_category_.json new file mode 100644 index 0000000000..3bcf4aaf6d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Operation and Setup", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "operation_and_setup" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/_category_.json new file mode 100644 index 0000000000..113bb86a6f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Dashboard and widgets", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "dashboard_and_widgets" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md new file mode 100644 index 0000000000..4b2456a7ff --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md @@ -0,0 +1,82 @@ +--- +title: "Dashboard and widgets" +description: "Dashboard and widgets" +sidebar_position: 80 +--- + +# Dashboard and widgets + +## What are dashboards and widgets? + +In case of large installations, the amount of information provided by Netwrix Password Secure may +seem overwhelming. Dashboards expand the existing filter possibilities by an arbitrarily +customizable info area, which visually prepares important events or facts + +![Dashboard](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_50-en.webp) + +Dashboards are available in almost all [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md)s. A +separate dashboard can be set for each individual module. **Widgets** correspond to the individual +modules of the dashboard. There are various widgets, which can be individually defined and can be +configured separately. In the above example, three widgets are enabled and provide information about +current notifications, password quality, and user activity. The **maximum number of possible +widgets** is managed in the[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). + +NOTE: You can close the dashboard using the button in the tab. You can open it again via **View** > +**Show dashboard** in the ribbon. + +NOTE: The display of the dashboard is basically uncritical since the user can only see the data on +which he is also entitled. + +#### Relevant settings + +The following options are available in combination with the dashboard and widgets. + +**Settings** + +- Display dashboard on startup +- Display module names on dashboard +- Number of allowed widgets +- Display remaining amount of data in the widget + +#### Adding and removing widgets + +If the dashboard tab is enabled, you can enable the dashboard editing mode via the ribbon. Adding +and editing widgets is only possible in this mode. + +![Adding and removing widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_51-en.webp) + +Use the drop-down menu to select the widget to be added \* (1) . **Then add the widget to the +dashboard using the corresponding button in the ribbon** (2). The maximum number of widgets that can +be added can be configured in the user settings. In editing mode, any widget can be directly removed +from the dashboard via the button on the upper right edge. The processing mode is ended by saving +via the ribbon. + +![Adding widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_52-en.webp) + +## Customizing widgets + +In the editing mode, you can customize each widget separately. To do this, select the widget and +switch to the \* widget content tab \* in the ribbon. + +![Customizing widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_53-en.webp) + +Separate variables can be customized for each widget. This example shows how often users have had +passwords displayed. Naturally, the variables are distinct for each widget since other information +could be relevant. + +Widget event + +You can select the **Widget Event** option in the ribbon. This activates the interaction of the +widgets. In the following example, this feature was enabled for the Activity widget. As a result, +the dashboard not only displays all activities, but also filters them according to the user selected +in the **Team List** widget. It therefore concerns all activities of the user “Moore”. These are +filtered “live” and displayed in real-time. + +![Widget event](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_54-en.webp) + +## Arranging widgets + +In the edit mode, the layout of the widgets is user-defined. Drag & drop allows you to place a +widget in the corresponding position on the dashboard (left, right, top, or bottom). + +![Arranging widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_55-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md new file mode 100644 index 0000000000..d451dd06fa --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md @@ -0,0 +1,22 @@ +--- +title: "Keyboard shortcuts" +description: "Keyboard shortcuts" +sidebar_position: 10 +--- + +# Keyboard shortcuts + +## Functionality + +Some actions can be executed very efficiently using keyboard shortcuts. These are configured in the +section of the same name within the **global +[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md)** + +The following keyboard shortcuts are available: + +- **CTRL+ ALT + U** transfers the user name from the selected record to the active window +- **CTRL+ ALT + S** starts a script that firstly transfers the user name from the selected record to + the active window. The shortcut will then execute a TAB jump and transfer the password. +- **CTRL+ ALT + P** enters the selected password into the active window or field +- **CTRL+ ALT + R** firstly transfers the user name from the selected record to the active window + via the enter key. The shortcut will then execute a TAB jump and transfer the password. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/_category_.json new file mode 100644 index 0000000000..dce4f41135 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Filter", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "filter" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md new file mode 100644 index 0000000000..e695bd900d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md @@ -0,0 +1,111 @@ +--- +title: "Advanced filter settings" +description: "Advanced filter settings" +sidebar_position: 20 +--- + +# Advanced filter settings + +## Linking filters + +The two options for linking the filter criteria are very easy to explain using the example of +[Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md). The following options are available: + +1. Logical “Or operator” + +By default, the filter is active in this mode. In the following example, the user wants to find all +records with at least one of the tags ”**Important**” or ”**Development**”. This also means that +records can either have one of the tags, or both. + +![installation_with_parameters_17_839x376](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_17_839x376.webp) + +Due to the colour coding of the tags in the records, it can be seen that the first two records have +one of the tags, while the third one has both tags. However, all three are included in the results. +**At least one filter criterion must be met.** + +**2. Logical “And operator”** + +This mode is activated directly by the checkbox in the filter. Each filter criterion has its own +checkbox. + +![installation_with_parameters_18](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_18.webp) + +![installation_with_parameters_19_822x325](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_19_822x325.webp) + +**In contrast to the “OR link”, the “AND link” must fulfil both criteria**. Accordingly, only those +records that have both the tag **”Important”** and the tag ”Development” are listed in the results +for this example. + +## Filter tab in the ribbon + +The filter management can also be found in the [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). Here, it is +possible e.g. to expand the currently configured filter criteria, save the filter, or simply clear +all currently applied filters. + +![installation_with_parameters_20](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_20.webp) + +#### Saving, editing, and deleting filters + +In many cases, it is recommended to store defined filters. In this way, it is possible to make +efficient use of filter results from previous searches. The button **“Save filter”** directly +prompts you to assign a meaningful name to this filter. The filter is saved according to the +criteria currently configured in the filter. This filter is now listed in the selection menu and can +now be selected. Note that a selected filter selection is immediately applied to the filter but is +not automatically executed. The filter must be used for this purpose. Both the button in the ribbon, +so also the counterpart in the filter, lead to the same result here. + +![Filter settings](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/advanced-filter-settings-1-en.webp) + +Deleting and overwriting existing filters is identical in the procedure. The filter, which has been +marked in the selection field, is always deleted. If an existing filter is to be overwritten, the +name of the filter is retained and is overwritten with the filter criteria currently configured in +the filter. + +————————— + +#### **Advanced filter** + +In the “Extended filter” category you can adjust the filter as desired, eg by adding or removing +filter groups. Clicking on **”Edit filter”** activates the processing mode. You can terminate it +with **”Finish editing”.** + +![Filter editing](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/advanced-filter-settings-2-en.webp) + +New filter groups can now be added via the selection field. For this purpose, the desired filter +type is selected (in the example, the filter group is the seal). The process is completed by +**”adding a filter group”.** Newly added filter groups are always placed at the very bottom of the +filter. + +In **Edit mode**, the filter view changes, in addition to the possible actions in the ribbon. Use +the arrow buttons to adjust the order of the filter groups. The icons “Plus” and “Minus” can be used +to create additional instances of existing filter groups or to remove existing ones. In the +following example, a content filter was added and all other filter groups removed. + +![Filter](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/advanced-filter-settings-3-en_923x441.webp) + +In this example, only the content filter is used – in two instances! \* The “And” link will now +display all records that contain both the word “password” and the phrase “important”. \* + +#### Negation of filters + +It is often important to be able to negate the filter. + +Activation + +In the “Extended filter” category you have the possibility to activate the negation: + +![allow negation](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/allow-negation-en.webp) + +It is thus possible to refine very precisely filter results even further. This becomes more and more +important when there are a large number of records in the database and the resulting amount of data +is still unmanageable despite the fact that filters has been appropriately defined. + +![installation_with_parameters_25_752x412](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_25_752x412.webp) + +Negations are defined directly in the checkbox of an element within a filter group. Without +negations, you can only search e.g. for a tag. Negations make the following queries possible: + +”Deliver all records that have the tag “Development” but are not tagged with “Important”! + +**CAUTION:** In order to effectively use negations, it is important that “and links” are always +enabled. Otherwise operations with negations cannot be modelled mathematically. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md new file mode 100644 index 0000000000..c59065536f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md @@ -0,0 +1,38 @@ +--- +title: "Display mode" +description: "Display mode" +sidebar_position: 10 +--- + +# Display mode + +## What display modes exist? + +In addition to the already described [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), it is possible to switch to structure +view. This alternative view enables you to filter solely on the basis of the organisational +structure. Although this type of filtering is also possible in standard filter view, you are able to +directly see the complete organisational structure in structure view. + +NOTE: As there are no longer any folders in Netwrix Password Secure version 9, the structure view +can not mirror all of the functionalities of the folder view in version 7. However, the structure +view has been modelled on the folder view to make the changeover from the previous version easier. + +![installation_with_parameters_15](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_15.webp) + +As you can see, only the organisational structure is visible in this view. This view is the ideal +choice for users who want to work in a highly structural-based manner. + +## Relevant options + +There are three relevant [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) +associated with the display mode: + +![installation_with_parameters_16](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_16.webp) + +- **Display mode:** It is possible to define whether the standard filter, structure filter or both + are displayed. If the last option is selected, you can switch between both views. +- **Jump to filter on quick search:** If you are using structure view, it is possible to define + whether the system should automatically jump to the standard filter if you click the quick search + (top right in the client) +- **Display mode status when starting the program:** This setting defines which display mode is + displayed as default when starting the program. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md new file mode 100644 index 0000000000..0020bfd37e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md @@ -0,0 +1,98 @@ +--- +title: "Filter" +description: "Filter" +sidebar_position: 20 +--- + +# Filter + +## What is a filter? + +The freely configurable filters of the PSR client provide all methods for easy retrieval of stored +data. The filter criteria are always adapted according to the module in which you are currently +located. When you select one or several search criteria, and click on “Apply filter”, the results +will be displayed in the list view. If necessary, this process can be repeated as desired and +further restrictions can be added. + +## Relevant rights + +The following option is required for editing filters: + +**User right** + +- Can edit filter + +![Filter](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_10-en.webp) + +## Who is allowed to use the filter? + +The filter is an indispensable working tool because of the possibility to restrict existing results +according to individual requirements. Consequently, all users can use the filter. It is, of course, +possible to place restrictions for filter criteria. This means that the filter criteria available to +individual employees can be restricted by means of +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md). +For example, an employee can only filter for the [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) password +if he has the read permission for that form. + +**CAUTION:** There are no permissions for [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md). This means that any employee can +use any tags. The display order in the filter is determined by the frequency of use. This process is +not critical to security, since tags do not grant any permissions. They are merely a supportive +measure for filtering. + +## Application example + +Filter without criteria + +By selecting the desired criteria and applying the filter using the button of the same name, the set +of all the records corresponding to the criteria is displayed in the list view. If you used the +filter without criteria, you would obtain a list of all records to which you generally have +authorization. + +![editing criteria](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_11-en.webp) + +As you can see, 133 records are not really manageable. In most situations you will need to reduce +the number of records by adding filters. + +**Adding filter criteria** + +The filter **organization** can be applied directly to the authorizations to restrict the number of +records according to the authorizations granted. In this case, the logged-on user holds rights for +various areas. However, it would like to see only those records which are assigned to the **Own +passwords** area within the organisational structure. In addition, there should be further +restrictions, which could be formulated as in the following sentence: “Deliver all records from my +own passwords that were created with the form **password** and which contain the expression **2016** +and the tag **Administrator**. + +![Adding filter criteria](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_12-en.webp) + +As can be seen, the filter delivers the desired results. The extent to which the filter criteria +match the three remaining data sets is assigned in colour. + +**CAUTION:** When filtering with several criteria, such as forms, content and tags, all filter +criteria must be complied with. It is therefore a logical “AND operation”. Other possible methods +for linking criteria are described in detail in the Advanced Filter Settings. + +**Content filter** + +The term \* 2016 \* is part of the description in the \* My Schufa \* record, part of the +description of \* Wordpress 2016 \* and Microsoft Online 2016 . **Since the search** \***”in all +fields”** is activated in the content filter, all three records are also included in the results, +and are displayed in the list view. You can also configure the content filter to search for +expressions in a specific field. The icon next to the expression **”in all fields”** opens the +content filter configuration in a modal window. As can be seen, the content filter has been +configured to only search in the form **password** and then only in the form field **Internet +address:** + +![installation_with_parameters_13](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_13.webp) + +![Content filter](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_14-en.webp) + +It is very easy to abstract, because of the present example, that the filter can be adapted to your +personal requirements. It is thus the most important tool to be able to retrieve data once stored in +the database. + +**CAUTION:** The effectiveness of the filter is closely linked to data integrity. Only when data is +kept clean, efficient operation with the filter is ensured. It is important that employees are +trained in the correct handling of the filter tool as well as when creating the records. Workshops +show the best success rate in this context. If you require further information, contact us under +mail to: sales@passwordsafe.de. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md new file mode 100644 index 0000000000..341779a1f7 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md @@ -0,0 +1,91 @@ +--- +title: "List view" +description: "List view" +sidebar_position: 30 +--- + +# List view + +## What is the list view? + +The list view is located centrally in the Netwrix Password Secure client, and is a key element of +daily work. There are also list views in Windows operating systems. If you click on a folder in +Windows Explorer, the contents of the folder are displayed in a list view. The same is true in +Netwrix Password Secure version 9. + +However, instead of folders, the content of the list view is defined by the currently applied +filter. \* This always means that the list view is the result of a filtered filter \*. For the +currently marked record in list view, all existing form fields are output to the reading pane. With +the two tabs “All” and “Favourites, the filter results can be further restricted. + +![List view](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_26-en.webp) + +At the bottom of the list view, the number of loaded records and the time required for this are +shown. + +NOTE: For more than 100 list elements, only the first 100 records are displayed by default. This is +to prevent excessive database queries where the results are unmanageable. In this case, it makes +sense to further refine the filter criteria. By pressing the “All” button in the header of the list +view, you can still manually switch to the complete list. + +## Searching in list view + +Through the search field, the results found by the filter can be further refined as required. After +you have entered the search term, the results are automatically limited to those records which +correspond to the criteria (after about half a second). The search used for the search is +highlighted in yellow. + +![installation_with_parameters_27](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_27.webp) + +## Detailed list view + +The default view displays only limited information about the records. However, the width of the list +view is flexible and can be adjusted by mouse. At a certain point, the view automatically changes to +the detailed list view, similar to the procedure in Microsoft Outlook. All form fields are displayed + +![Table view](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_28-en.webp) + +## Favourites + +Regularly used records can be marked as favourites. This process is carried out directly in the +[Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). A record marked as a favourite is indicated with a star in list view. + +![Favourite](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_29-en.webp) + +You can filter for favourites directly in the list view. For this purpose, simply switch to the +“Favourites” tab + +![installation_with_parameters_30](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_30.webp) + +#### Othersymbols + +Every record displayed in list view has multiple icons on the right. These give feedback in colour +about both the password quality and the [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) used. Mouseover tooltips provide +more precise details. + +![installation_with_parameters_31](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_31.webp) + +NOTE: The information visible underneath the password name is taken from the info field for the +associated form and will be explained separately + +## Workingwith records + +All records that correspond to the filter criteria are now displayed in list view. These can now be +opened, edited, or deleted via the ribbon. Many functions are also available directly from the +context menu. You can do this by right-clicking the record. Multiple selection is also possible. To +do this, simply highlight the desired objects by holding down the Ctrl key. + +![installation_with_parameters_32](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_32.webp) + +#### Opening and editing data sets + +By double-clicking, as with the context menu (right mouse button), all records can be opened from +the list view in a separate tab. Only in this view can you make changes. This detail view opens in a +separate tab, the list view is completely hidden + +![editing dataset](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_33-en.webp) + +NOTE: Working with data records depends of course on the type of the data record. Whether passwords, +documents or organisational structures: The handling is partly very different. For more information, +please refer to the respective sections on the individual +[Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md new file mode 100644 index 0000000000..507921edcd --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md @@ -0,0 +1,97 @@ +--- +title: "Operation and Setup" +description: "Operation and Setup" +sidebar_position: 10 +--- + +# Operation and Setup + +## Client structure + +The modular structure of the client ensure that the required functionalities are always in the same +place. Although the module selection gives access to the various areas of Netwrix Password Secure, +the control elements always remain at the positions specified for this purpose. This intuitive +operating concept ensures efficient work and a minimum of training time. + +![Operation](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation-and-setup-1-en.webp) + +![Dashboard](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation-and-setup-2-en.webp) + +1. [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) + +2. [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) + +3. [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) + +4. [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) + +5. [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) + +6. [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) + +7. [Dashboard and widgets    ](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md) + +## TABs + +Tabs offer yet another option within the to present related information in a separate area. This tab +navigation enables you to display, quickly access and switch between relevant information. The +results for a filter with specific criteria can thus be retained without the original result being +overwritten + +when a new filter is applied. In parallel, detailed information about records can also be found in +their own tabs. It is of course possible to adjust the order of the tabs via drag & drop according +to your individual requirements. + +![Dashboard](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/installation_with_parameters_2-en.webp) + +#### Standard tab + +Depending on the active module, the All passwords tab will be renamed to the corresponding module by +default. (All documents, all forms, etc.) + +![Standard tab](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/standard-tab-en.webp) + +Although the name suggests that all records in the database are displayed, the records displayed in +list view correspond to the criteria that have been defined in the filter. The tab closes and can be +restored by reusing the filter. + +## Client footer information + +Independently of the module chosen, various information is displayed in the footer area of the +client. The icons are also provided with a meaningful mouse-over text, which provides additional +information. + +- Connection to database +- Feedback in case connection is insecure +- Last name, first name (user name) of the logged-in user + +![installation_with_parameters_4](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/installation_with_parameters_4.webp) + +- [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) +- [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) +- [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) +- [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) +- [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) +- [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) +- [Dashboard and widgets](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md) +- [Shortcut key](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md) + +## Orientation + +It is possible to change the alignment of the following objects: + +- [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +- [Applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md) +- [Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md) +- [Reports](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md) +- [Documents](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md) +- [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) +- [Logbook](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md) +- [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +- [Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) +- [Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) +- [Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) +- [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) +- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) +- Forwarding Rules +- Profil picture in the reading pane diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/print.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/print.md new file mode 100644 index 0000000000..ea4814196c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/print.md @@ -0,0 +1,96 @@ +--- +title: "Print" +description: "Print" +sidebar_position: 70 +--- + +# Print + +#### What can the print function do? + +It is often necessary to print out data stored in Netwrix Password Secure for documentation +purposes. The Print function is available in numerous areas of Netwrix Password Secure for this +purpose. It is possible to print out records such as e.g. passwords or also information about +organisational units and much more. + +#### Relevantrights + +The following rights are relevant. + +**Record rights** + +- The **Print** right for the relevant record is required in each case. + +User right + +- Can print + +#### Availability + +The print function is available in the following modules: + +- Passwords +- Documents +- Organisational structure +- Roles +- Forms + +#### Using the print function + +The print function can be called up via the ribbon. + +![installation_with_parameters_44](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_44.webp) + +Firstly, it is necessary to select whether you want to print a table or a detailed view. The amount +of data can also be defined. The individual menu items are described in detail further down in this +section. After making your selection, the data is firstly prepared for printing. Depending on the +amount of data, this may take a few minutes. The print preview is then opened. + +![print password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_45-en.webp) + +NOTE: The print preview accesses the functions of the printer driver. Depending on the printer or +driver being used, the appearance and functions offered by the print preview may vary. The +individual functions will thus not be described in detail here. + +The printing process is ultimately started via the **print preview**. It is also possible to save +the view or adjust the layout before printing. + +#### Selecting the data to be printed + +There are different options available for adapting the printing result to your personal +requirements. The individual menu items will be explained here using the example of printing +passwords. + +###### Table view (current selection) + +All **selected** records will be printed out. In the following example, **Adobe** and **Anibis.ch** +are thus printed out. + +![selected data](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_46-en.webp) + +The data is printed here in table form. + +![print password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_47-en.webp) + +#### Tableview (current filter) + +All currently **filtered** records will be printed out here. In this example, all seven records are +thus printed out. + +![filtered password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_48-en.webp) + +They are printed out – as described above – in table form. + +#### Detailed view (current selection) + +This option also prints out the currently selected records. However, a detailed view is printed out +in this case. + +![print filtered passwords](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_49-en.webp) + +#### Detailed view (current filter) + +This function can be used to print out all filtered records in detailed view as described above. + +NOTE: It should be noted that the amount of data generated via this function can quickly become very +large. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md new file mode 100644 index 0000000000..d9c546f3f2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md @@ -0,0 +1,59 @@ +--- +title: "Reading pane" +description: "Reading pane" +sidebar_position: 40 +--- + +# Reading pane + +## What is the reading pane? + +The reading pane on the right side of the client always corresponds to the detailed view of the +selected record in the list view and can be completely deactivated via the ribbon. In addition, you +can configure here the arrangement of the reading pane – either on the right, or underneath the +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md). + +![Reading area](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_34-en.webp) + +## Structure of the reading pane + +The reading pane is divided into two areas: + +1. **Details area** +2. Footer area + +![installation_with_parameters_35](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_35.webp) + +1. Details area + +Depending on which record you have selected in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the +corresponding fields are displayed here. In the header, the assigned [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md), as +well as the +[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +are displayed. + +**CAUTION:** It should be noted that the details area cannot be used for editing records! Although +it displays all of the data, editing is only possible if the record has been opened. + +2. Footer area + +In the footer area of the reading pane, it is possible to display various information for the +currently selected record. The button can be activated via the button provided. It is hidden by +default. + +![Footer area](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_36-en.webp) + +The logbook, linked documents, history, notifications and password resets can be accessed separately +here via the tabs. The individual elements can be viewed with a double-click, as well as by using +the quick view (space bar). Double clicking always opens a separate tab, the quick view merely opens +a modal window + +Visibility of the individual tabs within the footer section is secured via separate +[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md): + +![installation_with_parameters_37](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_37.webp) + +The same options can also be found in the settings. A tab is only displayed if it has been activated +both in the rights and also in the settings. This makes it possible to specify (for example via the +administrator) whether a user is permitted to view the tab or not. The user can then define +themselves which tabs they want to be displayed. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md new file mode 100644 index 0000000000..9eae4ce17f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md @@ -0,0 +1,54 @@ +--- +title: "Ribbon" +description: "Ribbon" +sidebar_position: 10 +--- + +# Ribbon + +## What is the ribbon? + +The ribbon is the central control element of Netwrix Password Secure version 9. It is available in +all modules. Netwrix Password Secure is almost always operated via the ribbon in the header area of +the PSR client. + +![Ribbon](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_5-en.webp) + +The features available within the ribbon are dynamic, and are based on the currently available +actions. Various actions can be performed, depending on which object is selected. The module +selected also affects the features that are available in the ribbon. Of course, the most important +actions can also be controlled via the context menu (right mouse button). + +![Ribbon - Item](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon-1-en.webp) + +This mainly affects the very often used features such as opening, deleting or assigning tags. +However, a complete listing of the possible actions is always only possible directly in the ribbon. +This ensures that the context menu can be kept lean. + +## Access to the client main menu (backstage) + +The button at the top left of the ribbon provides access to the +[Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md): + +![installation_with_parameters_7](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_7.webp) + +## Ribbon tabs + +There are tabs in the header area of the ribbon that summarize all available operations. By default, +module-independent **Start, View, and Filter** is available. If the footer of the +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) is opened (1), further tabs will be visible in the +ribbon (2). These contain, according to the selection made in the footer, other possible actions. + +![Ribbon Tabs](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_8-en.webp) + +#### Content tabs + +Double-clicking on an object in the [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) opens a new tab with its +detailed view. Depending on which form field you have selected, the corresponding content tab opens +in the ribbon. + +![Content tabs](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_9-en.webp) + +Depending on the selected form field, further actions are offered in the Content tab. In the +Password field, this is, for example, calling the password generator or the screen keyboard, or the +possibility to copy it to the clipboard. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md new file mode 100644 index 0000000000..1e5e47d033 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md @@ -0,0 +1,52 @@ +--- +title: "Search" +description: "Search" +sidebar_position: 60 +--- + +# Search + +## What is search? + +With the help of the search, it is possible to find data stored in the database efficiently +according to selected criteria. Basically, there are 2 search modes: + +1. Quick search + +In the upper right section of the ribbon, there is a search field, which scans the module that is +currently open. This is a full-text search that scans all fields and tags except the password field. + +![quick search](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_41-en.webp) + +The fast search is closely linked to the [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), because search queries are +converted directly into one or several content filters. You can also separate search terms using +spaces, for example, **Cook Daniel**. Note that this search creates two separate content filters, +which are logically linked with “and” +. This means that both words must occur in the data record. +The sequence is irrelevant. If the ordering needs to be taken into account, the search term must be +enclosed in quotation marks: **“Cook Daniel”**. The search is not case sensitive. No distinction is +made between upper and lower case. + +NOTE: You can access quick search directly via \* Ctrl + Q\*! + +Negations in the quick search + +Negations restrict the results to such an extent that certain criteria may not be met. The following +example searches for all records that contain the expression \* Delphi , **but not the expression +swiss. The notation, which must be entered in the quick search, is: Delphi -swiss** + +![quick search](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_42-en.webp) + +2. List search + +With the list search in the header of the [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the results of the +filter can be searched further. This type of search is available in almost every list. Scans only +the currently filtered results. Password fields are not searched. The search is live, so the result +is further refined with every additional character that is entered. Automatic “highlighting” takes +place in yellow colour. + +![list search](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_43-en.webp) + +A direct database query is performed when the filter is executed. The list search only searches +within the query already made. + +NOTE: The list search is hidden by default and can be activated with “Ctrl + F” diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md new file mode 100644 index 0000000000..e5f9aa2813 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md @@ -0,0 +1,51 @@ +--- +title: "Tags" +description: "Tags" +sidebar_position: 50 +--- + +# Tags + +## What are tags? + +The tag system is ubiquitous in Netwrix Password Secure. It can be used to classify and describe +almost every object. An object can have several such tags. These are always displayed in the header +area of the data record. Optionally, tags can be provided with colours or a description. They +determine the aesthetics of Netwrix Password Secure, and are optically a great help, in order not to +loose the overview even in case of large amounts of data. + +NOTE: Tags have no permissions. Any user can use any tag! + +## Relevant rights + +The following option is required for creating new tags. + +User rights + +- Can add new tags + +## Adding tags to records + +Tags can be directly added when creating new records and also when editing records. The procedure is +the same. In Edit mode, the tags are always at the bottom. + +![Tags in dataset](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/installation_with_parameters_38-en.webp) + +The operation is intuitive. From the third entered letter, existing tags are searched for full text. +If the desired tag has been found, it can be added. Both the navigation with mouse, thus also with +keyboard, is possible. If a new tag is to be created, this can be done directly with “Return”. + +![installation_with_parameters_39](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/installation_with_parameters_39.webp) + +## Tags in the ribbon + +If you edit a record and mark an existing or new tag, a corresponding content tab appears in the +ribbon. Here, the tag manager can be opened as well as the colour and description of the tag can be +adapted directly. + +![Tags in password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/installation_with_parameters_40-en.webp) + +## Management of tags + +A separate section is available under Extras in the client for the tag manager. This is explained in +a special section. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/_category_.json new file mode 100644 index 0000000000..15e0af1775 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Permission concept and protective mechanisms", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "permission_concept_and_protective" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/_category_.json new file mode 100644 index 0000000000..bde6770d7b --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Automated setting of permissions", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "automated_setting_of_permissions" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md new file mode 100644 index 0000000000..094f7faf90 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md @@ -0,0 +1,30 @@ +--- +title: "Automated setting of permissions" +description: "Automated setting of permissions" +sidebar_position: 20 +--- + +# Automated setting of permissions + +## Reusing permissions + +Netwrix Password Secure generally differentiates between multiple methods for setting permissions: + +1. Manual setting of permissions +2. Inheritance of permissions within organisational structures +3. Using predefined rights + + - In the manual setting of permissions, the desired permissions are directly configured for each + record. Automatic processes and inheritance are **not** used in this case. + - Both the use of predefined rights and also the inheritance from organisational structures are + based on the **automated reuse** of already granted permissions according to previously + defined rules. + +The following diagram deals with the question: **How do users or roles receive the intended +permissions?** + +![manual vs automated settings](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/automated-setting-of-permissions-1-en.webp) + +NOTE: Inheritance from organisational structures is defined by default in the system. This can be +configured in the settings. The relevant setting is “Inherit permissions for new objects (without +permission template)”. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md new file mode 100644 index 0000000000..7d79a74def --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md @@ -0,0 +1,89 @@ +--- +title: "Inheritance from organisational structures" +description: "Inheritance from organisational structures" +sidebar_position: 10 +--- + +# Inheritance from organisational structures + +## Organisational structures as a basis + +The aim of organisational structures is to reflect the hierarchies and dependencies amongst +employees that exist in a company. Permissions are granted to these structures as usual via the +ribbon. Further information on this subject can be found in the section +[Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md). +As a specific authorization concept is generally already used within organisational structures, this +is also used as the basis for further permissions. This form of inheritance is technically +equivalent to granting permissions based on **affiliations to a folder**. When creating a new +record, the record receives the permissions in accordance with the defined permissions for the +organisational unit. + +![explanation of authorization](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-1-en.webp) + +## Relevant user settings + +Whether this form of inheritance should be applied is defined via the settings in the ribbon. It can +be configured in more detail using two settings. + +**CAUTION:** If a predefined rights exists, this will always overwrite inherited permissions from +organisational structures + +Inherit permissions for new objects (without rights template) This setting is relevant for newly +created records. + +![setting inherit permission](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-2-en.webp) + +The following values can be configured: + +Off: Permissions from OUs are not inherited organisational unit: When creating new objects, +permissions are set in accordance with the defined rights for the target organisational unit. This +setting is active by default. organisational unit and user: As well as inheriting permissions for +organization units, the configured permissions for the user are now also inherited when creating +private records. \*If inheritance for the users is also activated, the creation of private records +is in itself no longer possible. When creating new records to be saved in the organisational unit +for the logged-in user, the permissions for the record are now granted in accordance with the +permissions for the user. + +Existing passwords inherit changes to the permissions for organisational units + +![setting inherit from OU to password](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-3-en.webp) + +This option means that changes to permissions for an organisational unit will be inherited by all +passwords for this organisational unit. This setting is active by default. When inheriting +permissions, a dialogue will be displayed that offers you the following options: + +Increase or reduce permissions: The permissions for the passwords are retained and are only +increased or reduced by the change. Overwrite permissions: The permissions for the passwords are +completely overwritten. This means that all permissions for a password are firstly removed and then +the new permissions for the organisational unit are inherited. Cancel inheritance: The permissions +are not inherited but are only changed in the organisational unit. \*The permissions are only +inherited by existing passwords within the organisational unit. Therefore, the permissions are not +inherited downwards throughout the entire structure. + +Example case This example shows the creation of a new record in the organisational structure +“marketing”. It is defined in the settings for the stated organisational structure that permissions +should be inherited by new objects in accordance with the organisational structure. + +The permissions for the organisational unit “marketing” are shown below: + +![example of permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-4-en.webp) + +A new password is now created in the organisational unit “marketing”. + +![new password](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-5-en.webp) + +It is important that no preset is defined for this organisational unit. The permissions for the +record just created are now shown. + +![permissions example](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-6-en.webp) + +## Conclusion + +The permissions for the “storage location” are simply used when creating new objects. Two conditions +apply here: + +The value “organisational unit” must be selected in the settings for the inheritance of permissions +There must be no [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) for the +affected organisational structure This process is illustrated in the following diagram: + +![process for inheritance of permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-7-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/_category_.json new file mode 100644 index 0000000000..c53f3cdaa2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manual setting of permissions", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "manual_setting_of_permissions" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md new file mode 100644 index 0000000000..b08296717b --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md @@ -0,0 +1,94 @@ +--- +title: "Manual setting of permissions" +description: "Manual setting of permissions" +sidebar_position: 10 +--- + +# Manual setting of permissions + +## What is the manual setting of permissions for records? + +In contrast to the +[Automated setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md), the +manual approach does not utilize any automatic processes. This method of setting permissions is thus +carried out separately for every record – this process is not as recommended for newly created data. +If you want to work effectively in the long term, the automatic setting of permissions should be +used. However, the manual setting of permissions is generally used when editing already existing +records. + +## Adding additional users with permissions + +In the previous section, it was clarified that permissions are granted either directly to the user +or to several users grouped in a role. With this knowledge, the permissions can be set manually. In +the [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md), there are three different ways to access +the permissions in the list view: + +1. Icon in the ribbon +2. Context menu of a data record (right-click) +3. Icon at the right edge of the reading pane + +![different ways to access the permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-1-en.webp) + +NOTE: The icon on the right of the reading pane shows the information whether the record is personal +or public. In case of personal data records, the user that is logged on is the only one who has +permissions! + +The author is created with all permissions for the record. As described in the +[Permission concept and protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md), you can now +add roles and users. 'Right click - Add' inside the userlist or use the ribbon "User and roles" to +add a user. The filter helps you to quickly find those users who should be granted permissions for +the record in just a few steps. + +![add user and role](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-2-en.webp) + +The search [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md)opens in a separate tab and can be +configured as usual. + +![seach filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-3-en.webp) + +**Multiple selection** is also enabled. It allows to add several users via the Windows standard +Ctrl/Shift + left mouse button. + +## Set and remove permissions + +By default, all added users or roles receive only the “Read” permission on the record. The “Read” +permission at the beginning is sufficient to view the fields of the data record and to use the +password. "Write" permission allows you to edit a data record. **The permission “Authorize” is +necessary to authorize other users to the record**. This is also a requirement for +the[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). + +![setting all permissions example](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-4-en.webp) + +## Transferring permissions + +A simple right-click on a user can be used to copy and transfer permission configurations of users +or roles to others in the context menu. In this context, the use of permission templates is also +very practical. In the “Template” area of ​​the ribbon, you can save configured permissions, +including all users, and reuse them for other records. + +![preset menu](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-5-en.webp) + +The transfer of permissions and their reuse can be an important building block to create and +maintain entitlement integrity. This method cannot rule out misconfigurations, but it will minimize +the risk significantly. Of course, the correct configuration of these templates is a prerequisite. + +## The add permission + +The “add" permission holds a special position in the authorization concept. This permission controls +whether a user/role is permitted e.g. to create a new record within an organisational structure. +Consequently, this permission can only be set in the +[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). + +## The owner permission + +The "owner" permission can be set for a user. This permission is more of **a guarantee**. Once +assigned, there is no way to remove the user or role. This is only possible by the user or the role +itself, as well as by users with the permission “Is database administrator”. + +![owner permission](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-6-en.webp) + +The owner permission prevents other users who have the “Authorize” permission from removing someone +with the owner permission from the record. + +**CAUTION:** The owner permission does not protect a record from being deleted. Any user who has +deletion permission can delete the record! diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md new file mode 100644 index 0000000000..2d019fd069 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md @@ -0,0 +1,123 @@ +--- +title: "Multiple editing of permissions" +description: "Multiple editing of permissions" +sidebar_position: 20 +--- + +# Multiple editing of permissions + +## How to edit multiple permissions? + +As part of the manual modification of permissions, it is also possible to edit multiple records at +the same time. Various mechanisms can be used to select the records to be edited. You are able to +select the records in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) or you can use +the filter as part of the multiple editing function. Both scenarios are described below. + +### User permissions for batch processing + +This mode is inactive by default and needs to be activated in the user rights. + +- Can carry out batch processing for permissions based on a filter + +## Multiple editing via list view + +Individual permissions can be added or remove via **Multiple editing within list view**. The +existing permissions will **not be overwritten**. + +## Selecting the records + +In list view, Shift or Ctrl + mouse click can be used to select multiple records. Permissions can +also be granted for these records via the selection. The marked records are displayed in a different +color. 6 records are marked in the following image. + +![password list](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-1-en.webp) + +## Dialogue for configuring the permissions + +A new tab will be opened in the ribbon above the "Permissions" button in which the permissions can +be configured. The tab will display the number of records that will be affected by the defined +changes. + +![rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-2-en.webp) + +NOTE: As the already granted permissions for the selected records may differ, it is not possible to +display the permissions here. + +## Adding permissions + +To add a permission, a user or role is selected first in the ribbon under **Search and add** or +**Search**. The permissions are then selected as usual in the ribbon. The +:material-plus-circle-outline: symbol indicates that permissions will be added. In the following +example, Mr. Steiner receives read permission to all selected records. In contrast, Mr. Brewery +receives all permissions. + +## Reducing permissions / removing users and roles from the permissions + +If you want to remove permissions, it is also necessary to add the user or the desired role to be +edited. Clicking on **Reduce permissions** now means that permissions will be removed. This is +indicated by the :material-minus-circle-outline: symbol. The selected permissions will be removed. + +NOTE: If the **read** permission is to be removed for a user or role, the user will be completely +removed from the permissions. + +## Examples + +In the following example, Mr. Steiner receives read permissions to all selected records. In +contrast, Mr. Brewery receives all permissions: + +![rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-3-en.webp) + +The read permission will be removed for Mr. Steiner. As removing the read permissions means that no +other permissions exist for the record, Mr. Steiner is completely removed from the permissions. The +authorize, move, export and print permissions are being removed from Mr. Brewery. Assuming that he +previously had all permissions, he will then have read, write and delete permissions remaining: + +![edit rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-4-en.webp) + +## Batch processing using a filter + +In some cases it is necessary to edit the permissions for a very large number of records. On the one +hand, a maximum limit of 1000 records exists and on the other hand, handling a very large number of +records via list view is not always the best solution. The **Batch processing using a filter** mode +has been developed for this purpose. This is directly initiated via the ribbon. + +![Batch processing using a filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-5-en.webp) + +In the subsequent dialogue, you define whether you want to expand, reduce or completely overwrite +existing permissions. If you select **expand or reduce** at this stage, the same logic as for +**editing via list view** is used. No permissions will thus be overwritten. + +In the option **overwrite permissions**, the existing permissions are removed and then replaced by +the newly defined permissions. + +**CAUTION:** It is important to proceed with great caution when overwriting permissions because this +function can quickly lead to a large number of records becoming unusable. + +![permissions adapted on a filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-6-en.webp) + +The filter itself defines the selection criteria for the records to be edited. The currently +configured filter will be used as default. The records that will be affected by the changes are also +not displayed in this view. Only the number of records is displayed. In the following example, 9 +passwords are being edited to add the read permission the role "Sales". + +![permissions change for selected records](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-7-en.webp) + +## Seals and password masking + +Sealed or masked records cannot be edited using batch processing. If these types of passwords are +selected, a dialogue will be displayed when carrying out batch processing to inquire how these +records should be handled. + +![security warning because of sealed or masked passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-8-en.webp) + +It is possible to select whether the affected records are skipped or whether the seal or password +masking should be removed. If the **remove** option is selected, the process needs to be confirmed +again by entering a PIN. + +![security warning](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-9-en.webp) + +**CAUTION:** The removal of seals and password masking cannot be reversed! + +NOTE: Depending on the number of records, editing records may take a long time. This process is +carried out in the background for this reason. A hint will indicate that the permissions process has +been completed. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md new file mode 100644 index 0000000000..8e12f145c5 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md @@ -0,0 +1,22 @@ +--- +title: "Right templates" +description: "Right templates" +sidebar_position: 10 +--- + +# Right templates + +## Using right templates + +Once they have been configured, permissions can be constantly reused. The functionality **Saving +permissions as a template** in the ribbon is used for this purpose. The templates are globally +available and can also be used for other records. + +NOTE: When saving templates, always select a name that will also allow it to be safely +differentiated from other templates if you have a large number of right templates. + +Nevertheless, the use of right templates merely reduces the amount of work and still envisages the +manual setting of permissions. Automatic process for the issuing of permissions also exist in +Netwrix Password Secure and will be covered in the section +[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) and also under +"[Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md)". diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md new file mode 100644 index 0000000000..ad2e840a53 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md @@ -0,0 +1,138 @@ +--- +title: "Permission concept and protective mechanisms" +description: "Permission concept and protective mechanisms" +sidebar_position: 40 +--- + +# Permission concept and protective mechanisms + +## What is the permission concept? + +With Netwrix Password Secure version 9 we provide the right solution to all conceivable demands +placed on it with regards to permission management. [Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) are a +great way to efficiently manage multiple users without losing the overview. We've created multiple +methods to manually or automatically manage your permissions. More information can be seen in the +chapter +[Multiple editing of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md) + +Alongside the definition of manual and automatic setting of permissions, the (optional) setting of +[Protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md) forms +part of the authorization concept. The protective mechanisms are thus downstream of the permissions. +The interrelationships between all of these elements are illustrated in the following diagram. + +![Authorisation concept](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_1-en.webp) + +NOTE: Applying some form of permissions is **obligatory**. Applying a protective mechanism is +**optional**. + +NOTE: The configuration of visibility is a technical part of the permissions process. However, this +mechanism has a “protective character” and is thus listed under protective mechanisms. + +## Basic mechanics of the permission concept + +These three pillars are irrevocable and always impact permissions of every type. + +### The three pillars of the permission concept + +The reproduction of company-specific permission structures can vary greatly in terms of effort. The +basic concept is based on only a few rules which always apply without exception. Despite the +innumerable individual adjustment screws, these basic rules can be summarized in three essential +steps. + +### 1. Permissions only for users or roles + +If the permission for a data record is to be defined, there are basically only two possibilities: + +1. Permission for a **user** +2. Permission for a **role** + +A role is technically nothing more than a summary of multiple users with the same permissions. It +is, of course, a good idea to manage these roles in accordance with your company’s activities. The +role “Administrators” can therefore be provided with more extensive authorizations than, for +example, the role “Sales Assistance”. This role-based inheritance allows the organization to +maintain the overview in a larger corporate structure as well as a simple procedure when adding new +employees. Instead of having to entitle him individually, this is simply added to his role. + +![Permission only for users or roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_2-en.webp) + +It is obvious to proceed with the organization of accesses using the concept of roles as a basis and +only to grant rights individually to employees in exceptional cases. The unplanned absence of +personnel must also be taken into account in such concepts. Working with roles defuses such risks +significantly. + +NOTE: + + +``` +Permissions are always granted to only one user or role! + +``` + +### 2. Membership in roles + +The key point is membership in a role. If an employee can use the authorizations according to the +roles assigned to him, **he must be a member of the role**. Only members see the records that have +been authorized for the role. + +![Membership in roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_3-en.webp) + +NOTE: + + +``` +A small technical digression into the nature of the encryption can be very helpful with the basic understanding. Each role has a key pair. The first key is used to encrypt data. Access to this information is only possible with the second key. The membership in a role is equivalent to this second key. + +``` + +### 3. Membership vs. permissions for roles + +The admin user in Netwrix Password Secure must pay particular attention to the interplay between +users and roles. This dynamics is crucial for understanding the concept of authorization, in order +to ensure maximum software adaptability to any corporate structure. The following diagram +illustrates this with an example of two users. + +![Membership vs permissions for roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/membership_permission.webp) + +- **User 1** is a member of the role, and is therefore authorized for all records that are assigned + to the role. However, it has only “read rights” for the role itself. This means, it can see the + role, but cannot “Edit, move, or delete” it. +- **User 2** has all rights for the role. It can add additional users to the role by means of + “authorize”. The crucial point, however, is that it is not a member of the role. It cannot, + therefore, see any records for which the role is authorized. + +In practice, the first user would be a classic user that is assigned, for example, to the Sales role +by the administrators, and can view the records accordingly. The second user could be one of those +administrators. This user has extensive rights for the role. It can edit it, and add users to it. +However, it cannot see any data that is assigned to sales. It lacks membership in the role. + +NOTE: + + +``` +As a member of a role, it must have at least the “read” right for the role! + +``` + +## Specific example and configuration + +Similar to the previous section Permission concept and protective mechanisms for roles, the +configuration of a role will be illustrated using two users. The configuration is performed in the +[Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md). By double-clicking on the role “IT-Consultants” in the +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), you can open their detailed view. + +![roles list view](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_5-en.webp) + +- The user “Holste” is a member of the role and can, therefore, access those records for which the + role has permissions. He has the obligatory read right for the role, which is the basic + requirement in order to be a member of the role. Which exact rights it has to the data record is + not defined within the role! This is set out in the following section. +- The user “Administrator” has all rights to the role, but is not a member! Thus, it cannot see any + records that are authorized for the role. However, it has all rights to the role and can therefore + print, assign other users to the role, and delete them. + +![explanation of the authorization through a role](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_6-en.webp) + +This example clearly shows the advantages of the concept. The complete separation of administrative +users from regular users brings significant advantages. Of course, one does not necessarily exclude +the other. An administrator can, of course, have full access to the role and also be a member in it! +The boundaries between the two often overlap, and can be freely defined in Netwrix Password Secure. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/_category_.json new file mode 100644 index 0000000000..280c13033d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Predefining rights", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "predefining_rights" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md new file mode 100644 index 0000000000..bbbd269e2b --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md @@ -0,0 +1,84 @@ +--- +title: "Predefining rights" +description: "Predefining rights" +sidebar_position: 30 +--- + +# Predefining rights + +## What are predefined rights? + +[Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md) +can be carried out separately for every record. Although this method enables you to very closely +control every intended permission structure, it is not really efficient. On the one hand, there is +too much configuration work involved, while on the other hand, there is a danger that people who +should also receive permissions to access data are forgotten. In addition, many users should not +even have the right to set permissions. “Predefining rights” is a suitable method to simplify the +permissions and reduce error rates by using automated processes. This page covers the configuration +of predefined rights, please also refer to the sections +[Working with predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md) +and their +[Scope of validity for predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md). + +## Organisational structures as a basis + +[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +can be very useful in many areas in Netwrix Password Secure. In this example, they provide the basic +framework for the automated granting of rights. In the broadest sense, these organisational +structures should always be entered in accordance with existing departments in a company. The +following example specifically focuses on an IT department. The following 3 hierarchies +([Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md)) have been defined within this IT department: + +- **IT employee** +- **IT manager** +- **Administrator** + +## Predefine rights + +In general, a senior employee is granted more extensive rights than those granted to a trainee. This +hierarchy and the associated permission structure can be predefined. In the +O[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +module, we now select those OUs (departments) for which rights should be predefined and select +\*predefine rights” in the ribbon. + +![button of predefined rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-1-en.webp) + +- **Creating the first template group:** A new window will appear after clicking on the icon for + adding a new template group (green arrow) in which a meaningful name for the template group should + be entered. + +![add template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-2-en.webp) + +Roles and users can now be added to this template via the ribbon or through the context menu (right +mouse click). This was already completed in the example. The role **IT employee** only has the "read +permission", the **IT manager** also has the "write permission" and the capability of managing +permissions. **Administrators** possess all available permissions. Configuration of the permission +structures is explained in +[Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md). + +![example permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-3-en.webp) + +## Adding other template groups + +It is also possible to configure several different right templates within one department. This may +be necessary e.g. if there are several areas of competency within one department which should each +receive different permissions. Alongside the **IT general** area, the template groups **Exchange** +and **Firewall** have also been defined below. + +![Standard template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-4-en.webp) + +A **default template group** can be defined directly next to the drop-down menu for selecting the +template group (green arrow). This is always pre-configured when you select “IT” as the OU to save +records. + +## Issuing tags for predefining rights + +In the same way that permissions are defined within right templates, it is also possible to +automatically set **tags**. Their configuration is carried out in the same way as issuing +[Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) for records. + +![tags for predefining rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-5-en.webp) + +This process ensures that a special tag is automatically issued when using a certain template group. +Example cases can be found in the +[Working with predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md new file mode 100644 index 0000000000..b9616e4527 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md @@ -0,0 +1,33 @@ +--- +title: "Relevant user rights" +description: "Relevant user rights" +sidebar_position: 20 +--- + +# Relevant user rights + +## User rights for predefined rights + +The user rights section provides all of the basic information required for handling user rights . +Nevertheless, the four user rights related to “predefining rights” are explained below. + +![global user rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/relevant_user_rights/relevant_user_rights_1-en.webp) + +- **Can switch default rights templates:** When selecting the rights template, a diverse range of + rights template groups can be selected. To be able to select a different template to the default + template, the right “Can switch default rights templates” is required. If this right has not been + granted, you are forced to use the default template. +- **Can manage rights templates:** If the user has the right to manage rights templates, they can + open the management function for the rights template via the button “predefine rights”. To receive + full rights to manage the rights templates for an organisational unit, the rights “read” and + “authorize” are required for the corresponding organisational unit. +- **Can view selection of rights templates:** This right controls whether the rights template + selection function is displayed or not when creating new records. If this right has not been + granted, the user is thus not able to see for which roles and users the user rights are being + defined. +- **Can remove members from rights templates:** Roles defined within the rights templates cannot be + removed without this right. If this right has not been granted, the roles defined in the templates + are always authorized for records in this organisational structure. If the user right is + activated: The user can remove the roles via the “x” icon: + +![Permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/relevant_user_rights/relevant_user_rights_2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md new file mode 100644 index 0000000000..a9788ab0e2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md @@ -0,0 +1,29 @@ +--- +title: "Scope of validity for predefined rights" +description: "Scope of validity for predefined rights" +sidebar_position: 30 +--- + +# Scope of validity for predefined rights + +In general, all of the predefined rights for an organisational structure are applied to all +underlying objects. These objects could be passwords, forms, form fields documents, users, +applications or also other nested organisational structures in the hierarchy. In the following +example, the rights template **IT general** has been defined for the organisational unit **IT**. + +![rights template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_1-en.webp) + +If this type of “preset” has been defined, the corresponding icon is displayed at the corresponding +level (= green arrow). As no other icons exist below this level, this means that the preset is valid +for all underlying objects. + +The following example shows how a preset can be defined for when the “password” form is used that +not only grants the existing permissions to the roles but also provides the sales manager with read +rights. + +![working with rights template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_2-en.webp) + +As can be seen, the preset “IT general” is valid for all objects. An exception here is the +“password” form because a unique preset has been defined for this form (blue arrow). As a result, +all records created using the “password” form receive permissions as defined in this preset (incl. +the sales manager). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md new file mode 100644 index 0000000000..42eb68168d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md @@ -0,0 +1,68 @@ +--- +title: "Working with predefined rights" +description: "Working with predefined rights" +sidebar_position: 10 +--- + +# Working with predefined rights + +## Using predefined rights when creating passwords + +After you have configured [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md), you can then use them to +create new records. Proceed here as follows: + +- Select the password module +- “New password” via the ribbon +- Select a form + +In the next window to appear, the organisational unit “IT” and the template group “Exchange” are +selected. + +![predefined rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights_1-en.webp) + +Here is the underlying rights template as a comparison: + +![example for predefined rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights_2-en.webp) + +The relationship between them is obvious. It can be immediately seen that by selecting the +organisational unit “IT” based on the rights configured in the rights template, permissions are +granted for the roles “IT management” and also “Administrators”. **The underlying tags “IT” and +“Exchange” are also set.** + +## Preview of the permissions to be set + +When using rights templates, the permissions to be granted can be very quickly classified via a +**color table**. The actual permissions can also be viewed as usual via the +[Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). The following color key is used with the +associated permissions: + +| **Color** | **Permission** | +| --------- | -------------- | +| Green | Read | +| Yellow | Write | +| Orange | Delete | +| Red | Authorize | + +Other rights also exist that are, however, not separately indicated by a color. The overview in the +ribbon can be used to see whether the “move”, “export” and “print” rights are set or not. The +permissions for the selected role/user are always displayed – in this case for the role “IT +management”. + +![predefined rights permiissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights_3-en.webp) + +## Conclusion + +The [Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md) enables +the configuration of rights for both existing and also new records. The option of +[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) represents a very efficient alternative. Instead of +having to separately grant permissions for every record, a “preset” is defined once for each +organisational structure. Once this has been done, it is sufficient in future to merely select the +organisational structure when creating a record. The permissions are then set automatically. This +process is particularly advantageous for those users who should not set their permissions +themselves. + +![predefined rights diagram](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights_4-en.webp) + +**CAUTION:** The configuration of permissions can be carried out manually or automatically as +described. If you want to change previously set permissions later, this has to be done manually. +Retrospectively defining rights is not possible. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/_category_.json new file mode 100644 index 0000000000..2b4a3080aa --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Protective mechanisms", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "protective_mechanisms" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md new file mode 100644 index 0000000000..18cc6d0dfa --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md @@ -0,0 +1,67 @@ +--- +title: "Password masking" +description: "Password masking" +sidebar_position: 30 +--- + +# Password masking + +## What is password masking? + +The safest passwords are those that you do not know. Password masking follows this approach. It +prevents the password from being shown, while allowing the use of the automatic sign-on. You can +apply it via the button of the same name in the ribbon. + +![button password masking](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_1-en.webp) + +## Relevant rights + +The following option is required to apply password masking. + +### User right + +- Can apply password masking + +### Required permissions + +In the same way as for the [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) configuration, the **authorize permission** +for the record is required to apply or remove the masking. Users who have the **authorize +permission** for a record can continue to use the record without limitations after applying password +masking. Password masking only applies to users without the "can apply password masking" right. + +NOTE: Password masking can only be applied to records with an existing password! + +## Applying password masking + +The icon in the ribbon allows users with the required permissions to apply password masking +following a confirmation prompt. By default, the privacy is for all those who have at least reading +permission, but not the permission **authorize**. + +### Password masking via form field permissions + +As an alternative, you can also apply password masking via the +[Form field permissions](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md). In the +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) of a record, there is a separate +button in the ribbon for that purpose. Ensure that the password field is highlighted. + +![form field permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_2-en.webp) + +The special feature when setting or editing masking via the form field permissions is that you can +individually select users to whom masking will be applied. In the following example, masking has +been specified only for the role of “trainees”, although the “IT” role does not have the **authorize +permission** either. In addition to the name of the role or the user, the icon symbolizes the fact +that visa protection applies to trainees. + +![example password masking](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_3-en.webp) + +NOTE: Use the icon in the ribbon to apply password masking to all users who have read permission on +the record, but not the **authorize permission**. If you wish to specify more precisely for which +users the password masking should be applied, this is also possible via the form field permissions. + +NOTE: It is important to note that the login mask for records with password masking will be "sent +automatically", even if the setting **Browser Extensions: Automatically send login masks** has been +deactivated. + +**CAUTION:** The password masking only applies to those users who are authorized at the time of +attachment to the record. If a record has the password masking and a user get´s authorized the +record is **not protected** for this user. The password masking should then be removed and reset. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md new file mode 100644 index 0000000000..908b0a48c9 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md @@ -0,0 +1,62 @@ +--- +title: "Protective mechanisms" +description: "Protective mechanisms" +sidebar_position: 40 +--- + +# Protective mechanisms + +## What are protective mechanisms? + +The primary goal of Netwrix Password Secure is to ensure data security at all times. The +authorization concept is naturally the most important component when it comes to granting users the +intended level of permissions for accessing data. Specifically, this makes it possible to make +certain information only available to selected employees. Nevertheless, it is still necessary to +have protective mechanisms above and beyond the authorization concept in order to handle complex +requirements. + +- [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) is not separately configured but is instead directly + controlled via the authorization concept (read permission). Nevertheless, it represents an + important component within the existing protective mechanisms and is why a separate section has + been dedicated to this subject. +- By configuring [Temporary permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md), it is + possible to grant users or roles temporary access to data. +- [Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md) enables access to the system without + having to reveal the passwords of users. The value of the password remains constantly hidden. +- To link the release of highly sensitive access data to a double-check principle, it is possible to + use [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a + release is possible down to a granular level and is always adaptable to individual requirements. + +The following diagram shows a summary of how the existing protective mechanisms are integrated into +the authorization concept. + +![protective mechanism diagram](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/protective_mechanisms-en.webp) + +In the interplay of the +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md), +almost all conceivable scenarios can be depicted. It is worth mentioning again that the +authorization concept is already a very effective tool, with limited visibility of passwords and +data records. This concept is present everywhere in Netwrix Password Secure, and will be explained +in more detail below. + +## Visibility as a basic requirement + +It should always be noted that **visibility** is always a basic requirement for applying further +protective mechanisms. A record that is completely hidden from a user (= no read permission) can +naturally not be given any further protective mechanisms. + +NOTE: The visibility of a record is always the basic requirement for applying further protective +mechanisms + +## Combining multiple protective mechanisms + +In principle, there are a diverse range of possibilities for combining the above-mentioned +protective mechanisms. Temporary access to a “masked” record is possible just as having a “masked” +record which is additionally secured by a double-check principle is also possible. **Nevertheless, +it should be noted that temporary permissions in combination with seals always pose a risk.** If +releasing a seal requires approval from a person who only possesses or possessed temporary +permissions or will only possess them in future, this could naturally conflict with the configured +release criteria. + +**CAUTION:** The combination of seals and temporary permissions is not recommended if the user with +permissions to issue a release has only been given temporary permissions. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/_category_.json b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/_category_.json new file mode 100644 index 0000000000..bb90850646 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Seals", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "seals" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md new file mode 100644 index 0000000000..c8a3dbcf17 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md @@ -0,0 +1,67 @@ +--- +title: "Release mechanism" +description: "Release mechanism" +sidebar_position: 20 +--- + +# Release mechanism + +## What is the release mechanism? + +A sealed password will not be released until the number of approvals required in the seal has been +granted. Releases can be granted by anyone who has been defined as having the required permissions +to issue the release in the seal. The mechanism describes the complete process from the first +release request to the final grant of the release and the breaking of the seal. + +## Users and roles in the release mechanism + +As noted in the previous sections, seals always restrict the right of a user to view a specific +password. Even if the configuration is usually done at the level of the role, each user is naturally +responsible for his own request when carrying out the release. Even if a seal is defined for a role, +technically separate seals are created for each individual member of the role. + +NOTE: Requests or releases are only valid for the respective user! + +**CAUTION:** If a user is a member of several roles of a seal, the "stronger" right is always +applied. Release rights have a priority over read rights + +## 1. Requesting a release + +In order to release a seal for sealed passwords, this must be requested from the user with the +required permissions to issue the release. Within the Netwrix Password Secure client, this can be +done via the buttons **Reveal** and **Seal** in the ribbon, as well as via the **Icon in the +password field** of the data record in the reading pane. + +![seal protection](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_1-en.webp) + +A modal window opens, which can be used to request the seal. The reason for the entry will be +displayed to the users with the required permissions to issue the release. + +![start seal process](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_2-en.webp) + +All user with the required permissions to issue the release will be notified that the user has +requested the seal. This can be viewed via the module +[Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md), as well as in the Seal +overview. + +## 2. Granting a release + +The [Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) can be opened via the seal symbol in the +ribbon directly from the mentioned notification. It is indicated by the corresponding icon that +there is a need for action. All relevant data for a release are illustrated within the seal +overview. The reason given in the release is also evident. + +![seal overview](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_3-en.webp) + +If the release is granted, the Inquirer Im **Module Notifications** will be informed. You can also +open the seal directly from the ribbon and see the now released state. + +![notification seal status](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_4-en.webp) + +## 3. Breaking the seal + +As soon as the requesting user has received the number of the required releases, he will be informed +via the notifications as usual. The seal can now be broken. From this point on, the user will be +able to see the password. + +![broken seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_5-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md new file mode 100644 index 0000000000..88f6a6cf3d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md @@ -0,0 +1,57 @@ +--- +title: "Seal overview" +description: "Seal overview" +sidebar_position: 10 +--- + +# Seal overview + +## What is the seal overview? + +Users with the required permissions to issue the releases receive access to the current state of the +existing seals at any time via the seal overview. The overview is accessible via the ribbon as well +as the icon in the password field of the reading pane. + +![button seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_overview/seal_overview_1-en.webp) + +## The four states of a seal + +The seal overview provides an overview of all users who have access to the sealed data set. This is +also the case when they receive the seal on the membership of a role. Functions for editing and +removing existing seals are also available. In addition, the current state of the seal is displayed +in the form of a release matrix. There are a total of **four states**, in which a seal can be: + +![states of seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_overview/seal_overview_2-en.webp) + +#### 1. Sealed + +If a data record for a user **is sealed**, the user is prevented from seeing the password by the +seal. This corresponds to the condition when a seal has been newly installed. By resetting a request +via the icon at the right edge of the screen, current requests from individual users are also +returned to the "sealed" state. + +#### 2. Release process + +If a user has requested a release, it is in the **release process**. This status is highlighted by +an icon next to the user name, since a possible release can be actively granted by the authorized +user. These so-called **important entries** can also be filtered in the headline of the seal +overview in via the column. The maximum duration of an release request can be configured in the +advanced seal settings. If the deadline has elapsed without sufficient releases being made, the +request is deleted and the state “sealed” is restored. + +#### 3. Released + +If a release is granted, a seal is approved as **released**. The maximum duration of a granted +release can be limited in the advanced seal settings. The user then has, for example, 24 hours to +accept the release and break the seal. + +#### 4. Broken + +The actual **seal breach** is obtained by acquiring knowledge of the release and by actively +breaking the seal after a security query. Viewing the password is irrelevant. Once broken seals can +be manually reset by the icon to the right of the broken seal column. The state “Sealed” is +restored. + +**CAUTION:** It makes no sense to re-seal already visible passwords. The user was able to view the +password. Therefore, it is not monitorable whether the password has been saved, for example, by +screenshot. In such cases, a new password is the only way to guarantee 100% password security! diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md new file mode 100644 index 0000000000..8e9f6f2cf9 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md @@ -0,0 +1,149 @@ +--- +title: "Seals" +description: "Seals" +sidebar_position: 40 +--- + +# Seals + +## What are seals? + +Passwords are selectively made available to the different user groups by means of the +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md). +Nevertheless, there are many scenarios in which the ability to view and use a record should be +linked to a release issued in advance. In this context, the seal is an effective protective +mechanism. This multi-eye principle protects passwords by securing them with granular release +mechanisms. If you want to see a password, this must be requested and released. The release can also +be temporary. + +## Relevant rights + +The following option is required to add a seal. + +## User right + +- Can add seal + +## Required permissions + +Firstly, the user must have the **authorize permission** for the record in order to create seals. +The read permission to all users and roles that are contained in the seal is also required. The +exact configuration of password masking and permissions for records is described in detail in the +Authorization concept section. + +## What exactly is sealed? + +Technically speaking, the password itself is not sealed. It is the permission to see a password +field that is protected by a seal. This allows for the most sensitive configurations, in which one +group can use the password without restrictions, but the same password is sealed for other users. +The wizard assists users in applying seals, as well as in future maintenance. + +**CAUTION:** The complete data set is never sealed! Only the permission to view a password is +protected by a seal. + +**CAUTION:** Be Aware" Only records that are protected with a password can be sealed! + +## Seal wizard + +All seal configurations are performed in the wizard. Both the application of new seals as well as +the processing and removing are possible. The current state of a seal can also be viewed in an +overview, which is accessible via the button in the ribbon. When the seal wizard is opened via the +ribbon, the wizard appears in the case of unsealed data sets, which runs in **four steps** through +the configuration of the seal. + +![seal button](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_1-en.webp) + +#### 1. Apply seal + +![multi-eye principe](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_2-en.webp) + +All objects that are sealed are displayed at the beginning. Depending on the data record, this can +be one object, or several. It is also possible to use existing +[Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md). Optionally, you can +enter a reason for each seal. + +#### 2. Multi-eye principle + +The seal logic is the most basic element of this protective mechanism. Here, you define for which +users or roles the record should be sealed or released in the future. All those for whom the record +is to be sealed are displayed in red, while all users with the required permissions to issue a +release are displayed in blue. + +![example permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_3-en.webp) + +NOTE: All users and roles for which the data set is not sealed and which are not authorized for +release are displayed in green. These can use the data record independently of the seal. + +To avoid having to perform any configuration manually, roles and users are copied directly from the +authorizations of the data record. Compare with the "permissions" for the record (can be viewed via +the ribbon). + +![example permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_4-en.webp) + +Supervisors should issue the releases for their employees. Therefore, the checkbox also follows the +existing authorizations. The following **scheme** is used: + +NOTE: All users and roles that have the **authorize permission** to the record are "authorized to +issue a release" for the seal by default. All users and roles that do not have the **authorize +permissions** to the record are copied directly into the "Sealed for" column. + +Here is a closer look at the permissions of the role **Administrators** on the record: + +![example multi-eye principe](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_5-en.webp) + +## Adjusting the seal logic + +Although standard authorizations are used as a basis for the sealing concept, these can be adapted. +The number of releases generally required is as configurable as the required number of releases from +a role. In the following example, the seal has been extended so that a total of three release +authorizations are required in order to release the seal **(Multi-eye principle)**. The role of the +administrators has been marked in the mandatory column. This means that it must grant at least one +release. In summary: A total of three releases must be made, whereby the group of administrators +must grant at least one release. + +![edit seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_6-en.webp) + +In order to be not only dependent on existing authorizations on the data set, other users can also +be added to the seal. The role accounting under "sealed for" has been added below. + +![define permission for the seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_7-en.webp) + +NOTE: When a role or a user is added to a seal, these users also receive permissions on the record +according to the authorization granted in the seal. A role that is added under "Sealed for" receives +the **Read permission** on the record. When you add authorization permissions, these will include +the **Read**, **Write**, **Delete**, and **Authorize** permission. + +**CAUTION:** All the roles that were once added to the seal can no longer be removed via the seal +logic. This is only possible directly via the authorizations of the data record! + +NOTE: It is possible to seal records for a user who is also authorized to issue a release. In this +constellation, it is important to ensure that at least one other user is authorized to issue a +release. In principle, you should never be able to issue a release for yourself. + +#### 3. Advanced settings + +Advanced seal settings allow you to adjust the multi-eye principle. Both the time validity of a +release request as well as a granted release can be configured. Multiple break defines whether after +the breaking of a seal by a user, other users may still break it. + +![advanced settings](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_8-en.webp) + +#### 4. Saving the seal + +Before closing the wizard, it is possible to save the configuration for later use in the form of a +template. [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) can be +optionally provided with a description for the purpose of overview. + +![save seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_9-en.webp) + +## Summary + +The permissions already present on the data set form the basis for any complex seal configurations. +It is freely definable which users have to go through a release mechanism before accessing the +password. The roles, which may be granted, are freely definable. An always accessible +[Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) allows all authorized persons to view the current +state of the seals. The section on the[Release mechanism](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) +describes in detail the individual steps, from the initial release request to the final release. + +- [Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) +- [Release mechanism](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md new file mode 100644 index 0000000000..b5dac7e936 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md @@ -0,0 +1,47 @@ +--- +title: "Temporary permissions" +description: "Temporary permissions" +sidebar_position: 20 +--- + +# Temporary permissions + +## What are temporary permissions? + +So far, we have covered permissions that were valid for an unlimited period. However, a permission +can also be granted in advance with a time restriction. Examples are users who stay in the company +for a limited time, such as interns or trainees. + +## Configuration + +When configuring the +[Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md), you can +specify a temporary release for each role. The start date as well as the end date is selected here. +You can start the configuration using the **Extras** area in the ribbon. + +![temporary permission](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/temporary_permissions/temporary_permissions-en.webp) + +In this example, the role "trainees" was granted the read permission to a data set for two weeks. + +## Color scheme + +The colors in the "time period" column provide information on the current status of the granted +permissions: + +- **Brown:** The temporary permission is configured but is still inactive. The selected time period + is still in the future. +- **Green:** The temporary permission is active. +- **Red:** The time period for the temporary permissions has already expired. + +NOTE: Temporary permissions can also be assigned to multiple roles and users at the same time. You +can select multiple users and roles as usual with Ctrl/Shift + left mouse button! + +## Special features of the authorization system + +Due to their very nature, temporary permissions leave lots of potential for incorrect +configurations. Conceivable constellations include a situation when the only user with all rights +only has temporary permissions. When these permissions expire, there is no longer any user with full +permissions. To prevent this happening, users with temporary permissions are handled differently. + +**CAUTION:** There must always be one user who has the “authorize” right to a record, who does not +only have temporary permissions. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md new file mode 100644 index 0000000000..c2263fb00e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md @@ -0,0 +1,40 @@ +--- +title: "Visibility" +description: "Visibility" +sidebar_position: 10 +--- + +# Visibility + +## Visibility of data + +The use of a [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) is generally the gateway to +displaying existing records. Nevertheless, this aspect of the visibility of the records is closely +interwoven with the existing permissions structure. Naturally, a user can always only see those +records for which they have at least a read Permission. This doctrine should always be taken into +consideration when handling records. [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) are not +subject to any permissions and can thus always be used as filter criteria. Nevertheless, the +delivered results will only contain those records for which the user themselves actually has +permissions. A good example here is the tag “personal record”. Every user can mark their own record +as personal – yet each user will naturally only be able to find their own personal records. + +## Creating independently working environments + +The possibility of separately defining the visibility of individual objects is one of the special +features within the Netwrix Password Secure authorization concept. Irrespective of whether handling +records, documents, organisational structures, roles or forms: it is always possible to define +whether a user or a role possesses a read permission to the object or not. The permissions for each +of these objects can be defined separately via the ribbon in the permissions dialogue. This approach +enables the creation of independently existing departments within a database. The permissions +structure for the SAP form can be seen below. It shows that only the sales manager and the +administrators are currently permitted to create new records of type SAP. + +![example permissions on a form](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility-en.webp) + +In general, each department can independently use forms, create passwords and manage hierarchies in +this way. Especially in very sensitive areas of a company, this type of compartmentalization is +often required and also desired. + +NOTE: An alternative also supported by Netwrix Password Secure is for each department to set up +their own MSSQL database. However, this physical separation requires considerably more +administration work than the above-mentioned separation of data based on permissions and visibility. diff --git a/docs/passwordsecure/9.3/configuration/autofilladdon/_category_.json b/docs/passwordsecure/9.3/configuration/autofilladdon/_category_.json new file mode 100644 index 0000000000..52e6e25746 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/autofilladdon/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Autofill Add-on", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "autofill_add-on" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md b/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md new file mode 100644 index 0000000000..2d54efaa6d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md @@ -0,0 +1,65 @@ +--- +title: "Autofill Add-on" +description: "Autofill Add-on" +sidebar_position: 60 +--- + +# Autofill Add-on + +## What is the Autofill Add-on? + +The Autofill Add-on is responsible for the automatic entry of login data in applications. This +enables logins without knowledge of the password, which can be a particularly valuable tool in +combination with +[Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). +The +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md) +is used to define which users should receive access. + +However, the password remains hidden because it is entered by Netwrix Password Secure. + +#### Requirements + +The Autofill Add-on is installed together with the Netwrix Password Secure client and can then be +used by users (assuming they have sufficient permissions). A separate installation is thus not +necessary. A desktop link is created for both the client and also for the Autofill Add-on. + +User rights + +The right **Can create web applications** is required for creating new web applications\* + +NOTE: The agent can control multiple databases at the same time + +#### Functionality + +The functionality of the Autofill Add-on is illustrated in the following diagram. + +![Automatic entries diagram](/images/passwordsecure/9.2/configuration/autofill_add-on/installation_with_parameters_125-en.webp) + +RDP and SSH +sessions(![1](/images/passwordsecure/9.2/configuration/autofill_add-on/1.webp) +) are not automatically started via the Autofill Add-on. Applications are created for this purpose +in the Netwrix Password Secure client. The creation and use of these connections is explained in +detail in the corresponding section. + +Automatically starting all other types of connection is the task of the **Autofill Add-on**. The +following types of connections exist: + +- Entering login data in Windows applications: Alongside the above-mentioned RDP and SSH sessions, + other Windows applications can also be automated + (![2](/images/passwordsecure/9.2/configuration/autofill_add-on/2.webp)). + A major difference is that the two above-mentioned connections are set up and “embedded” in a + separate tab. Other applications, such as e.g. VMware, are directly started as usual. In these + cases, the Autofill Add-on takes over the communication between the application server and the + Windows applications. + +NOTE: For entering data on websites, the record must contain at least the following fields: User +name, password, URL. + +#### Conclusion + +As the Autofill Add-on is directly connected to the application server, login data can also be +entered without the main client. Exceptions are the RDP and SSH connections. These are forced to +remain part of the client. The Autofill Add-on thus acts as a lean alternative for the use of the +client with the two limitations mentioned. Naturally, all of the steps completed are still entered +in the logbook and are always traceable. diff --git a/docs/passwordsecure/9.3/configuration/autofilladdon/configuration_autofill_add-on.md b/docs/passwordsecure/9.3/configuration/autofilladdon/configuration_autofill_add-on.md new file mode 100644 index 0000000000..f41c588795 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/autofilladdon/configuration_autofill_add-on.md @@ -0,0 +1,43 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 10 +--- + +# Configuration + +## Starting the Autofill Add-on + +The Autofill Add-on can be directly started via the desktop link that is automatically created when +it is installed. The login data correspond to the normal user data for the client. + +![Login SSO](/images/passwordsecure/9.2/configuration/autofill_add-on/configuration/installation_with_parameters_129-en.webp) + +To log in, the desired database and the associated login data are firstly selected. The Autofill +makes all of the databases configured on the client available. It is also possible to create +profiles as usual so that the connection data for certain databases can be used efficiently in the +future. + +NOTE: The agent accesses the same configuration file as the client. All changes to profiles will +thus also affect the client. New profiles can thus also be created via the Autofill. + +#### Context menu functionality + +After successfully logging in, the Autofill Add-on firstly runs in the background. Right click on +the icon in the system tray to open the context menu. + +![icon options](/images/passwordsecure/9.2/configuration/autofill_add-on/configuration/installation_with_parameters_130-en.webp) + +- **Disconnect**: Connect to database/disconnect from database. (All connections are shown for + multiple databases) +- **Login** enables you to log into another database +- **Disable/Enable agent** allows you the option of temporarily disabling automatic login +- A diverse range of variables can be defined via the **Settings** +- **Reload all Data** + +Settings + +![settings sso agent](/images/passwordsecure/9.2/configuration/autofill_add-on/configuration/installation_with_parameters_131-en.webp) + +- The desktop notifications display various information, such as when data is entered +- Start with Windows includes the Autofill Add-on in the autostart menu diff --git a/docs/passwordsecure/9.3/configuration/basicview/_category_.json b/docs/passwordsecure/9.3/configuration/basicview/_category_.json new file mode 100644 index 0000000000..15a94b2924 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "The Basic view", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "basic_view" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/basicview/basic_view.md b/docs/passwordsecure/9.3/configuration/basicview/basic_view.md new file mode 100644 index 0000000000..c116cadd9f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/basic_view.md @@ -0,0 +1,31 @@ +--- +title: "The Basic view" +description: "The Basic view" +sidebar_position: 30 +--- + +# The Basic view + +![light-client-en](/images/passwordsecure/9.2/configuration/basic_view/light-client-en.webp) + +## What is the Basic view about? + +The Basic view is a lean tool for every end user. It guarantees quick and easy access to the daily +needed passwords. Although the Basic view has a limited range of functions, it can be operated +intuitively and without previous knowledge or training by any user. The Basic view is designed for +up to 50 passwords. The Basic view introduces to professional password management. It is also the +ideal tool for the daily handling of passwords. + +![image1](/images/passwordsecure/9.2/configuration/basic_view/image1.webp) + +## Requirements & required rights + +You don’t need any special permission to use the Basic view. However, the handling of the Basic +views can be set via rights and settings. Read more in chapter +[To do for Administration](/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md). + +#### Installation + +The Basic view is installed directly with the Web Application, so you don’t need any special +installation. For further information, visit the +chapter[Installation Client](/docs/passwordsecure/9.2/installation/installationclient/installation_client.md) diff --git a/docs/passwordsecure/9.3/configuration/basicview/checklist_of_the_basic_view.md b/docs/passwordsecure/9.3/configuration/basicview/checklist_of_the_basic_view.md new file mode 100644 index 0000000000..0f58657d3a --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/checklist_of_the_basic_view.md @@ -0,0 +1,40 @@ +--- +title: "Checklist of the Basic view" +description: "Checklist of the Basic view" +sidebar_position: 20 +--- + +# Checklist of the Basic view + +## Checklist for setting the Basic view + +This checklist helps the administrator in setting the Basic view. To work smoothly with the Basic +view, the following points must be observed: + +1. Select form + +The stored form must cover all required field types. At least required: **Text, username, password, +URL** + +2. Set display of the Basic view or Advanced view + +The setting **Display passwords in Basic view & display passwords in Advanced view** allows you to +configure the display of both clients. The passwords can be displayed with an icon, logo or in text +form. + +3. Are users in the right organisational unit? + +Check if the user is in the correct organisational unit. The **add** right to the organisational +unit is also required so that users can create passwords in the Basic view. + +4. Define user as Basic view user + +You can either define the user directly as Basic view user. This works by changing the user type +accordingly. Alternatively, you can activate the setting **Start Basic view at next login.** This +will prompt the user to log in to the Basic view. + +![image2](/images/passwordsecure/9.2/configuration/basic_view/checklist/image2.webp) + +5. Add default applications (optional) + +It is advised to create the applications, which shall be stored as passwords, beforehand. diff --git a/docs/passwordsecure/9.3/configuration/basicview/password_management.md b/docs/passwordsecure/9.3/configuration/basicview/password_management.md new file mode 100644 index 0000000000..fc468a0f2c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/password_management.md @@ -0,0 +1,68 @@ +--- +title: "Password management" +description: "Password management" +sidebar_position: 60 +--- + +# Password management + +## Creating passwords + +This chapter deals with the main functionality of Basic view, namely the secure storage and +management of passwords. It should be noted that a password can be stored in different ways. + +NOTE: The required settings and rights are given by the in-house administration. Further information +can be found here: To do for the administration + +#### Create with application + +**Prerequisite:** An existing application is available. It does not matter whether this is an SSO, +web, RDP, or SSH application. + +![create password](/images/passwordsecure/9.2/configuration/basic_view/password_management/create-password-en.webp) + +NOTE: Managing and creating the corresponding applications is the responsibility of the in-house +administration. How to create an application can be read here and in the following chapters. + +Clicking on the existing application opens a window that asks for the user name and password. + +![create-password-light](/images/passwordsecure/9.2/configuration/basic_view/password_management/create-password-light.webp) + +Once these fields are filled in, the record is created. + +![created record](/images/passwordsecure/9.2/configuration/basic_view/password_management/apple-icon-en.webp) + +Now the record can be opened by clicking on the corresponding tile. + +#### Create without application + +Alternatively, it is also possible to create a data set without an application. + +By clicking on the + symbol or right click ->New or CTRL+N a new window opens. In this window, the +information relevant for the stored form is entered in the Password tab. It is also possible to +assign the data record to each organizational unit to which the creating user is authorized. It does +not matter in which tab the user is located. If a rights template is defined for the selected +organizational unit, then this template will take effect at this point. It is also possible to +define one or more corresponding tags for the data set. + +![create new password](/images/passwordsecure/9.2/configuration/basic_view/password_management/create-new-password-en.webp) + +![create-light-client](/images/passwordsecure/9.2/configuration/basic_view/password_management/create-light-client.webp) + +In the next step, an application can be added to the newly created data record, if one already +exists. To do this, go to the Linked Applications tab. + +![linked applications](/images/passwordsecure/9.2/configuration/basic_view/password_management/linked-applications-en.webp) + +Then the whole process is completed by clicking the "Finish" button. + +![netwrix logo](/images/passwordsecure/9.2/configuration/basic_view/password_management/netwrix-logo-en.webp) + +## Changing and deleting passwords + +In order to change or delete passwords you should stay on the corresponding tile with the mouse +cursor. The control button will appear. + +When you click the button, you will be offered the "Edit" and "Delete" options, among others. + +![options record light client](/images/passwordsecure/9.2/configuration/basic_view/password_management/options-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/basicview/start_and_login_basic_view.md b/docs/passwordsecure/9.3/configuration/basicview/start_and_login_basic_view.md new file mode 100644 index 0000000000..6a94328cd6 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/start_and_login_basic_view.md @@ -0,0 +1,52 @@ +--- +title: "Start and Login" +description: "Start and Login" +sidebar_position: 30 +--- + +# Start and Login + +## Starting the Web application + +To start the Basic view, the Web application must be started first. + +As soon as the login mask appears, the login data of the corresponding user are entered there. It is +essential to ensure that the variant set up by the administrator is used. There are several options +for this: + +local user: + +e.g. administrator (user name administrator) + +![image3](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/image3.webp) + +AD User: + +There are 2 possibilities here: + +1. username like the local user (e.g. administrator) + +2. domain and username (e.g. nps\administrator) + +![image4](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/image4.webp) + +**CAUTION:** Please ask your administrator if you are not sure which login details apply to you! + +#### Change to the web view of the Basic view + +As soon as the login was successful, you are now either: + +- directly in the web view of the Basic view, because the user is a Basic view user. + +or + +- in the Web Application. To switch from the Web Application to the Basic view web view, you have to + click on your profile name. There you will be offered the option **"Switch to the Basic view"**. + +![switch to lightclient](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/switch-to-lc-wc-en.webp) + +The Basic view web view is in no way inferior to the Basic view. The same functions are given except +for the download of the favicons (icon, symbol or logo used by web browsers to mark a website in a +recognizable way). + +![LightClient in WebClient](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/wc-lc-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/basicview/tab_system.md b/docs/passwordsecure/9.3/configuration/basicview/tab_system.md new file mode 100644 index 0000000000..142059e7fd --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/tab_system.md @@ -0,0 +1,42 @@ +--- +title: "Tab system" +description: "Tab system" +sidebar_position: 50 +--- + +# Tab system + +## What is the tab system? + +The tab system helps to structure the passwords in order to manage and find them more easily. For +this purpose, several tabs can be created and switched between them with a click. + +![tabs LightClient](/images/passwordsecure/9.2/configuration/basic_view/tab_system/tabs-lc-en.webp) + +## Personal and public tabs + +Basic view distinguishes between personal and public tabs. The personal tab contains the passwords +that are exclusively in the organizational unit of the logged-in user. In Advanced view, these are +the passwords assigned to the personal organizational unit + +![tabs](/images/passwordsecure/9.2/configuration/basic_view/tab_system/tab-lc-1-en.webp) + +Furthermore, public tabs are also available. These correspond to the public + +organizational units on the Advanced view. It is also possible to store all public organizational +units as public tabs. No upper limit is set here. + +![public tab](/images/passwordsecure/9.2/configuration/basic_view/tab_system/public-tab-en.webp) + +## Showing and hiding tabs + +The public tabs can be shown and hidden as needed. The X closes the current tab. + +![close tab](/images/passwordsecure/9.2/configuration/basic_view/tab_system/close-tab-en.webp) + +A public tab can be displayed again with a simple click on the +. + +![select organisational unit](/images/passwordsecure/9.2/configuration/basic_view/tab_system/select-ou-en.webp) + +In the subsequent dialog, only the desired organizational unit must be selected and confirmed with +OK. All organizational units to which the user is authorized are available here. diff --git a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/_category_.json b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/_category_.json new file mode 100644 index 0000000000..2477c2f261 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "To do for Administration", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "to_do_for_administration" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md new file mode 100644 index 0000000000..ddbeb82e9d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md @@ -0,0 +1,51 @@ +--- +title: "Errorcodes of the Basic view" +description: "Errorcodes of the Basic view" +sidebar_position: 10 +--- + +# Errorcodes of the Basic view + +## Error codes for administration + +If problems with the Basic view should appear, they are classified by error codes. These codes help +the administration to stop problems even more quickly and solve them. There are 7 different types of +error codes: + +SavePasswordUnknown + +An unexpected error has occurred. Further information can be found in the event display of the +application server. + +SavePasswordPlausibilityField + +The plausibility has not been fulfilled when saving a password. The mandatory fields of the +deposited form should be checked. + +![installation_with_parameters_156_795x595](/images/passwordsecure/9.2/configuration/basic_view/administration/errorcodes/installation_with_parameters_156_795x595.webp) + +NoDefaultForm + +No standard form was selected. The form can be stored in the settings under **Standard form (for the +Basic view).** + +![installation_with_parameters_157](/images/passwordsecure/9.2/configuration/basic_view/administration/errorcodes/installation_with_parameters_157.webp) + +DefaultFormNotFound + +The rights of the form must be checked. The user must have at least the permission to read the form. + +DefaultFormMissingFields + +The form has been set correctly. However, the field types in the form must be checked. At least +required: Text, user name, password, URL. + +DefaultFormImpossiblePlausibility + +When creating a password for an application, there is a field which is not displayed. Therefore, the +plausibility in fields should be checked. + +NoValidOrganisation + +Is only relevant for the web view of the Basic view. It is activated if you want to create a +password using the add-on and the user does not have an OU in which to create it. diff --git a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md new file mode 100644 index 0000000000..37e8a2929a --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md @@ -0,0 +1,73 @@ +--- +title: "To do for Administration" +description: "To do for Administration" +sidebar_position: 10 +--- + +# To do for Administration + +## Conditions for using the Basic view + +The Basic view allows end users to easily manage their passwords in Netwrix Password Secure without +any training or prior knowledge. In order to ensure proper operation, the administration has to make +a few preparations first. This will be further discussed in the following. + +NOTE: To make the Basic view transition as easy and smooth as possible for the user, the +administration can orient towards this checklist. + +#### Relevant rights and settings + +This section lists the rights and settings the user needs to work with the Basic view. The +administration can adjust these rights and settings at its own discretion. + +#### Rights + +| User right | Chapter | +| ---------------------------------------------------------- | ------- | +| Can add individual passwords in the basic view | | +| Can close tab of own organisational unit in the basic view | | + +#### Settings + +| Settings | Chapter | +| ----------------------------------------------------------- | ------- | +| Include subordinated organisational units in the basic view | | +| Start web application in basic view on next login | | +| Display kind of passwords in the basic view | | +| Switch logo view on mouse over in the basic view | | + +## Password Management in the Basic view + +There are several ways to provide/create passwords in the Basic view. + +#### Predefined passwords + +Predefined passwords have already been created on the FullClient. Basic view users must at least +obtain the right to read a record in order to use the password. + +![installation_with_parameters_154](/images/passwordsecure/9.2/configuration/basic_view/administration/installation_with_parameters_154.webp) + +#### Creating passwords via applications + +In order to use applications on the Basic view, the administration must first create them on the +FullClient. By clicking on the application, the end user can easily generate secure passwords. To be +able to use the application, the user needs at least the authorization to **read**. + +Further information on this topic can be found in the chapter +[Applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md). + +![installation_with_parameters_155](/images/passwordsecure/9.2/configuration/basic_view/administration/installation_with_parameters_155.webp) + +#### Creating passwords via applications without applications + +Please consider the following rights and settings so that Basic view users can create new passwords. + +User rights: + +- Can create individual passwords in the Basic view + +Setting: + +**Default form** Otherwise, no form can be assigned to the new password. + +- Add right to the organisational unit of the user diff --git a/docs/passwordsecure/9.3/configuration/basicview/view.md b/docs/passwordsecure/9.3/configuration/basicview/view.md new file mode 100644 index 0000000000..767a5adf8d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/basicview/view.md @@ -0,0 +1,64 @@ +--- +title: "View" +description: "View" +sidebar_position: 40 +--- + +# View + +## The view of the Basic view + +The Basic view interface is arranged in tiles. If a logo/icon has been stored for a password in the +image management, this can optionally be displayed with the associated data record. If the logo of +the password is not available, a reduced Outlook view is displayed. + +1. view of a Basic view button with stored logo + +![apple-logo](/images/passwordsecure/9.2/configuration/basic_view/view/apple-logo.webp) + +2. view of a Basic view button without logo, but with deposited web address + +![mindfactory-logo](/images/passwordsecure/9.2/configuration/basic_view/view/mindfactory-logo.webp) + +3. view of a Basic view button without stored web address/logo + +![sql-server-log](/images/passwordsecure/9.2/configuration/basic_view/view/sql-server-log.webp) + +Click on the tile to open the application. + +![SSO LightClient](/images/passwordsecure/9.2/configuration/basic_view/view/sso-lc-en.webp) + +The tiles can be dragged and dropped to the desired position + +![move tiles](/images/passwordsecure/9.2/configuration/basic_view/view/move-tiles-en.webp) + +## Mouseover + +As with add-ons, the control button is displayed as soon as you hover the mouse over the +corresponding elements. This process is known as "mouseover". + +![View LightClient](/images/passwordsecure/9.2/configuration/basic_view/view/view-lc-en.webp) + +When you click the button, the following options become visible: + +- -New (A new record can be created.) +- -Edit (The selected record can be edited.) +- Move (The selected record can be moved to another organisational unit) +- Move to bin (the selected record can be deleted.) +- -Copy username (the username of the selected record will be copied to the clipboard). +- -Copy password (the password of the selected record will be copied to the clipboard). +- Typing assistance (Use this view to easily type out passwords) +- -Refresh (The record will be updated.) + +You can only perform the above operations if you are sufficiently authorized. Please point this out +to your in-house administrator if this is not the case for you. + +**CAUTION:** You can only execute the mentioned operations if you are sufficiently authorized. +Please point this out to your in-house administrator if this is not the case for you. + +## Image management + +Usually, the setup of logos/icons in the i**mage management** is done by the in-house +administration. You can learn more about this in the FullClient +[Image management](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md) +documentation. diff --git a/docs/passwordsecure/9.3/configuration/browseraddons/_category_.json b/docs/passwordsecure/9.3/configuration/browseraddons/_category_.json new file mode 100644 index 0000000000..8b9ec7085c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/browseraddons/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Browser Add-ons", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "browser_add-ons" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md b/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md new file mode 100644 index 0000000000..3a25c23cf1 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md @@ -0,0 +1,89 @@ +--- +title: "Applications" +description: "Applications" +sidebar_position: 10 +--- + +# Applications + +## What are applications? + +Data can be entered on many websites without further configuration. The website is scanned in order +to find data entry fields in which the user name and password can then be entered. No further steps +are thus necessary. For websites where data cannot be entered directly, it is necessary to create an +application manually. These applications correspond to working guidelines that precisely define +which information should be entered into which target field. The full script that describes the +assignment is called an “**application**”. + +![registration with and without application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_142-en.webp) + +The diagram starts with the user navigating to a website. The application server is then checked to +see whether a record has been saved for this website for which the currently registered user also +has the required permissions. If this is the case, the information required for the login is sent to +the Browser Extension in encrypted form. The password is only decrypted in the add- on shortly +before it is entered. There are two ways in which the information is entered: **Data entry without +application** and **Data entry with application**. + +Data entry without application + +The data entry without application process is sufficient for most websites because the fields can be +directly assigned (mapping). The system checks in the background whether a login mask has been found +for any websites visited. The URL is now used to check if there are any records in the linked +websites that would fit the page. It is only necessary for the hostname including the domain suffix, +such as .de or .com, to match. The data are then entered. In this case, the user name is transmitted +to the first user name field that can be found on the page. The password is also entered into the +first password field found on the page. If automatic login has been activated in the settings, this +is also carried out by clicking the login button. + +#### Data entry with application + +It is not possible to automatically recognise the fields that must be filled on some websites. An +application needs to be created in these cases. If more than two fields need to be transferred, it +is also necessary to create an application. In this context, “application” means instructions that +are used to enter information into the fields. It thus assigns fields in the record to the +associated fields on the website. This mapping process only needs to be configured once. The +applications is responsible for entering data in the fields on the website from then on. In the +following example, the data entry process is carried out from the client. Naturally, this is also +possible via [Browser Add-ons](/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. + +![installation_with_parameters_143](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_143.webp) + +The URL is checked to see whether the record matches the web page. It is only necessary for the +hostname including the domain suffix (“.de” or “.com”) to match. + +## Creating applications + +**CAUTION:** The user right Can add new web applications is required in order to create applications + +If the login mask on a website cannot be automatically completed, it is necessary to manually create +an application. To create an application, the desired website is first called up. The add-on is then +started via the relevant icon. The menu item “Create application\* can be found here + +![create application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_144-en.webp) + +A modal window now opens. The actual application is now created here. + +![modal application window](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_145-en.webp) + +The following options are available: + +- **Advanced options** allows you to define a delay separately for each field when entering the + data. This is sensible when the process of entering the data would otherwise not run smoothly on + sluggish websites. +- The **Move** setting can be used to change the position of the modal window if it covers the login + window + +To capture, click on the first field to be filled on the website. It will be directly added to the +list in the modal window. For better identification, fields that belong together are marked in +colour. + +![choosed application field](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_146-en.webp) + +The field type (e.g. INPUT) and the field label are displayed in the field itself. In addition, an +action is proposed which fits the field type, such as e.g. entering the user name. The action can +naturally be adjusted if required. Once all fields have been captured, the system checks whether the +actions are correct. Finally, the application can be saved. + +![example for a application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_147-en.webp) + +The saved application is now available for the user and can be used via the add-on. diff --git a/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md b/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md new file mode 100644 index 0000000000..933e5b0da3 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md @@ -0,0 +1,128 @@ +--- +title: "Browser Add-ons" +description: "Browser Add-ons" +sidebar_position: 50 +--- + +# Browser Add-ons + +Passwords can also be used in the browser using the browser add-on. You can search for passwords in +the add-on, transfer them to the clipboard or enter them in the input mask of the website +automatically. The automatic login may require applications. + +In order to provide the data, the add-on needs a connection to the database. This can be set up +directly in server mode. + +Currently, add-ons are available for the following browsers: + +- Microsoft Edge +- Google Chrome +- Mozilla Firefox +- Safari + +![Add-on Browser](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-connections-en.webp) + +## Installation + +Please find more information about the installation on: Installation Browser Add-ons + +## Connection via server mode + +If the installation of the browser extension has been carried out, the user can now open the desired +browser. A window appears in which the security of the connection is confirmed. Pairing is performed +with a simple click. A new icon will also be displayed in the desired browser from this point +onwards: + +![Icon Add-on](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-icon-en.webp) + +If the icon is displayed as shown, it means that although the add-on has been installed. + +## Database profiles + +The server mode must know which database profile it is connected to. There are two ways of setting +up a database profile: + +First, the database profile can be created manually. Therefore, he following information is +required: IP address, Web Application URL and database name. Please note that /api is appended to +the end of the IP address. + +![database profil](/images/passwordsecure/9.2/configuration/browseradd-ons/manual-database-profile-en.webp) + +It is also possible that the database profile is filled out automatically. For this, you need to log +on to a database via Web Application. By clicking on the add-on in the Web Application, its profile +can be taken over. Now all necessary information such as profile name, IP address, Web Application +and database name are transferred. + +![Adopt WebClient profile](/images/passwordsecure/9.2/configuration/browseradd-ons/adopt-database-profile-en.webp) + +## The server mode benefits + +The server mode offers the following advantages: + +- No terminal service is required in terminal server operation + +**CAUTION:** Please note that SSO applications only work via Autofill Add-on. If you are in server +mode and the Autofill Add-on has not been started, SSO applications do not work! + +After successful connection, the number of data records available for the current Internet page is +displayed on the icon. + +![record found](/images/passwordsecure/9.2/configuration/browseradd-ons/record-found-en.webp) + +## Settings + +All settings that relate to the add-on are made centrally on the client. The user settings system +can be used to enter them globally per organisational unit or per user. The following options have a +direct impact on the add-ons and can be found in the SSO category: + +- Browser add-ons: Automatically send login masks ensures that the login is automatically completed + after the access data has been entered. It is thus not necessary to click the relevant button + manually +- About browser add-ons: Automatically fill login masks ensures that access data is entered without + the need for any confirmation when a website is recognised. + +The default browser option also has an impact on the add-ons. This setting defines the browser in +which the websites are opened from the client. + +NOTE: It is important to note that the login mask for records with password masking will be ”sent +automatically\*, even if the setting Browser add-ons: Automatically send login masks has been +deactivated. + +## Working with add-ons + +NOTE: A record can only be used for entering data if it has a form field of type "URL". + +The subscript number mentioned in the previous section is only available with active logins and +therefore already says a lot about the “Number of possible entries”. For example, if the number “2” +is shown, you can directly select the account you want to log in with. + +![Addon list](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-records-list.webp) + +Previously, the prerequisite was that you had to navigate manually to the precise website via the +browser that you actually wanted to use. This navigation can now also be handled by Netwrix Password +Secure – as described in the following section. + +## Search and navigation + +It is currently assumed that the user has to navigate manually to the website on which they want to +automatically enter login data. This way of working is possible but is not convenient enough. The +add-on can be used in a similar way to bookmarks. The search field can be used to search for the +record in the database. The prerequisite is again that the record contains a URL. + +![Record usage](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-records-usage-en.webp) + +The screenshot shows that the URL and the name of the record (Wikipedia) are searched. The results +for the search are displayed and can be selected using the arrow buttons or the mouse. The selected +website will be opened in a separate tab. + +## Several passwords for one website + +If a user opens a page and multiple passwords with the autofill function are possible for this +website, no entries will be made unlike in older versions. Instead, the following message appears in +a pop-up: + +![Multiple entries](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-multiple-passwords-en.webp) + +However, if the autofill function is only activated for one password but multiple passwords are +possible, the password with the autofill function is entered. If the user clicks on a record in the +pop-up, this record is entered as normal (as was the case previously). diff --git a/docs/passwordsecure/9.3/configuration/browseraddons/how_to_save_passwords.md b/docs/passwordsecure/9.3/configuration/browseraddons/how_to_save_passwords.md new file mode 100644 index 0000000000..076a3fcd74 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/browseraddons/how_to_save_passwords.md @@ -0,0 +1,46 @@ +--- +title: "How to save passwords" +description: "How to save passwords" +sidebar_position: 20 +--- + +# How to save passwords + +This chapter describes how to store passwords via add-on. + +**CAUTION:** You can only save passwords in server mode! + +## New access data + +With the setup and login via server mode, the access data can now be added automatically. When +visiting a website whose credentials have not yet been stored in Netwrix Password Secure, you get +automatically asked whether they should be created. + +![new password detected](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/addon-create-password-en.webp) + +By confirming, you will be directly forwarded to the Web Application and registered there. If there +are less fields in the deposited or selected form than in the login mask, the missing fields are +automatically created as web form fields by default. + +![WebClient prefilled](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/webclient-prefilled-form-en.webp) + +Known access data + +If you log in to a login screen with changed access data, you can update this automatically. To do +this, log on to the login screen of the changed page as usual. Thereupon a message appears that new +access data has been recognized. Now you can optionally decide to create a new dataset or update an +already known dataset. + +![data was recognized](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/installation_with_parameters_151-en.webp) + +- **Save password**: The password will be exchanged without opening the Web Application. +- **check changes**: The Web Application is opened and you are logged in. The previous password has + been replaced by the new one. However, the storage must be carried out manually. + +![data was recognized](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/installation_with_parameters_152-en.webp) + +The following prerequisites apply so that a data record is considered to already exist: + +- The URL must be identical. +- The user name must be identical. +- The entry must be made by the add-on and the change must only affect the password. diff --git a/docs/passwordsecure/9.3/configuration/configuration.md b/docs/passwordsecure/9.3/configuration/configuration.md new file mode 100644 index 0000000000..8125627f38 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/configuration.md @@ -0,0 +1,10 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 40 +--- + +# Configuration + +The following pages will provide you with in-depth information how to configure the different +Netwrix Password Secure components and features. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/_category_.json b/docs/passwordsecure/9.3/configuration/mobiledevices/_category_.json new file mode 100644 index 0000000000..69696042ea --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Mobile devices", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "mobile_devices" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/_category_.json b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/_category_.json new file mode 100644 index 0000000000..f4d1f53a0e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Autofill", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_android.md b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_android.md new file mode 100644 index 0000000000..1bc304c41e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_android.md @@ -0,0 +1,47 @@ +--- +title: "Autofill in Android" +description: "Autofill in Android" +sidebar_position: 20 +--- + +# Autofill in Android + +With autofill, the credentials are transferred from the Netwrix Password Secure app directly to the +login screens. This works for websites in the browser as well as for other apps. + +#### Requirements + +For automatic registration, the service must be enabled in the User Help¹ and Show via other apps¹ +Netwrix Password Secure App must be enabled. + +#### Autofill + +The login data is entered as soon as the app finds a corresponding mask on a web page or in an app. +In some masks the process starts automatically, in others it is necessary to type in the first +field. + +There are two possible scenarios. + +- The **Netwrix Password Secure app** displays all matching passwords. The user selects the desired + password and the app enters it. +- Selection of a password in the Netwrix Password Secure App. This dialog opens automatically if no + password is found. + +No password found + +If no password is found that matches the app or the website called up, the desired password must +first be selected. + +Exactly one password found + +If there is a data set that contains exactly the URL that is called up, the corresponding password +can be suggested. A simple click on the password is then sufficient to pass the data to the website +or app. + +Multiple passwords found + +If several matching passwords are found in the database, the desired one must be selected. + +NOTE: Depending on the current state, it may be necessary to authenticate on the app before +selecting or confirming the password to be entered. The database then has to be unlocked via the +password or Touch ID first. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_ios.md b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_ios.md new file mode 100644 index 0000000000..bf098c6a41 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_ios.md @@ -0,0 +1,56 @@ +--- +title: "Autofill in iOS" +description: "Autofill in iOS" +sidebar_position: 10 +--- + +# Autofill in iOS + +The most important comfort feature of the Netwrix Password Secure app is probably the autofill. With +autofill, the credentials from the Netwrix Password Secure app are transferred directly to the login +screens. This works both with websites in the browser and with other apps. + +#### Requirements + +In order to ensure automatic registration, a few prerequisites must be met. First of all, the +automatic registration must be set up in the settings. If the **iOS keychain** is not needed, it +should be deactivated. This makes handling a bit easier. Finally, a database connection must exist +and access to passwords must be possible. + +#### Autofill + +**Autofill** always occurs when a login mask is found. No matter whether this is in an app or on a +website. For some login masks, the auto-enrollment process starts automatically. For other masks, +you have to type once into the first field. The autofill itself can be divided into three different +scenarios. + +Dialog + +Depending on the configuration and scenario, the dialog for entry can have different +characteristics: + +- First, one or more passwords are displayed that match the current page or app. These can be + selected and entered with a click. +- It is also possible to open the dialog for selecting a password. If no password is found, this + dialog is displayed directly. +- Finally, the iOS keychain can also be opened. If this function is not needed, it can be + deactivated. The corresponding option will then no longer be offered. + +No password found + +If no password is found that matches the app or the website, the desired password must first be +selected. + +Exact password found + +If there is a data record that contains exactly the URL that is called up, the corresponding +password can be suggested. A simple click on the password is then sufficient to pass the data to the +website or app. + +Several passwords found + +If several matching passwords are found in the database, the desired one must be selected. + +NOTE: Depending on the current state, it may be necessary to authenticate to the app before +selecting or confirming of the password to be entered. The database then has to be unlocked via the +password, Touch ID or Face ID. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/mobile_devices.md b/docs/passwordsecure/9.3/configuration/mobiledevices/mobile_devices.md new file mode 100644 index 0000000000..3f7642b534 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/mobile_devices.md @@ -0,0 +1,55 @@ +--- +title: "Mobile devices" +description: "Mobile devices" +sidebar_position: 70 +--- + +# Mobile devices + +## The new Netwrix Password Secure Mobile App – mobile and simple! + +With version 8.10 we have created the perfect complement to the client: **The Netwrix Password +Secure Mobile App!** + +With its **convenient** interface, the Netwrix Password Secure Mobile App offers the perfect +prerequisite for every user to find their way around **quickly** and **easily**. + +For detailed documentation of the **Netwrix Password Secure Mobile App** + +NOTE: Please note that as of version 8.10.0, the previous version 7 App is no longer compatible. + +#### Security is our ambition + +No matter whether you work with a smartphone or a tablet, you benefit from the highest possible +security on all iOS and Android devices. All passwords are not only available on the mobile device, +but can also be automatically transferred to websites. So you can use highly complex and therefore +secure passwords and don’t have to remember them anymore. The Netwrix Password Secure Mobile App +thus combines security and convenience. In addition, the use of a local database ensures that +passwords can be accessed even when no + +#### Functions + +The functionalities of **password management, SSO, synchronization** and **tab system** are even +more extensive and detailed in the specially created **documentation**. + +### Password management + +The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. They can not only be +stored securely but also structured conveniently. + +### SSO + +The most important convenience feature of the Netwrix Password Secure Mobile app is the possibility +of entering passwords directly into log-in masks of other apps or browser pages. The configuration +and correct use can be found out in the corresponding chapters for **iOS** and **Android**. + +### Synchronization + +Since the data exchange between mobile database and server database is done automatically in the +background, there is no need to worry about the actuality of the data. + +### Tab system + +With the new and simplified tab system, the handling for the individual user has been made +uncomplicated and clear. The affiliation of the passwords is visible at a glance. The exact handling +of the tab system can be read in the chapter **Tabs**. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/passwords_mobileapp.md b/docs/passwordsecure/9.3/configuration/mobiledevices/passwords_mobileapp.md new file mode 100644 index 0000000000..05bafbdea5 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/passwords_mobileapp.md @@ -0,0 +1,85 @@ +--- +title: "Password Management" +description: "Password Management" +sidebar_position: 50 +--- + +# Password Management + +In principle, there are two types of passwords. **Global** and **personal** passwords. + +#### Global passwords + +Global passwords are passwords that are assigned to an organizational unit. These passwords are +usually used by more than one user. + +![Mobile App - global passwords](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/global-passwords-ma-en.webp) + +Prerequisites + +The following prerequisites must be met in order to create new global passwords: + +- User right **Can create new passwords** +- **Add right** to the corresponding organizational unit + +#### Personal passwords + +Personal passwords are passwords to which only the creating user is authorized. + +![MobileApp - personal passwords](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/personal-passwords-ma-en.webp) + +Requirement + +The following user rights are required to create personal passwords: + +- Can create new passwords +- Can create personal records + +#### Create passwords + +When creating a new record, it is necessary to know whether it is a personal or a global password. +Because according to this criterion you should select the appropriate tab and click on the + located +in the upper right corner. + +![create new password](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/create-new-password-ma-en.webp) + +After that, select the required **form**. + +![select form](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/select-form-ma-en.webp) + +Then, once you have filled in all the relevant information of the selected form, one click on +**Save** is enough to create the password. + +![new entry MobileApp](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/new-entry-ma-en.webp) + +#### Editing passwords + +To edit a password, click on the corresponding password and select the pencil icon. + +![editing password](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/new-entry-ma-2-en.webp) + +As soon as you click on the pencil icon again in the new window, in the so-called read-only view, +you can edit all existing fields. + +![edit passwordfield MobileApp](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/edit-passwordfield-ma-en.webp) + +![edit passwordfield](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/edit-entry-ma-2-en.webp) + +#### Delete + +Passwords can currently only be deleted via the Full- or Web Application. + +#### Tags + +Tags can be added or removed both when creating and editing a password. + +![MobileApp - Tags](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/edit-tag-ma-en.webp) + +It is also possible to create a completely new tag. + +This is possible by searching in the tag selection in the search field for a tag that does not +already exist. + +You will then be offered the option of creating this previously non-existent tag. + +![Mobileapp - select/create tag](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/select-tag-ma-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/securitymd.md b/docs/passwordsecure/9.3/configuration/mobiledevices/securitymd.md new file mode 100644 index 0000000000..2267b13359 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/securitymd.md @@ -0,0 +1,38 @@ +--- +title: "Security" +description: "Security" +sidebar_position: 10 +--- + +# Security + +#### Your security is our ambition + +Security is a top priority for Netwrix Password Secure - right from the conception stage, it sets +the course for all further developments. Of course, security was also taken into account during the +development of the Netwrix Password Secure app and the latest technologies were used. The following +encryption techniques and algorithms are currently used: + +Global + +- AES 256 / RSA 4096 encrypted +- PBKDF2 with up to 100,000 iterations +- End to end encrypted (like all Netwrix Password Secure App Clients) +- No direct connection to Netwrix Password Secure Server required. Connection is via web server. +- MDM (Mobile Device Management) support +- Passwords can be used offline when server access is not available +- Fast incremental data synchronization +- Easy connection between Netwrix Password Secure Mobile Apps and the server via QR code +- Easy navigation between private and shared passwords +- Automatic reconciliation of data using real-time updates +- Two-factor authentication +- Synchronization with multiple databases possible +- Expiration date of databases to ensure automatic deletion +- Server and app side security settings. Who is allowed to use the app and to what extent? + +iOS + +- Full support of FaceID and TouchID for passwordless login to the Netwrix Password Secure Mobile + app. +- Password AutoFill support. Passwords are automatically entered in other apps and Safari. (No + copy/paste or typing) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md b/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md new file mode 100644 index 0000000000..3434337653 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md @@ -0,0 +1,75 @@ +--- +title: "Settings" +description: "Settings" +sidebar_position: 70 +--- + +# Settings + +As soon as you are logged in to the **Netwrix Password Secure App**, you can access the **settings** +via the three dots at the very top left of the screen. These will be briefly explained here. + +![MobileApp - settings](/images/passwordsecure/9.2/configuration/mobiledevices/settings/settings-ma-en.webp) +![MobileApp - settings](/images/passwordsecure/9.2/configuration/mobiledevices/settings/settings-2-ma-en.webp) + +#### General + +Hide personal tab + +In some use cases personal passwords are not needed on the mobile device. If this is the case you +can hide the tab with the personal passwords. + +Show all passwords in search tab + +If this option is deactivated, a search will always refer to the opened tab only. This can be useful +if there are several records in the database which have the same name and can only be distinguished +by the affiliation to an organizational unit. + +#### Security + +Touch ID / Face ID + +Here the login via Face ID or Touch ID can be activated and deactivated. + +Automatic logout + +Automatic logout from the app can be enabled and configured here. + +#### Synchronization + +Automatic synchronization + +How to synchronize with the main database is configured here. The following options are available: + +- **Any type of connection:** as long as there is a connection, synchronization will take place. No + matter if it is a WLAN connection or a connection via the mobile network. +- **Only for WLAN connection:** Synchronization only takes place if there is a connection via WLAN. +- **Disabled:** It is not synchronized + +NOTE: Costs may be incurred for synchronization via the mobile network! + +Synchronize now + +Starts the synchronization. This can also be started outside the settings at any time by simply +swiping down. More information can also be found in the chapter +[Synchronization](/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md). + +Fix sync errors + +This menu item first checks for errors caused by the synchronization. If there are such errors you +get the possibility to repair them or to overwrite them with the current state of the server +database. + +#### Logging + +Logging + +Here you can activate or deactivate the logging. + +Show log file + +If logging is active, the log file can be displayed here. + +Delete log file + +Logs that are no longer needed can be deleted here. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/_category_.json b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/_category_.json new file mode 100644 index 0000000000..237f0e7607 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Setup", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "setup_mobile_device" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/biometric_login.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/biometric_login.md new file mode 100644 index 0000000000..21f0e5c984 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/biometric_login.md @@ -0,0 +1,15 @@ +--- +title: "Biometric login" +description: "Biometric login" +sidebar_position: 30 +--- + +# Biometric login + +Depending on the operating system used (iOS or Android), logging in to the app can also be done +using biometric factors such as fingerprint or facial recognition. Directly during the first login, +the app suggests (depending on the type of smartphone) the use of Touch ID or fingerprint or Face ID +or facial recognition. Clicking **Yes** here is sufficient to log in to the database in the future +using the respective biometric feature. + +![setup face ID](/images/passwordsecure/9.2/configuration/mobiledevices/setup/biometric_login/setup-face-id-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md new file mode 100644 index 0000000000..8ca97ed796 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md @@ -0,0 +1,34 @@ +--- +title: "Installation of the App / Requirements" +description: "Installation of the App / Requirements" +sidebar_position: 10 +--- + +# Installation of the App / Requirements + +The Netwrix Password Secure app is installed as usual via the Apple Store or Google Playstore. The +apps can be found under the following links: + +![App store](/images/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/appstore-icon.webp) + +![Google Play](/images/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/android-icon.webp) + +#### Requirements + +The **Netwrix Password Secure Apps** can be installed on the following systems: + +**iOS:** at least version 10.14 + +**Android:** at least version 8.0 + +**Web Application**: Since the app connects via the Web Application, it is mandatory to have it +installed. The documentation of the Web Application installation can be seen in the chapter +[Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) + +**Port**: The connection is made via https port 443, which must be enabled on the server side. + +[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md)**:** The users need the +right **Can synchronize with mobile devices.** + +[Database properties](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md): It must +be ensured that the Enable mobile synchronization option is set. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md new file mode 100644 index 0000000000..ec2263d832 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md @@ -0,0 +1,57 @@ +--- +title: "Linking the database" +description: "Linking the database" +sidebar_position: 20 +--- + +# Linking the database + +First, an existing database must be linked to the Netwrix Password Secure app in order to finally +synchronize the data. During linking, an encrypted database is created on the mobile device, which +provides the data even without a network connection. + +There are two ways to create a link. + +#### Manual linking + +If the database is to be linked manually, the dialog for creating the link is first called up via +the + in the top right-hand corner. Here the address of the Web Application is entered and confirmed +with a click on Connect. + +![Create link](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/create-link-ma-en.webp) + +In the next step, all available databases are displayed. The desired one can be selected by clicking +on it. + +![choose link](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/choose-created-link-en.webp) + +Finally, the login with user name and password takes place. In addition, a meaningful name can be +assigned. + +![log in with your data](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/integration-ma-en.webp) + +#### Link via QR code + +Fulluser + +The quickest way to create a link is via a QR code. To do this, first log in to the client. You will +find the corresponding QR code in the Backstage under Account: + +![QR-code](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/link-via-qr-code-en.webp) + +Then click on the button for the QR code in the app. In the following dialog, the QR code is simply +photographed from the monitor. The mobile database is now created directly in the background and +linked to the database on the server. In the next step, you can give the database profile a +meaningful name and log in directly: + +![log in with your data](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/integration-ma-en.webp) + +LightUser + +Using the Light view, the user must click on their user account and click on the **Account** option + +![Account LightClient](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/account-lc-2-en.webp) + +This will open a window where you can use the QR code to scan the database. + +![QR code lightclient](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/account-lc-3-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md new file mode 100644 index 0000000000..58f2a534f1 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md @@ -0,0 +1,33 @@ +--- +title: "Setting up autofill" +description: "Setting up autofill" +sidebar_position: 40 +--- + +# Setting up autofill + +The most important comfort feature of the Netwrix Password Secure App is probably the autofill, i.e. +the possibility to enter access data directly into the input mask. The autofill must first be set up +or configured. + +#### Setting up the autofill under iOS + +In the settings, first select the item Passwords & Accounts and then Automatically fill in. As soon +as Auto-fill is activated, all options for filling in login windows are offered. Here one then +selects Netwrix Password Secure. + +RECOMMENDED: We recommend deactivating the **keychain (iOS)** as well as any other apps offered to +prevent misunderstandings in usage. + +![password options](/images/passwordsecure/9.2/configuration/mobiledevices/setup/setting_up_autofill/password-options-en.webp) + +#### Setting up automatic registration on Android + +In the settings under Operating aids ¹, among the downloaded services, the Netwrix Password Secure +app is activated. + +In addition, you must define in the settings under Show via other apps that Netwrix Password Secure +may be shown via other apps. + +RECOMMENDED: We recommend to use only Netwrix Password Secure for automatic registration and to +deactivate all other apps here. This prevents possible misunderstandings in the operation. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md new file mode 100644 index 0000000000..23b7acbd93 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md @@ -0,0 +1,24 @@ +--- +title: "Setup" +description: "Setup" +sidebar_position: 20 +--- + +# Setup + +## Requirements + +Netwrix Password Secure Mobile Apps automatically synchronize with an existing Netwrix Password +Secure database. The [Web Application](/docs/passwordsecure/9.2/configuration/webapplication/web_application.md) is used as the +interface for this. This must therefore be installed. In addition, the database must be enabled for +use with mobile devices on the [Server Manager](/docs/passwordsecure/9.2/configuration/servermanger/server_manger.md). + +#### Setup and configuration + +The setup and initial configuration of the **Netwrix Password Secure App** is explained in the +following chapters: + +- [Installation of the App / Requirements](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md) +- [Linking the database](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md) +- [Biometric login](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/biometric_login.md) +- [Setting up autofill](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md b/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md new file mode 100644 index 0000000000..4fd773198b --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md @@ -0,0 +1,40 @@ +--- +title: "Synchronization" +description: "Synchronization" +sidebar_position: 40 +--- + +# Synchronization + +The synchronization of data between the mobile database and the server database is extremely +important. On the whole, you don't have to worry about synchronization, because the data is +automatically synchronized in the background. + +Synchronization logic + +First of all, it is important to note how the synchronization has been configured in the +[Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md). A prerequisite for successful synchronization is that +the configured connection is available. This is done via https port 443, which must be enabled on +the server side. Once the prerequisites have been met, there are the following triggers for +synchronization: + +- A login to the app takes place +- Swipe down in the app +- The synchronization is started in the settings of the app. +- A data record is changed in one of the two databases + +Which dataset is being synchronized? + +In Netwrix Password Secure, each field in a record has a timestamp. During a synchronization +synchronization, these timestamps are checked and the newer field is written to the other database. + +Example: + +Assuming in a record the field "Username" is changed in the Advanced view and the field "Password" +is changed in the App. "password" is changed in the app, you will have different data statuses on +both devices. After a synchronization, you will receive the changed user name and the new password +on both devices. + +Settings for synchronization + +The configuration is described in the chapter [Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/tabs.md b/docs/passwordsecure/9.3/configuration/mobiledevices/tabs.md new file mode 100644 index 0000000000..c805f54acd --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/tabs.md @@ -0,0 +1,43 @@ +--- +title: "Tabs" +description: "Tabs" +sidebar_position: 30 +--- + +# Tabs + +Once you have successfully logged in, you will find yourself in the view where all the user's +passwords are located. + +![all passwords in mobile app](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/all-passwords-ma-en.webp) + +Here you have the following options: + +Action menu + +With a click on +![three-points-en](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/three-points-en.webp) +the action menu is opened. + +![actions mobile app](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/actions-ma-en.webp) + +The following actions are offered: + +- **Open settings** (more information can be found in the Settings chapter). +- **Close tab** (the option is offered only if you are in one of the organizational units tabs. The + default ones are excluded) +- **Logout** (you will be logged out from the database) +- **Cancel** (closes the action menu and returns to the tab view) + +Tabs + +Below the passwords there is a bar for managing tabs. + +![manage tabs](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/all-passwords-ma-2-en.webp) + +By clicking on the plus sign there is a possibility to add more tabs. + +![add tabs](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/add-tabs-ma.webp) + +These tabs are organizational units that the user can see. By default, the tabs **"All passwords"** +and **"Personal"** are stored. diff --git a/docs/passwordsecure/9.3/configuration/offlineclient/_category_.json b/docs/passwordsecure/9.3/configuration/offlineclient/_category_.json new file mode 100644 index 0000000000..2cd56829c8 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/offlineclient/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Offline Add-on", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "offline_client" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md b/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md new file mode 100644 index 0000000000..c84bc3ada2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md @@ -0,0 +1,58 @@ +--- +title: "Offline Add-on" +description: "Offline Add-on" +sidebar_position: 90 +--- + +# Offline Add-on + +## What is the Offline Add-on? + +The Offline Add-on enables you to work without an active connection to the Netwrix Password Secure +server. If the corresponding setting has been configured +([Setup and sync](/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md)), the local copy of the server database will be +automatically synchronized according to freely definable cycles. This ensures that you can always +use a (relatively) up-to-date version of the database offline. + +Facts + +- “Microsoft SqlServer Compact 4.0.8876.1” is used for creating offline databases +- The database is encrypted using AES-128 or SHA-256. A so-called “platform default” is used for + this purpose +- In addition, RSA encryption processes are used +- More on this subject…::https://technet.microsoft.com/en-us/library/gg592949(v=sql.110).aspx + +#### Installation + +The Offline Add-on is automatically installed together with the main client. No database profiles +need to be created – this task is performed by the client during the initial synchronization, +together with the creation of the offline database. + +#### Operation + +Operation of the Offline Add-on is generally based on the +[Operation and setup](/docs/passwordsecure/9.2/configuration/servermanger/operation_and_setup_admin_client.md). +Since the Offline Add-on only has a limited range of functions, the following must be taken into +account with regards to its operation: + +- There is no dashboard +- Only the password module is available +- The filter is not available. Records are found using the + [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) +- The automatic login data entry can be performed via the + [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md), independently of the Offline Add-on + +![Offline Client](/images/passwordsecure/9.2/configuration/offlineclient/installation_with_parameters_264-en.webp) + +#### What data is synchronised? + +[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) +enhance the security concept in Netwrix Password Secure to include a double-check principle that can +be defined in fine detail. This means that releases for protected information are linked to the +positive authentication of one or more users. Naturally, it is not possible to issue these releases +when the server is not connected. For this reason, sealed records are not synchronized and thus do +not form part of offline databases. + +Otherwise, all records for which the user has the **export right** are synchronised. + +Records with **password masking** are adopted into the offline database and can be used as normal. diff --git a/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md b/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md new file mode 100644 index 0000000000..b6952b8eff --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md @@ -0,0 +1,86 @@ +--- +title: "Setup and sync" +description: "Setup and sync" +sidebar_position: 10 +--- + +# Setup and sync + +## Setting up the offline database + +It is important to ensure that the right requirements have been met before setting up the Offline +Add-on. The following configurations need to be defined in both the Server Manager and also the user +rights/user settings. + +Requirements + +To set up offline databases, this option must be activated in the Server Manager first. This process +is carried out separately for each database in the database view in the Server Manager in the +“General settings” (right click on the database). This is also possible to do when the database is +initially created. + +![Properties](/images/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_265-en.webp) + +You will find further information on this subject in the +sections:[ Creating databases](/docs/passwordsecure/9.2/configuration/servermanger/creating_databases.md) and +[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md) + +User rights + +The user requires the “offline mode” right. In addition, how long offline mode can be used without a +server connection can be defined in the user rights. + +![User rights](/images/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_266-en.webp) + +Creating an offline database + +The synchronization with the offline database can generally be carried out automatically. However, +**the first synchronization must be carried out manually**. The synchronization is started via the +Main menu/Account. + +![account-en](/images/passwordsecure/9.2/configuration/offlineclient/setup/account-en.webp) + +NOTE: The offline databases are stored locally under the following path: %appdata%\MATESO\Password +Safe and Repository Client\OfflineDB + +An offline database must be created per user and client for each online database. This makes it +possible to use several offline databases with an Offline Add-on. + +#### Synchronization + +In order to keep the data always consistent, the offline database must be synchronized regularly. +Synchronization is automatically performed by the client in the background. The interval can be +freely configured in the +[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). The synchronization is +completed every 30 minutes by default. When creating and editing records, it is also possible to +synchronize outside of the synchronization cycle so that the changes are directly available offline. +In addition, the synchronization can also be started manually in Backstage via “Account”. + +A running synchronization is displayed in the icon in the task bar as well as by a status bar in the +client: + +![progress icon](/images/passwordsecure/9.2/configuration/offlineclient/setup/progress-icon-en_64x53.webp) + +![installation_with_parameters_269](/images/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_269.webp) + +As soon as the synchronization is completed, this is indicated by a hint. + +![notification "offline sync completed"](/images/passwordsecure/9.2/configuration/offlineclient/setup/offline-sync-completed-en_383x75.webp) + +#### Relevant settings + +![installation_with_parameters_271](/images/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_271.webp) + +Offline mode can be configured and personalized using the four settings mentioned: + +- **Offline synchronization after saving a record**: The synchronization of the offline database is + completed directly after saving a record. It is important to note that this only applies to those + records that are saved by the user who is logged in. Changes made by another user do not trigger + any synchronization! +- **Offline synchronization after login:** If this option is active, the offline database is + synchronized after each restart of the client. +- **Automatic synchronization after an interval**: This setting is used to define the interval at + which a synchronization of the offline database will be periodically carried out. The default + value is 30 minutes. +- **Path where the offline database should be saved**: If this field is left empty, the system + default is used. Otherwise, the storage location for the offline database can be entered directly. diff --git a/docs/passwordsecure/9.3/configuration/sdkapi/_category_.json b/docs/passwordsecure/9.3/configuration/sdkapi/_category_.json new file mode 100644 index 0000000000..ed7af24b66 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/sdkapi/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SDK / API", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "sdk__api" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/sdkapi/migration_guide.md b/docs/passwordsecure/9.3/configuration/sdkapi/migration_guide.md new file mode 100644 index 0000000000..a194cc8bf7 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/sdkapi/migration_guide.md @@ -0,0 +1,156 @@ +--- +title: "migration_guide" +description: "migration_guide" +sidebar_position: 10 +--- + +## Migration Guide: Breaking Changes - API Login + +Overview: We've enhanced the login authentication process to offer a more dynamic and secure +experience. This update introduces a new method of authentication, effective for servers from +version 8.12 onward. + +**CAUTION:** Important Update: Starting from server version 9.0, the previous login method will no +longer be functional. Users must adopt the new authentication approach provided in our API to +continue accessing the services. + +#### Why was this change done? + +Since version 8.12, our server and clients are supporting authentication methods other than +passwords. Therefore, we have introduced a two-step authentication in our server and our clients. +After entering the username, the server is asked for the main factor for the authentication.With the +release of version 8.12, our server and client applications have expanded their support for +authentication methods beyond traditional passwords. Consequently, to enhance security, a two-step +authentication process has been introduced within both our server and client environments. This +process entails the user inputting their username, followed by a request to the server for the +primary authentication factor. Notably, this change was not initially implemented in our APIs. + +To align our systems with enhanced security standards, we have undertaken the implementation of the +new PBKDF2 hashing iteration count. As part of this transition, we have made the strategic decision +to discontinue the use of the old authentication endpoint. Subsequently, we have diligently +integrated the new authentication mechanism into our APIs to ensure a consistent and secure user +experience. + +Transition details: + +- **Old Method Deprecation**: The previous login method is deprecated and no longer operational with + servers of version 9.0. +- **New Authentication Requirement:** To access our services, users must switch to the updated + authentication method in our APIs, compatible with servers from version 8.12 onward. Versions + older than 8.12 are no longer operational with the API. If you're using such an old version, + please use the old API. + +**CAUTION:** Action Required: Ensure that your server version is 8.12 or later to implement the new +authentication method and seamlessly access our services. Update your integration with the API to +incorporate the revised login interface and maintain uninterrupted service access. + +Below are code examples for the previous and updated authentication methods. + +#### C# + +Previous authentication method (deprecated) + +``` +var database = "your-database"; +var username = "your-username"; +var password = "your-password"; +var psrApi = new PsrApi("your-endpoint"); +var mfaRequest = await psrApi.AuthenticationManager.Login(database, username, password); +while (mfaRequest != null) { +    // Gathering user input for authentication fields +    Console.Write(mfaRequest.DisplayName);  +    foreach (var field in mfaRequest.RequiredFields) +    { +        Console.Write(field.Type.ToString());  +        var mfa = Console.ReadLine(); +        field.Value = mfa; +    }  +    mfaRequest = await psrApi.AuthenticationManager.Login(database, username, password, mfaRequest.RequiredFields); +} +``` + +New authentication method (required for version 9.0 onwards) + +``` +var database = "your-database"; +var username = "your-username"; +var psrApi = new PsrApi("your-endpoint"); +var authenticationFlow = psrApi.AuthenticationManagerV2.StartNewAuthentication(database, username); +await authenticationFlow.StartLogin(); +while (!authenticationFlow.IsAuthenticated) { +    var requirement = authenticationFlow.GetNextRequirement(); +    var selectedRequirement = requirement.PossibleRequirements.FirstOrDefault() as DynamicFillableAuthentication; +    foreach (var field in selectedRequirement.Fields) { +        // Gather user input for authentication fields from the console +        Console.Write(field.Key); +        field.Value = Console.ReadLine(); +} +    await authenticationFlow.Authenticate(selectedRequirement); +} +``` + +#### JavaScript + +Previous authentication method (deprecated) + +``` +const database = 'your-database' +const username = 'your-username' +const password = 'your-password' +let api = new PsrApi('your-endpoint') +let mfaRequest = await psrApi.authenticationManager.login(database, username, password) +while (mfaRequest) { +    for (const field of mfaRequest.requiredFields) { +        field.value = prompt(field.type) +    } +    mfaRequest = await psrApi.authenticationManager.login(database, username, password, mfaRequest.requiredFields); +} +``` + +New authentication method (required for version 9.0 onwards) + +``` +const database = 'your-database' +const username = 'your-username' +let api = new PsrApi('your-endpoint') +await psrApi.authenticationManagerV2.startLogin(database, username) +while (!psrApi.authenticationManagerV2.isAuthenticated) { +    let requirement = await psrApi.authenticationManagerV2.getNextRequirement() +    let selectedRequirement = requirement.PossibleRequirements[0] +    for (const field of selectedRequirement.Fields) { +        // Simulating console interaction to gather user input +        field.Value = prompt(field.Key) +    }  +    await psrApi.authenticationManagerV2.authenticate(selectedRequirement) +} +``` + +#### Implementation explanation + +The API object is created as always: by passing the server address to the constructor. + +After that, the implementation differs slightly between C# and JavaScript. For C#, we’re getting the +authentication flow via **psrApi.AuthenticationManagerV2.StartNewAuthentication("your-database", +"your-username");**. On the resulting instance, the asynchronous method **StartLogin()** needs to be +called and awaited. Using the JavaScript API, we can directly call and await the +**psrApi.authenticationManagerV2.startLogin('your-database', 'your-username)** method. + +After this, you must call the **GetNextRequirement()** method. The result contains the requirements +the user has to fill in. It usually contains a “Fields“ list, where the “Value” needs to be set. The +filled requirements need to be sent to the server via +**psrApi.authenticationManagerV2.authenticate** method. Don’t forget to wait for the result (using +the **await** keyword). + +Now, the authentication via API also provides the possibility to configure a second factor and +change the user password during login. In this case, the result of the **GetNextRequirement** call +has the property “IsConfiguration” set to true. If the user can choose between multiple second +factors, they are all part of the “PossibleRequirements” array. Select the one you want to use, fill +in the fields, and send the requirement via **authenticate** method. + +As soon as the authentication is completed, the **psrApi.authenticationManagerV2.isAuthenticated** +property is set to true. + +For any queries or assistance in transitioning to the new authentication method, please refer to our +updated documentation or reach out to our support team. + +Thank you for your cooperation as we continue to improve security and usability within our API. diff --git a/docs/passwordsecure/9.3/configuration/sdkapi/sdk__api.md b/docs/passwordsecure/9.3/configuration/sdkapi/sdk__api.md new file mode 100644 index 0000000000..a95dcf50cc --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/sdkapi/sdk__api.md @@ -0,0 +1,38 @@ +--- +title: "SDK / API" +description: "SDK / API" +sidebar_position: 80 +--- + +# SDK / API + +API: This interface can be used to "address Netwrix Password Secure externally" in order to, for +example, read data for other programs. The API can only be accessed via our wrappers (SDK) using C# +and JavaScript. + +In the JavaScript version of the API, all enums can be found under the global object "PsrApiEnums". + +## Requirements and download + +The SDK can be downloaded from the Customer Information System. + +## Using the API + +The central object is "PsrApi". It contains various "managers" that contain the entire business +logic. First a "PsrApi" object must be created. The only transfer parameter of this class is the +endpoint of the Netwrix Password Secure WebServices. If the Web Application is in use, +`https://Web Application-url/api` can be used as the endpoint. Otherwise the Netwrix Password Secure +Server, i.e. `app-server01:11016`, must be used directly. + +## Login + +If you do not log in to the system in advance, it is not possible to use the API. The first +parameter for the login method is the desired database, followed by the user name and password. It +is important to note that all methods for running the API that initiate a server call are +implemented asynchronously. “Task” objects are returned in C# and “Promise” objects are returned in +JavaScript. + +## Technical documentation + +You can find the complete technical documentation for the SDK +[here](https://help.passwordsafe.de/api/v9/). diff --git a/docs/passwordsecure/9.3/configuration/servermanger/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/_category_.json new file mode 100644 index 0000000000..a78a651997 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Server Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "server_manger" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/basic_configuration.md b/docs/passwordsecure/9.3/configuration/servermanger/basic_configuration.md new file mode 100644 index 0000000000..7b9ed245bc --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/basic_configuration.md @@ -0,0 +1,88 @@ +--- +title: "Basic configuration" +description: "Basic configuration" +sidebar_position: 10 +--- + +# Basic configuration + +## What is basic configuration? + +Within the basic configuration, the connection to the SQL server or to the databases is defined. The +basic configuration appears the first time the Server Manager is started and can be called up at any +time in the basic configuration. + +![base configuration](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_188-en.webp) + +## The basic configuration + +A special wizard is available to carry out the configuration: + +![Baseconfig](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_189-en.webp) + +#### Service address + +The service address of the SQL server can be selected via the drop-down menu. It is mandatory to +select the adapter via which the Server Manager can also access the SQL server. + +The loopback address 127.0.0.1 should not be used here. + +#### Service user + +Service user This setting is used to define the service user, which is needed to start the server +service as well as the backup service. The “Use local system” setting starts the services with the +local system account. + +**CAUTION:** The defined service user **needs local administrator** rights to properly configure the +server and create databases. + +#### SQL configuration instance + +Under “SQL Server instance” the database server must be specified, including the SQL instance. For +simplicity, you can copy the server name from the login window of the SQL server. + +![installation_with_parameters_190](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_190.webp) + +If the option “Service user” is selected, enter the user that logs on to the SQL Server. Please note +that “dbCreator” rights are necessary to create a configuration database. “dbOwner” rights are +sufficient if the database is created manually on the SQL server and is only accessed here. Enter +the name of the configuration database under “Database”. + +NOTE: Refer to the system requirements for server section for more information about the users. + +#### Expert mode + +Expert mode displays additional menu options for advanced configurations: + +Backup service user + +You can use a dedicated user to run the backup here. The service user is selected by default. + +SQL configuration instance + +This menu item can be configured in expert mode via a so-called connection string. + +Certificate + +The SSL connection certificate can also be configured under this item to protect the client server +connection. By default, a certificate is generated by the Server Manager. However, you can also +choose your own. Further information can be found directly in the section provided for this purpose. + +**CAUTION:** Exchanging or overwriting an existing certificate may cause warnings to the clients if +the certificate is not trusted by each client. + +Allow host mode + +Host mode is no longer supported since version 8.13. + +Activating caching + +Caching is activated by default to improve performance. The so-called SqlBroker is registered for +the database on the SQL server here. The following is cached: + +- The roles of the individual users +- The structure of the organisational units +- All settings + +NOTE: If this option is changed, the server needs to be restarted so that the change can take +effect. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/certificates/_category_.json new file mode 100644 index 0000000000..1d195a83f7 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Certificates", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "certificates" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md new file mode 100644 index 0000000000..b1f309272b --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md @@ -0,0 +1,84 @@ +--- +title: "Certificates" +description: "Certificates" +sidebar_position: 20 +--- + +# Certificates + +Various different certificates are used to guarantee the security of Netwrix Password Secure. The +certificates are essential for the smooth operation of Netwrix Password Secure. It is thus important +that they are carefully backed up. + +## What certificates are used? + +The individual certificates are described in the following sections: + +- [SSL connection certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/ssl_connection_certificates.md) +- [Database certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/database_certificates.md) +- [Master Key certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/master_key_certificates.md) +- [Discovery service certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/discovery_service_certificates.md)s +- [Password Reset certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/password_reset_certificates.md) + +## Calling up the certificate manager + +There are two ways to open the certificate manager. The certificates for each specific database can +be managed via the ribbon: + +![installation_with_parameters_196_647x73](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_196_647x73.webp) + +In the **Main menu**, it is also possible to start the certificate manager for all databases via the +**basic configuration:** + +![base configuration](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_197-en.webp) + +NOTE: Operation of the certificate manager is always the same. The only difference is whether the +certificates are displayed for each database or for all databases. + +#### Checking existing certificates + +After opening the certificate manager, all certificates specific to Netwrix Password Secure will be +displayed. Clicking on the certificate will display further information. + +![installation_with_parameters_198](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_198.webp) + +Double clicking on a certificate will open the Windows Certificate Manger to provide more detailed +information. + +![installation_with_parameters_199_423x396](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_199_423x396.webp) + +#### Required certificates / deleting no longer required certificates + +The overview will initially only display those certificates that are being used and are thus +required. Clicking on **All** will also display the no longer required certificates. For example, it +is possible that outdated certificates exist on the machine due to a test installation. These +certificates can be easily deleted via the corresponding button in the ribbon. + +![certificates-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/certificates/certificates-ac-4-en.webp) + +#### Importing certificates + +Previously backed up certificates can be integrated into the installation via the Import button. +This merely requires you to enter the desired .pfx file and its password. + +#### Exporting certificates + +The relevant certificates will be backed up by clicking on export. A password firstly needs to be +issued here. If a storage location has not yet been entered via the settings, you are firstly asked +to enter it. + +NOTE: SSL connection certificates are not included in this process and are also not backed up. These +certificates can be recreated if necessary. + +#### Settings + +You can define whether every certificate should be saved to its own file in the **settings**. If +this option has not been activated, all relevant certificates will be backed up in one file. In +addition, the storage location is defined in the settings. + +![installation_with_parameters_201_826x310](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_201_826x310.webp) + +#### Backing up certificates + +If you want to automatically back up the certificates on a cyclical basis, this can be done via the +backup system. Further information can be found in the section Backup management. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md new file mode 100644 index 0000000000..2ff1335128 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md @@ -0,0 +1,33 @@ +--- +title: "Database certificates" +description: "Database certificates" +sidebar_position: 20 +--- + +# Database certificates + +## What is a database certificate? + +A unique certificate is created for each database. This has the name **psrDatabaseKey**: + +![installation_with_parameters_207](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_207.webp) + +The database certificate **does not encrypt the database.** Rather, it is used for the encrypted +transfer of passwords from the client to the server in the following cases: + +- Creation of a WebViewer via a task +- Creation of an AD profile protected by a master key +- Login of users imported from AD in Master Key mode + +NOTE: The database certificate cannot be replaced by your own certificate. + +NOTE: The expiry date for the database certificate is not checked. The certificate thus does not +need to be renewed. + +**CAUTION:** If the database is being moved to another server, it is essential that the certificate +is also transferred! + +#### Exporting and importing the certificate + +The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) explains how to back up the certificate and link it +again. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md new file mode 100644 index 0000000000..2893c1015f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md @@ -0,0 +1,26 @@ +--- +title: "Discovery service certificates" +description: "Discovery service certificates" +sidebar_position: 40 +--- + +# Discovery service certificates + +## What is a discovery service certificate? + +If a discovery service is created, a corresponding certificate is also created: + +![installation_with_parameters_202](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_202.webp) + +NOTE: The discovery service certificate cannot be replaced by your own certificate. + +NOTE: The certificates for the discovery service have an expiry date. However, this is not checked. +The certificate thus does not need to be renewed. + +**CAUTION:** If the database is being moved to another server, it is **essential that the discovery +service certificate is also transferred!** + +#### Exporting and importing the certificate + +The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md)explains how to back up the certificate and link it +again. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md new file mode 100644 index 0000000000..60718982c5 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md @@ -0,0 +1,29 @@ +--- +title: "Master Key certificates" +description: "Master Key certificates" +sidebar_position: 30 +--- + +# Master Key certificates + +#### What is a Master Key certificate? + +If Active Directory is accessed via +[Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), +a certificate will be created. This has the name + +Active Directory: Domain: + +![installation_with_parameters_208](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_208.webp) + +NOTE: The Master Key certificate cannot be replaced by your own certificate. + +NOTE: The certificates for Master Key mode have an expiry date. However, this is not checked. The +certificate thus does not need to be renewed. + +**CAUTION:** If the database is being moved to another server, it is essential that the Master Key +certificate is also transferred! + +#### Exporting and importing the certificate + +The section certificates explains how to back up the certificate and link it again. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/nps_server_encryption_certificate.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/nps_server_encryption_certificate.md new file mode 100644 index 0000000000..60020ef87a --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/nps_server_encryption_certificate.md @@ -0,0 +1,17 @@ +--- +title: "Netwrix Password Secure Server Encryption Certificate" +description: "Netwrix Password Secure Server Encryption Certificate" +sidebar_position: 60 +--- + +# Netwrix Password Secure Server Encryption Certificate + +With the update to the version 8.16.0 the Netwrix Password Secure Server Encryption Certificate will +be added automatically. + +![NPS Server Encryption](/images/passwordsecure/9.2/configuration/server_manager/certificates/nps-server-encryption_1014x771.webp) + +This certificate is important if you will activate an offline license. In future there will be more +features for which this certificate is relevant. + +RECOMMENDED: **Please export this certificate separately!!!** diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md new file mode 100644 index 0000000000..3da923a725 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md @@ -0,0 +1,28 @@ +--- +title: "Password Reset certificates" +description: "Password Reset certificates" +sidebar_position: 50 +--- + +# Password Reset certificates + +## What is a Netwrix Password Secure certificate? + +If a [Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) is created, +a corresponding certificate is created. This ensures that the passwords are transferred in encrypted +form. + +![password-reset](/images/passwordsecure/9.2/configuration/server_manager/certificates/password-reset.webp) + +NOTE: The Password Reset certificate cannot be replaced by your own certificate. + +NOTE: The certificates for the Password Reset have an expiry date. However, this is not checked. The +certificate thus does not need to be renewed. + +**CAUTION:** If the database is being moved to another server, it is essential that all Password +Reset certificate is also transferred! + +#### Exporting and importing the certificate + +The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md)explains how to back up the certificate and link it +again. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md new file mode 100644 index 0000000000..913e0db69e --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md @@ -0,0 +1,99 @@ +--- +title: "SSL connection certificates" +description: "SSL connection certificates" +sidebar_position: 10 +--- + +# SSL connection certificates + +## What is an SSL connection certificate? + +The connection between clients and the server is secured via an SSL certificate. The **latest +encryption standard TLS 1.2** is used here. It is also possible to create a certificate via the +server, as well as to use an existing certificate with a CA. All computers on which a client is +installed must trust the certificate. + +Otherwise, the following message will appear when the client is started: + +**This connection is not trusted!** + +The connection to the server is not considered secure. + +![not_trusted_certificates](/images/passwordsecure/9.2/configuration/server_manager/certificates/not_trusted_certificates.webp) + +NOTE: Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, +and has been extended to include TLS 1.2 + +**CAUTION:** The service user creates the databases. A separate certificate is also generated for +each database. Therefore, the service user must be a local administrator or a domain administrator, +as otherwise they would have no rights to save data in the certificate store. + +#### Structure of certificates + +The following information applies to both the **Netwrix Password Secure certificate** and also to +your **own certificates:** + +Alternative applicant + +Communication between the client and server can only take place using the path that is stored in the +certificate with the alternative applicant. Therefore, the Netwrix Password Secure certificate +stores all IP addresses for the server, as well as the hostname. When creating your own certificate, +this information should also be saved under the alternative applicant. + +NOTE: All information (including the IP address) are stored as DNS name. + +#### Using the Netwrix Password Secure certificate + +The name of the PSR certificate is **PSR8Server**. This can be done via the +[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md) in the AdminConsole. The +certificate is saved locally under: + +Local computer -> own certificates -> certificates + +NOTE: The certificate is valid from its creation up to the year 9999 – and is thus valid almost +indefinitely. For this reason, it is not necessary to note any expiry date. + +Distributing the Netwrix Password Secure certificate + +In order for the certificate to be trusted, it can be exported to the server and then imported to +the clients. The following storage location needs to be selected here: + +local computer -> trusted root certificate location -> certificates + +The certificate can be both rolled out and distributed using group guidelines. + +Manually importing the Netwrix Password Secure certificate + +If the Netwrix Password Secure certificate is not rolled out, it is also possible to manually import +the certificate. To do this, firstly open the certificate information. In the warning notification, +the Show server certificate button is available for this purpose. In the following dialogue, select +the option Install certificate… + +![installation_with_parameters_204_415x395](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_204_415x395.webp) + +A **Certificate import wizard** will open in which **Local computer** should be selected. + +![installation_with_parameters_205_555x405](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_205_555x405.webp) + +In the next step, the storage location “trusted root certificate location” needs to be manually +selected. + +![installation_with_parameters_206_556x406](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_206_556x406.webp) + +Finally, the installation needs to be confirmed once again. + +NOTE: The user logged in to the operating system requires rights to create certificates + +#### Using your own certificate + +If a CA already exists, you can also use your own certificate. You can specify this within the +[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md). Please note that a server +certificate for SSL encryption is used here. The CA must be configured so that all clients trust the +certificate. It is necessary to adhere to the certification path. + +**CAUTION:** When configuring, you must ensure that the clients can access the CA lock lists + +Wildcard certificates + +Wildcard certificates are not supported. In theory, it should be possible to use them but we cannot +help with the configuration. You can use wildcard certificates at your own responsibility. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/creating_databases.md b/docs/passwordsecure/9.3/configuration/servermanger/creating_databases.md new file mode 100644 index 0000000000..6ba623e945 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/creating_databases.md @@ -0,0 +1,58 @@ +--- +title: "Creating databases" +description: "Creating databases" +sidebar_position: 40 +--- + +# Creating databases + +![installation_with_parameters_216](/images/passwordsecure/9.2/configuration/server_manager/creatingdatabase/installation_with_parameters_216.webp) + +[https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0)[https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0) + +## What are databases? + +Databases contain all information on users, records, documents, etc. The changes to objects in +Netwrix Password Secure will also become part of the MSSQL database. Naturally, the regular creation +of backups to secure this data should always have the highest priority. The **MSSQL** relational +database management system is used in Netwrix Password Secure version 9. + +## Creating databases + +The creation of databases is supported by the database wizard, which is started directly from the +ribbon. The individual tabs of the wizard are explained below: + +![database wizard](/images/passwordsecure/9.2/configuration/server_manager/creatingdatabase/installation_with_parameters_217-en.webp) + +Database server + +The first tab can be used to manually select the database server. By default, the value defined in +the Advanced settings is preset. A user can also be entered or the service user can be selected +instead. + +Name + +Enter the name of the new database here. Alternatively, you may select an existing database. A +meaningful name makes it easier to differentiate between databases, especially when using multiple +databases. + +Data + +This setting can be used to define whether a template should be used. The template will provide the +database with ready-made forms and dashboard settings that make it easier to get started. The user +can select from English and German templates. However, it is also possible to proceed without a +template – you will then start with a completely empty database. If you have a backup from Password +Safe version 7, this can be migrated. + +User + +This setting is used to define the first user to be created – normally this is the administrator. If +a migration is active, the user can be deleted after migration. + +#### Finishing the database wizard + +Once a database has been created successfully, , provided it has been selected. If no data migration +has been selected, the new database is created directly, and will be displayed in the database +overview. + +![created new database](/images/passwordsecure/9.2/configuration/server_manager/creatingdatabase/installation_with_parameters_218-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/_category_.json new file mode 100644 index 0000000000..99ee9711b4 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Database properties", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "database_properties" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_firewall.md b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_firewall.md new file mode 100644 index 0000000000..8aaed30693 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_firewall.md @@ -0,0 +1,77 @@ +--- +title: "Database firewall" +description: "Database firewall" +sidebar_position: 30 +--- + +# Database firewall + +## What is the database firewall? + +The database firewall enables you to regulate access to the database. A whitelist policy is used for +this process. Firewall rules are used to allow access to the database in individual cases. + +#### Activating the firewall + +The firewall can be directly activated in the database settings. + +![database firewall](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_226-en.webp) + +Access to the firewall is blocked after it has been activated. Login attempts are directly blocked. + +![installation_with_parameters_227](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_227.webp) + +#### Firewall rules + +The rules already set are displayed in the section on the right. The icons +![+](/images/passwordsecure/9.2/configuration/server_manager/database_properties/+.webp) +and +![-](/images/passwordsecure/9.2/configuration/server_manager/database_properties/-.webp) +can be used to add or also delete rules. Rules can be edited by double clicking on them. + +![firewall rule](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_230-en.webp) + +The following possibilities exist: + +- Access from an individual computer is allowed via the IP address. +- A Range of multiple IP addresses can also be optionally selected. +- It is also possible to regulate access using the Computer name. +- Finally, access can also be allowed for a certain Windows user. For example, the administrator can + be allowed access irrespective of the computer being used. +- The setting Grant access defines whether access is allowed or blocked. This is symbolised by a + corresponding icon. + +Naturally, the rules can also be combined. It is thus possible e.g that only one defined user can +access one database from a certain IP address. + +NOTE: The conditions are always combined using AND operators + +If two or more rules overlap, the rule with the least rights will always be applied. For example, if +a rule allows access from a range of IP addresses but another rule blocks a specific computer within +this range then the rule blocking the computer is applied. + +## Examples + +The functionality of the firewall will be explained in more detail using the following rules: + +![defined firewall rules](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_231-en.webp) + +Approving an IP range (Rule 1) + +The first rule in the example allows access from a range of IP addresses from 192.168.150.1 to +192.168.150.254 + +Locking a particular computer (Rule 2) + +The computer with the IP 192.168.150.64 is within the range defined in Rule 1. Access from this PC +is blocked using this rule. + +Blocking an individual user (Rule 3) + +If you want to block a particular user (perhaps because they have left the company) then this is +also possible. + +Computer-independent access for a user (Rule 4) + +This rule grants access to the administrator. It is irrelevant which computer the administrator uses +to log in to the database. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md new file mode 100644 index 0000000000..3a1bb58f3c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md @@ -0,0 +1,34 @@ +--- +title: "Database properties" +description: "Database properties" +sidebar_position: 60 +--- + +# Database properties + +The properties of a database can be opened by double-clicking on the database. No login to the +database is required. + +![installation_with_parameters_225](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_225.webp) + +#### Properties + +The following options can be edited: + +- [General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md) +- [Syslog](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md) +- [Database firewall](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_firewall.md) + +General Settings + +The following can be defined in the General Settings: + +- **Database server** – here the SQL instance can be specified again. +- **SystemTask check interval** – specifies the time interval in which the check interval for + SystemTasks should run (**default set to 60 minutes**) +- **Enable offline access** – Activate/deactivate the Offline Add-on +- **Activate access via web client** – Activate/deactivate the web client (**active by default**) +- **Allow mobile synchronization** – Activate/deactivate synchronization with mobile devices +- **Lock clients if login is incorrect (IP address)** – Lock IP if login is incorrect +- **Enable real-time update** – Enables/disables real-time update between clients **(default is + active)** diff --git a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/general_settings_admin_client.md b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/general_settings_admin_client.md new file mode 100644 index 0000000000..cf18266eb4 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/general_settings_admin_client.md @@ -0,0 +1,19 @@ +--- +title: "General settings" +description: "General settings" +sidebar_position: 10 +--- + +# General settings + +## What are general settings? + +Within the general settings, surface settings regarding the colour scheme as well as the language +used are configured. The password for logging in to the Server Manager can also be changed here. + +![General settings](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_254-en.webp) + +## Determining the system hash + +This function determines the system hash, and copies it to the clipboard. This hash is used for the +offline license. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md new file mode 100644 index 0000000000..38d474602d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md @@ -0,0 +1,17 @@ +--- +title: "Syslog" +description: "Syslog" +sidebar_position: 20 +--- + +# Syslog + +If desired, the server logs and also the +**[Logbook](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md)** can be transferred to a Syslog +server. Double clicking on a database allows you to access its settings. The corresponding menu +items can be found there. + +![installation_with_parameters_232](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_232.webp) + +After activating the Syslog interface via the corresponding option, it is possible to configure the +Syslog server. If desired, the entire logbook can also be transferred via another option. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/_category_.json new file mode 100644 index 0000000000..45caf65f25 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Main menu", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "main_menu" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/advanced_settings.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/advanced_settings.md new file mode 100644 index 0000000000..418044d227 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/advanced_settings.md @@ -0,0 +1,38 @@ +--- +title: "Advanced settings" +description: "Advanced settings" +sidebar_position: 40 +--- + +# Advanced settings + +## What are advanced settings? + +Global standard default values are specified in the advanced settings. + +![advanced settings](/images/passwordsecure/9.2/configuration/server_manager/main_menu/installation_with_parameters_263-en.webp) + +#### Database server + +The database server stored here is used as a default value when rebuilding databases. There are 2 +modes: + +Simple mode + +In simple mode, the path to the database server including the user and the associated password can +be specified. You may use the service user for this purpose. + +Extended mode + +In extended mode, the connection string can be specified, which contains both the server, the user +and the password + +SMTP server + +By configuring the SMTP server you define all settings for emails, which the server should send, eg +via the notification system. At the final save, the connection is directly tested for functionality. +The “Save SMTP settings” button becomes active only after a change has been made. + +Log forwarding configuration + +Here you can define the settings which logs will be forwarded via mail diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/_category_.json new file mode 100644 index 0000000000..494288a0c3 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Backup settings", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "backup_settings" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/automated_deletion_of_backups.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/automated_deletion_of_backups.md new file mode 100644 index 0000000000..0defce7bf3 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/automated_deletion_of_backups.md @@ -0,0 +1,29 @@ +--- +title: "Automatic backup cleanup" +description: "Automatic backup cleanup" +sidebar_position: 20 +--- + +# Automatic backup cleanup + +It is possible to delete backups automatically after a certain period of time. This can be useful if +you append date and time to the backups and thus generate new files daily. + +![automatic cleanup](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated-deletion-of-backups-en.webp) + +###### Requirement + +**CAUTION:** It must be ensured that the user who sets up the automated deletion has sysadmin +privileges on the SQL server. + +###### Furnishing + +To be able to use the automatic cleanup, it must be activated first. + +For a proper function of the automatic deletion, the following must be defined: + +- the age of the backups which have to be deleted +- the SQL instance +- all paths where the automatic cleanup of the backup files is to be performed. + +![setup automatic backup cleanup](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated-deletion-of-backups-2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md new file mode 100644 index 0000000000..5373a6bb33 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md @@ -0,0 +1,85 @@ +--- +title: "Backup management" +description: "Backup management" +sidebar_position: 10 +--- + +# Backup management + +#### Introduction + +Regular backups of the data should always be part of every security concept. If you wish to create +backups directly on the SQL server, you should also include the Netwrix Password Secure databases. +If no central backups are carried out at the SQL level, you can create backup profiles using the +Server Manager. The backups themselves will then be generated on the SQL Server. + +#### Difference between an incremental and full backup + +A complete backup always saves all data in a database. An incremental backup also creates a complete +image of the database as the first step. In future, only the changes since the backup created at the +beginning will be saved. This saves both time and memory capacity. + +#### Backup concept + +It is recommended that an incremental backup is run every hour. In addition, a full backup should be +created once a week. + +#### Managing the backup schedule + +Creating a backup schedule + +You can create a new schedule via the ribbon. This is facilitated by a wizard. All the information +entered under [Backup settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md) will be used by default. + +A profile name is entered first. The desired databases are also selected. You also need to specify +the directory for the backups. + +![new backup profile - base settings](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_257-en.webp) + +NOTE: It must be a directory on the SQL server. + +Now set the time interval for creating the backups. A preview on the right will show when the +backups will be created in future. An end date can be optionally entered. + +![new backup profile - interval](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_258-en.webp) + +In the advanced settings, you can configure whether the backup should be activated directly. It is +also possible to specify whether to create incremental backups. If the date and time are added to +the file name, a new backup is created with each run. If this is not done, the last backup is always +overwritten. The service user can be used to create the backup or a service user can be specified +with a corresponding name and password. + +In addition, you can enter here whether the required certificates should be saved using a backup +task. Further information can be found in the section +[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md). + +![installation_with_parameters_259](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_259.webp) + +Backup run + +The backups are executed by the SQL server in the background. If an error occurs, this is indicated +in “orange” in the backup list. Information about any errors issued by the SQL server is displayed +under all backups. A backup will be automatically deactivated if it does not run 5x in a row. This +will be marked in the list in red. The schedule cannot be reactivated directly. You will need to +open it and amend it. + +Other backup actions + +A selected schedule can be deleted via the ribbon. The wizard for a schedule can be called up by +double-clicking on it to make any changes. In addition, a backup can be started directly via the +ribbon at any time. The backup service must be running for this purpose. You can also display this +in the history. + +#### Restoring data from a backup + +Restoring data from backups is performed using the database module. Data can only be restored to +existing databases. Firstly, select the required database. You can now select Insert in the ribbon. + +![restore backup](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_260-en.webp) + +If necessary, firstly enter login data for the user that logs in to the SQL server – although the +service user is generally used here. Now select the backup file. All the backups contained in the +file will then be displayed. Now simply click on Restore to restore the backup to the existing +database. + +![Database restore](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_261-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_settings.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_settings.md new file mode 100644 index 0000000000..6bc2bd279f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_settings.md @@ -0,0 +1,20 @@ +--- +title: "Backup settings" +description: "Backup settings" +sidebar_position: 20 +--- + +# Backup settings + +## What are backup settings? + +Within the backup settings the default values for the execution of backups can be defined. + +![Backup settings](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/installation_with_parameters_255-en.webp) + +#### Interval settings + +The interval for backups can be customized as needed. A separate assistant is available for this +purpose. + +![define interval in backup settings](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/installation_with_parameters_256-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md new file mode 100644 index 0000000000..cecd1d6234 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md @@ -0,0 +1,123 @@ +--- +title: "Disaster recovery scenarios" +description: "Disaster recovery scenarios" +sidebar_position: 30 +--- + +# Disaster recovery scenarios + +#### Finding a quick solution in the event of a disaster + +In our experience, Netwrix Password Secure is usually installed in IT in a central location. If the +system fails, it must be possible to gain access to the passwords again as quickly as possible. This +section is designed to help you quickly find a solution in the event of a problem. + +#### Prevention + +It is extremely important to create a sensible recovery plan and to make corresponding preparations. +Unfortunately, it is not possible to supply a finished recovery plan because it always needs to be +created individually. The following points should be taken into account in this process: + +Creating backups + +It is of course essential in the event of a disaster that you can access a backup that is as +up-to-date as possible. Therefore, it is necessary to regularly create +[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md). + +Who is responsible in the event of a disaster? + +The first thing to decide is who should take action in the event of a disaster. Corresponding +deputies should also be defined. The responsible employee should have the corresponding rights +within Netwrix Password Secure. + +Providing the required passwords + +What passwords do those people responsible need in order to restore Netwrix Password Secure? + +- Domain password to log into the specific computer +- Password for the Server Manager +- Access data for the service user +- Access data for the SQL user +- Password for logging into Netwrix Password Secure + +Furthermore, it must be ensured that the responsible user has access to these passwords at all +times. The following options are possible: + +- Store the passwords in the company safe +- Create corresponding [Offline Add-on](/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md) +- Periodically create a HTML WebViewer file with automatic delivery via a system task including + e-mail forwarding which can be configured in + [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) + +#### Disaster scenarios + +The following section will describe various disaster scenarios including the possible recovery +steps. + +Scenario 1 + +Problem: + +Database is corrupt + +Solution: + +Restore the database from a backup. + +Scenario 2 + +Problem: + +Database server is faulty + +Solution: + +Install the database server on new hardware. If the server name changes as a result, the licence +needs to be reactivated. If the licence has already been activated multiple times, it may be that it +can only be released again by Netwrix. If the SQL instance name changes, the connection to the +database server needs to be reconfigured on the application server. This is carried out via the +basic configuration. + +Any existing offline databases will continue to function properly. + +Scenario 3 + +Problem: + +Application server faulty + +Solution: + +New installation on new hardware. The licence must be reactivated. If the server name has changed, +it may be that the licence can only be released again by Netwrix. The basic configuration must be +completed to restore the connection to the database server. If the server name changes, the database +profile on the client needs to be amended. + +Any existing offline databases need to be recreated! + +Scenario 4 + +Problem: + +Both servers are faulty but passwords from Netwrix Password Secure are required urgently. + +Solution: + +Install the database server and application server on new hardware. The licence must be reactivated. +Restore the database from the backup. The basic configuration must be completed to restore the +connection to the database server. If the licence has already been activated multiple times, it may +be that it can only be released again by Netwrix. + +Any existing offline databases need to be recreated! + +Scenario 5 + +Problem: + +As for Scenario 4 but the Active Directory is also not available. + +Solution: + +As described for scenario 4. If the user was imported in end-to-end mode, you can also log in +without an AD connection. Users imported in Masterkey mode cannot log in. Therefore, it is +recommended that you create special, local emergency users for such cases. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/license_settings.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/license_settings.md new file mode 100644 index 0000000000..da50be8937 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/license_settings.md @@ -0,0 +1,54 @@ +--- +title: "License settings" +description: "License settings" +sidebar_position: 30 +--- + +# License settings + +## What are license settings? + +Licenses for the Netwrix Password Secure are managed within the license settings. In addition, all +current license details are displayed in the window provided for this purpose. + +![License settings](/images/passwordsecure/9.2/configuration/server_manager/main_menu/installation_with_parameters_262-en.webp) + +## Licenses + +**CAUTION:** Version 7 licenses cannot be used for Netwrix Password Secure version 9. “Please +contact us”: http: //www.passwordsafe.de to obtain a version 9 license. + +Licenses are linked via the Netwrix license server. Here are the details: + +- license.passwordsafe.de +- IP: 13.74.32.103 +- Port 443 TCP (standard HTTPS port) + +Ensure that this server is accessible. You may also use Proxy servers. The license is retrieved from +the server and stored in the server configuration. The license will be checked every hour, and +updated as required. The retention time is 30 days. If there is no internet connection, you can +continue to work for 30 days. If this period should cause problems, please contact us. + +#### Integrating and managing licenses + +After purchase, you will receive the required license information in the form of “customer name” and +“password”. Enter this information directly into the License Server Access area. Use the Select and +Activate button to establish a connection to the license server. You can select the acquired +licenses from a list. The license can be now used. + +NOTE: Optionally, you may specify a proxy. By default, the proxy stored in the operating system is +used. + +**CAUTION:** The licence is called up in the context of the service user. If you experience +connection problems, the firewall and, if relevant, the proxy should be checked. + +#### How to activate the license via license file + +1. Transition the file attached to this email to the Netwrix Password Secure Server(s). +2. Open the Netwrix Password Secure Server Manager. +3. Open the main menu and select the License settings area. +4. Open the License file tab. +5. Click Upload license file. + ![license_file_tab](/images/passwordsecure/9.2/configuration/server_manager/main_menu/license_file_tab.webp) +6. Select the file from this email and then click Open. + ![activated_license](/images/passwordsecure/9.2/configuration/server_manager/main_menu/activated_license.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/main_menu.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/main_menu.md new file mode 100644 index 0000000000..3226dfa20b --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/main_menu.md @@ -0,0 +1,18 @@ +--- +title: "Main menu" +description: "Main menu" +sidebar_position: 90 +--- + +# Main menu + +## What is the main menu? + +The operation and structure of the Main menu/Backstage menu is the same for the +[Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md) on the client. This area can be used +independently of the currently selected module. + +- [General settings](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/general_settings_admin_client.md) +- [Backup settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md) +- [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md) +- [Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/_category_.json new file mode 100644 index 0000000000..fa9a46e09d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Managing databases", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "managing_databases" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/_category_.json new file mode 100644 index 0000000000..4d4f954e47 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Database settings", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "database_settings" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/database_settings.md b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/database_settings.md new file mode 100644 index 0000000000..2828ad39dc --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/database_settings.md @@ -0,0 +1,25 @@ +--- +title: "Database settings" +description: "Database settings" +sidebar_position: 10 +--- + +# Database settings + +To open the settings of a database, select it and click on "Settings" in the ribbon. Alternatively +you can open the context menu with the right mouse button and click on "Properties". In the next +step you will be asked to enter your admin password. After that a window with the settings will +open. + +#### Settings + +You can now make the following settings: + +- Authentication +- [Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md) +- [Session timeout     ](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md) +- [HSM connection via PKCS # 11](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md) +- Automatic cleanup +- SAML configuration +- Deletion of users +- More options diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md new file mode 100644 index 0000000000..ffe601dbd5 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md @@ -0,0 +1,49 @@ +--- +title: "HSM connection via PKCS # 11" +description: "HSM connection via PKCS # 11" +sidebar_position: 30 +--- + +# HSM connection via PKCS # 11 + +## What is the HSM connection? + +The HSM connection ensures that the certificates can be outsourced to the HSM. This ultimately leads +to an increased protection because the certificates are not directly in the server’s access. The +connection is effected via PKCS # 11. + +#### Requirements + +In order to be able to connect an HSM, the following conditions have to be met: + +- An executable HSM has to be available. +- The PKCS # 11 drivers have to be installed on the application server. +- The device is set up via the Administrator database on the Server Manager. + +**CAUTION:** Please note, if an HSM is to be used, the database also has to be set up thoroughly. It +is currently not possible to transfer an existing database to an HSM. + +#### Hardware compatibility + +In principle, any HSM should work with the PKCS#11 interface. However, it is recommended to try this +out in a test position or a PoC beforehand. + +#### Installation + +The installation is set up on the Server Manager via the database settings. + +![installation_with_parameters_235](/images/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/installation_with_parameters_235.webp) + +- **Library path**: Here you can find the installed PKCS # 11 driver of the HSM. +- **Token-Serial**: The serial number of the token is given here. +- **Token Label**: The name of the token. +- **PIN**: Finally, the PIN is specified for authentication at the token. + +## Use by Netwrix Password Secure + +As soon as the HSM is connected, all server keys are transferred to the HSM. This is the database +certificate. If the AD has been connected in Masterkey mode, the masterkey will also be transferred +to the HSM. Then the certificates are no longer stored in the certificate store of the application +server, but centrally managed by the HSM. All other keys are not stored on the HSM, but derived from +the masterkeys. Therefore, Netwrix Password Secure rarely accesses the HSM, for example, at server +startup or at the AD Sync. As a result, the load on the HSM can be kept low. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md new file mode 100644 index 0000000000..311f022a43 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md @@ -0,0 +1,23 @@ +--- +title: "Multifactor Authentication" +description: "Multifactor Authentication" +sidebar_position: 10 +--- + +# Multifactor Authentication + +## What is multifactor authentication? + +Multifactor authentication is used to secure the logon to the by an additional factor. The actual +setup takes place in the client. The configured en can then be used by any user + +Activation of different factors + +In the Databases module, select a database and open its settings via the ribbon... + +![Database settings](/images/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/mfa-de.webp) + +In the settings you define which second factors can be used. + +NOTE: If you want to use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the +corresponding checkbox. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md new file mode 100644 index 0000000000..8d92779b48 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md @@ -0,0 +1,13 @@ +--- +title: "Session timeout" +description: "Session timeout" +sidebar_position: 20 +--- + +# Session timeout + +Here you can set individually for each client when an inactive connection to the application server +is automatically terminated. Select the desired time period in the drop-down menu and save the +setting by clicking on **"Save"**. + +![session timeout](/images/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/session-timeout-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md new file mode 100644 index 0000000000..a95cfae9f0 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md @@ -0,0 +1,97 @@ +--- +title: "Managing databases" +description: "Managing databases" +sidebar_position: 70 +--- + +# Managing databases + +## Managing a database + +The available actions can be selected via the context menu that is accessed using the right mouse +button or also via the ribbon. + +![Managing databases](/images/passwordsecure/9.2/configuration/server_manager/managing_databases/installation_with_parameters_234-en.webp) + +## Database settings + +All database settings are saved in the database. It is necessary to log in to the database before +editing the settings. Any user that exists in the database can be used for this purpose. You can +always restore Global settings via the ribbon. + +Multifactor authentication + +This area can be used to configure which services will be used for multi-factor authentication. The +available services are: RSA Secure ID, SafeNet, YubiKey NEO, and YubiKey Nano. After selecting the +required service, specify the respective access data. You must also configure various services. In +this case, you can specify on the client which methods will be used by the individual users. + +Further information on this subject can be found in the +section[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). + +PKCS#11 + +Via the PKCS # 11 interface, the server keys can be protected via a hardware security module (HSM). +The interface can be configured here. + +Automatic clean up + +If desired, the logbook, **notifications, session recordings** and also the **historical documents** +can be automatically cleaned up here. You merely have to enter how old the data needs to be before +it is deleted. Logbook entries can be exported before the deletion process. + +**CAUTION:** It is important to note that the logbook is also used for the filter functions. If the +logbook is regularly cleaned up, it is possible that the full functions of the filter will no longer +be available. + +#### Database actions + +Show connection locks + +In the ribbon, all connection locks can be displayed. To do this, you must first log in to the +database. All locked users will be displayed in a list. The following is displayed: + +- User name (if known) +- Reason for lock +- Number of login attempts +- Expiry of the lock. The user can be unlocked by right-clicking on an entry. + +A user can be locked manually using the corresponding button. It is necessary to select the user, +configure the expiration of the lock and specify a reason. + +Show / disconnect sessions + +You can use the corresponding button to display all currently connected clients. After selecting a +session, the connection can be disconnected. + +Migration + +Once a database has been selected, the can be started via the ribbon. This also allows multiple +version 7 databases to be merged into one. + +**CAUTION:** When the migration is started, the database is set to migration mode. For the duration +of the migration, it is not possible to log in to the database – users who are already logged in +will be sent a corresponding message. The sessions will, however, remain open so that users can +continue working as soon as the migration is complete. + +Certificates + +Management of the certificates is very important. This is described in the section certificates. + +Display database users + +This button can be used to call up statistics about the users in the respective databases. It shows +you which users are active in which database. Naturally, this list can also be exported. + +#### Data backup + +Here you can view the history of all backups or also a single backup. + +Show history + +All backups of the database are displayed hierarchically in a sortable list. + +Importing + +A backup can be restored here. This can be done via a file or from the history. The procedure is +described under Backup management diff --git a/docs/passwordsecure/9.3/configuration/servermanger/msp/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/msp/_category_.json new file mode 100644 index 0000000000..048747ed4d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/msp/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "MSP", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "msp" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/_category_.json b/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/_category_.json new file mode 100644 index 0000000000..e5ccaed2bd --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Changes in the Server Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "changes_in_the_adminclient" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/changes_in_the_adminclient.md b/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/changes_in_the_adminclient.md new file mode 100644 index 0000000000..50ab4adf26 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/changes_in_the_adminclient.md @@ -0,0 +1,25 @@ +--- +title: "Changes in the Server Manager" +description: "Changes in the Server Manager" +sidebar_position: 10 +--- + +# Changes in the Server Manager + +#### Navigation + +In the previous on-prem version, there are the modules Databases (1) and Backups (2). + +![Modules in AdminClient](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/module-ac-en_606x403.webp) + +In the new MSP version these have been replaced by the modules Customers (1) and Cost Overview (2). + +![AdminClient - MSP module](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/module-msp-ac-en.webp) + +In the MSP version, you will find the individual customer databases under the Customers module. + +NOTE: The Backup module has been removed, because Netwrix Password Secure's own backup is not +suitable for environments with multiple customer databases. As a Managed Service Provider, you must +back up your customer databases yourself using appropriate measures. + +The Status and Web Application modules are identical in both versions. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/cost_overview_module.md b/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/cost_overview_module.md new file mode 100644 index 0000000000..5f9917c138 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/cost_overview_module.md @@ -0,0 +1,14 @@ +--- +title: "Cost overview module" +description: "Cost overview module" +sidebar_position: 20 +--- + +# Cost overview module + +In the Cost overview module, all billed customers are displayed. Here you can see all changes in the +number of users and options (1) for the current month (forecast) and the past months at a glance. +This view can be filtered by month (2). If you use your own billing system, you can export the +displayed or filtered values as a CSV file (3). + +![Cost overview](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/cost_overview/cost-overview-en_998x722.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/customers_module.md b/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/customers_module.md new file mode 100644 index 0000000000..064b96752d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/msp/changesintheadminclient/customers_module.md @@ -0,0 +1,105 @@ +--- +title: "Customers module" +description: "Customers module" +sidebar_position: 10 +--- + +# Customers module + +#### Creating a new customer + +Creating a new customer is done via the Customers module (1). Here, click on New (2) in the upper +left corner. This applies both to customers in a test phase and to customers who are to be billed +immediately. + +![create-new-customer-msp-en_1035x753](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/create-new-customer-msp-en_1035x753.webp) + +When creating a new customer, the customer name is specified under **General** (1). + +If (2) is not checked, a test customer is created without billing. This is then a customer in the +test phase. If (2) is checked, a customer will be created who will be charged by Netwrix from the +current month. + +At (3) a date is automatically entered that is four weeks in the future. This date can be changed by +the managed service provider for test customers as well as billed customers, for example to limit +the test period or if the date of a possible termination of a billed customer should be known in +advance. + +![General settings new customer](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/general-new-customer-msp-en_1029x682.webp) + +Under License (4) the maximum number of users can be specified. Here you have the possibility + +(5) to limit the number up to which new users can be created or not. The options booked by the +customer (6) can be activated or deactivated by ticking them off. All other settings are identical +to the on-prem version. + +![License settings new customer](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/licence-new-customer-msp-en_1013x675.webp) + +After saving, the test customers are displayed under Test (1) and the customers to be billed under +Billed (2). When you click on a (test) customer, you will see the associated + +information and activated options. By clicking the button Edit (3 + 4) you can make + +adjustments can be made. The contract data can be adjusted by Edit (3). + +The options can be activated or deactivated by Edit (4). + +![overview-1-msp-en](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/overview-1-msp-en.webp) + +#### Test customer view + +In the view of a test customer, the general contract data can be edited under the general contract +information under Edit (1) and the test customer can be converted to a billed customer. Billing +customers can no longer be converted back to test customers. + +Under Active options, options can be selected and deselected with Edit (2). For test customers, no +billing data is available in the Forecast, Last Months and Cost History fields. + +Since no costs are incurred for test customers, no information is displayed here under User history +(3), Forecast, Last months and Cost history. + +![test-customer-view-msp-en_1024x742](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/test-customer-view-msp-en_1024x742.webp) + +#### Billed customer view + +Here you can also edit the contract details and activate or deactivate options. Additionally you can +see the user history (4) of the last months, the forecast for the current month (5) including the +expected costs for the users and options, as well as the total amount. Furthermore, you will find +the statements of the last months (6) and a graphical representation of the cost history (7). + +![billed-customer-msp-en_1032x752](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/billed-customer-msp-en_1032x752.webp) + +#### Deactivating and reactivating a customer + +Both test customers and customers to be billed can be deactivated, e.g. if a test customer cannot +continue testing until later or if a customer to be billed does not pay his invoice. When +deactivating, all data is retained and the customer can be completely restored. + +To deactivate a customer, select the database (1) and then Deactivate (2). + +![deactivate-customer-msp](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/deactivate-customer-msp.webp) + +A reason (3) can be specified for the deactivation and then the database can be deactivated (4). + +![deactivate-customer-2-msp](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/deactivate-customer-2-msp.webp) + +To reactivate a deactivated customer, select the deactivated database (1) and then Activate (2). + +![reactivate-customer-msp-en](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/reactivate-customer-msp-en.webp) + +#### Deleting a customer + +To delete a customer, select the database (1) and then Remove (2). Removal is possible with both +active and deactivated customer databases. + +![remove-customer-msp-en_947x686](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/remove-customer-msp-en_947x686.webp) + +Deletion must be confirmed (3). + +![confirm-delete-customer-msp-en](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/confirm-delete-customer-msp-en.webp) + +The following dialog box (4) indicates that the database has been deleted in Netwrix Password +Secure, but you as an MSP are responsible for deleting the database in the SQL server as well as any +existing backups. + +![successfull-deletion-msp-en](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/successfull-deletion-msp-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/msp/msp.md b/docs/passwordsecure/9.3/configuration/servermanger/msp/msp.md new file mode 100644 index 0000000000..62296b76f3 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/msp/msp.md @@ -0,0 +1,15 @@ +--- +title: "MSP" +description: "MSP" +sidebar_position: 100 +--- + +# MSP + +Whether you are a partner or an end user of Netwrix Password Secure - this help will support you in +getting started with MSP and guide you safely through the configuration and operation of the +software. + +We are pleased that you have chosen Netwrix Password Secure for your password protection needs. + +We hope you enjoy discovering your new password manager! diff --git a/docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md b/docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md new file mode 100644 index 0000000000..8e37b45aba --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md @@ -0,0 +1,115 @@ +--- +title: "Operation and setup" +description: "Operation and setup" +sidebar_position: 80 +--- + +# Operation and setup + +## Structure of the Server Manager + +The structure of the Server Manager is based to a high degree on the structure of the actual client. +The control elements such as the ribbon and the info and detail areas can be derived from the +section dealing with the +client([Operation and Setup](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md)). + +NOTE: An initial password is required for the first login on Server Manager. The password is +“admin”. This password should be changed directly after login and carefully documented. + +#### Status module + +![Status Admin Client](/images/passwordsecure/9.2/configuration/server_manager/operation_and_setup/installation_with_parameters_248-en.webp) + +1. Ribbon + +As usual the ribbon can be found above. Because the module is purely informative, there is no +functionality in the ribbon, except for updating the view + +2. Notification area + +- The info area shows the status of the specific services. Click the icon to configure services. By + default, the base configuration is used. If necessary, individual parameters can be replaced or + adapted to personal requirements. +- You can start and stop a specific service via +- On the right side of the info area, the utilization of the processor and main memory is displayed + over two curves. +- In the “Backup service” area, the last backups are displayed using a diagram. There is a green bar + for a successful backup, a red symbolizes a failed backup. Additional information is displayed via + a mouseover. + +3. Server log + +The server logbook shown on the right of the screen monitors and controls the server. It shows all +relevant actions on the server in a comprehensible way, always displaying the last 100 entries. The + +| Action | Color | +| ----------------------------- | ------ | +| Expected actions | black | +| Events that require attention | orange | +| Problems and crashes | red | + +- Expected actions – such as starting and stopping services – are displayed in black +- All events (e.g. failed login attempts) that require attention are displayed in orange +- All problems (e.g. crashes) are marked in red + +The server logbook can be sorted in ascending and descending order by date and description via the +column headings. The period shown can be limited using . + +# Databases module + +Databases are managed in a dedicated module. All relevant information on the existing databases can +also be called up – completely without accessing the SQL server. + +![Databases Admin Client](/images/passwordsecure/9.2/configuration/server_manager/operation_and_setup/installation_with_parameters_252-en.webp) + +1. Ribbon + +2. Database overview + +In the database overview, all databases listed alphabetically. This section can be minimised using +the arrow symbol on the top, left edge. Right-click on one of the databases to display a context +menu with all available functions. + +3. Notification area + +The Info area displays all the information about the database currently selected in the database +overview. This information is ivided into the three subsections “Database summary, Data sets and +Database tables”. + +4. Recent backups + +List of recent backups. Can be sorted by date + +5. Database log + +The database log is used to monitor and control the specific databases. All relevant actions for the +selected database are displayed in a comprehensible manner in one list. The categorisation is +carried out in the same way as the server log according to the colours applied. + +#### Backups module + +There is also a separate module for configuring the backups. This means that all backups can be +configured and managed directly from the Server Manager. + +![backup-ac](/images/passwordsecure/9.2/configuration/server_manager/operation_and_setup/backup-ac.webp) + +1. Ribbon + +2. Backup overview + +All configured backups are listed here. The overview can be minimized to the left. Other functions +are available via right-click + +3. Notification area + +The notification area is divided into three sections. The “Basic settings, Advanced settings and +Info” sections for the selected database can be used + +4. Recent backups + +The last backups are displayed in a list on the right. + +5. All backups + +A tabular overview shows all previous backups. The view can be sorted as usual. Here you can see at +a glance, when which database was saved and whether the backup was successful. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/server_manger.md b/docs/passwordsecure/9.3/configuration/servermanger/server_manger.md new file mode 100644 index 0000000000..5e109a9826 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/server_manger.md @@ -0,0 +1,22 @@ +--- +title: "Server Manager" +description: "Server Manager" +sidebar_position: 10 +--- + +# Server Manager + +## What is the Server Manager? + +The Server Manager takes care of the central administration of the databases as well as the +configuration of the backup profiles. In addition, it provides the very important interface to the +Netwrix Password Secure license server. Furthermore, it is used for the administration of globally +defined settings, as well as the configuration of profiles for sending emails. +[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md) + +![Admin Client](/images/passwordsecure/9.2/configuration/server_manager/installation_with_parameters_187-en.webp) + +In this sense, the server service represents the interface between the client and the SQL server. +The Server Manager is responsible for configuring the server service. It allows the central +administration of the databases without having access to the SQL server. This is a huge advantage +with regards to organization and authorizations. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/settlement_right_key.md b/docs/passwordsecure/9.3/configuration/servermanger/settlement_right_key.md new file mode 100644 index 0000000000..3f7d391a2a --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/settlement_right_key.md @@ -0,0 +1,90 @@ +--- +title: "Settlement right key" +description: "Settlement right key" +sidebar_position: 50 +--- + +# Settlement right key + +#### Problem Description + +In the version 8.3.0.13378 passwords which cannot be decrypted for other users could be created. In +this case, individual users or even all users do not have the necessary legal key. If a user wants +to reveal an affected password, the following message is displayed: + +![installation_with_parameters_219_706x98](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_219_706x98.webp) + +#### Bugfix + +The bug was fixed with the version 8.3.0.14422 Hotfix 1. If an older version is in use, it is +important to update to the latest version 8.4.0.14576. + +#### Review and settlement of records + +When updating to version 8.4.0.14576, the Server Manager is checked for affected data records. + +###### Review via the Server Manager + +The results of the query show which passwords can be fixed by which user. (In this example, the +entries are highlighted in color). + +- Blue = password name +- Yellow = Repairable / Irreparable +- Orange = users / roles who can fix the password + +Reparable records + +Passwords in which users / roles with entitlement right and right key exist: + +![installation_with_parameters_220_584x65](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_220_584x65.webp) + +Irreparable records + +Passwords in which users / roles without a legal key or with a legal key but without an +authorization right exist: + +![installation_with_parameters_221_697x40](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_221_697x40.webp) + +###### Settlement of reparable records + +Damaged passwords are corrected automatically with the users / roles specified under ‘repairable +with’ when logging on to the client or Web Application. + +The right key can be checked using the form field permissions of password fields. If at least one +user has the right key, the password can be fixed. In the following example, only the user ‘white’ +has the right key and thus only this user can discover and correct the password. + +![installation_with_parameters_222_754x91](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_222_754x91.webp) + +When logging on to the database via the client, a cleanup task is started automatically. This task +always runs with the logged in user. In this case – as far as it is possible with the user – all +affected passwords are corrected. Thus, when all users have logged in once, all affected passwords +should be adjusted. + +###### Irreparable records (not repairable) + +Irreparable passwords cannot be corrected automatically. Nevertheless, it may happen that passwords +marked as irreparably can be corrected manually. + +First case + +In the first case, no user / role has the right key on the password. Thus, no user can decrypt or +correct the password. + +![installation_with_parameters_223_757x69](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_223_757x69.webp) + +The affected passwords have to be recreated. For the security, a new database with an older backup +can be included. From this database, the affected passwords / data can be taken over into the +current database again. + +Second case + +In the second case, there are users / roles who have the right key but not the right to claim. As +far as the number of irreparable passwords is limited, these can be used to check the form field +permissions manually. + +![installation_with_parameters_224_762x90](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_224_762x90.webp) + +For the passwords concerned, the user with the legal key must be given the right of authorization +temporarily to correct. If the corresponding user has the entitlement right, he can reset the legal +key, either automatically when logging in or manually when saving the authorizations. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md b/docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md new file mode 100644 index 0000000000..db720c7097 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md @@ -0,0 +1,74 @@ +--- +title: "Setup wizard" +description: "Setup wizard" +sidebar_position: 30 +--- + +# Setup wizard + +## What is the setup wizard? + +The setup wizard contains all relevant settings for setting up Netwrix Password Secure. The +individual points can also be changed later on. Separate sections are available for each. + +#### Defining the administrator password + +The first step is to define the authentication password for the Server Manager. The initial password +is “admin”. A new password needs to be entered during startup – this new password should be securely +and properly documented. It can be subsequently changed in the +[General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md). + +![setup-wizard-ac-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-en.webp) + +NOTE: The initial password is “admin”. + +#### License settings + +The second step is to complete the configuration for successively connecting to the licence server. +This step can also be carried out later “in the [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md) + +![setup-wizard-ac-2-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-2-en.webp) + +“license.passwordsafe.de” should be entered in the field “Licence server”. The other access data +(user name and password for the licence server will be sent to you by email). + +If necessary, access data for a possible proxy can also be issued – otherwise the proxy in the +operating system will be used. You can then select and activate the required license by clicking on +the corresponding button. + +#### Database server + +The configuration of the database server is also part of the +[Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) and can also be edited there later on. + +![setup-wizard-ac-3-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-3-en.webp) + +The database server must be specified along with the associated SQL instance. For simplicity, you +can copy the server name from the login window of the SQL server. + +The user that will be used to create the database on the SQL Server is also specified. The user +therefore needs **dbCreator** rights. Alternatively, you can use the service user for this purpose. +The “Advanced” button allows you to specify a **Connection String.** + +#### SMTP server + +The last step is to configure the SMTP server via which all emails are sent. This is also part of +the [Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) should it be necessary to make changes +later on. + +![setup-wizard-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-4-en.webp) + +Once the data has been entered and successfully tested, the wizard can be completed by clicking on +“Finish”. + +Security notes + +As soon as the setup wizard has been completed, two security notes will be displayed in the +**Status** + +module that need to be confirmed. + +**CAUTION:** It is recommended that you only confirm the security notes when the corresponding point +has actually been carried out. It is absolutely essential to ensure that regular +[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md) are created +and the [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) are backed up. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/_category_.json b/docs/passwordsecure/9.3/configuration/webapplication/_category_.json new file mode 100644 index 0000000000..c09eaf5cec --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Web Application", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "web_application" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md b/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md new file mode 100644 index 0000000000..4def61d070 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md @@ -0,0 +1,51 @@ +--- +title: "Authorization and protection mechanisms" +description: "Authorization and protection mechanisms" +sidebar_position: 30 +--- + +# Authorization and protection mechanisms + +## Security and protection on the Web Application + +As with the client, the records can be protected on the Web Application with different mechanisms. +The authorizations on records can also be managed in the Web Application. During the development of +the Web Application, there was always taken care that the operation is identical to the operation of +the client. Since the Web Application is based on HTML, it is unfortunately not possible to render +the client 100% identical. Therefore, the operation may differ in details. These deviations should +be clarified in this chapter. + +#### Permissions and rights concept + +###### Protections + +Password masking + +The password masking follows the familiar logic of the client. Due to this function, reference +should be made to the chapter of +[Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). + +There are marginal differences in the operation. The privacy protection is fixed or edited via a +button in the extended menu.. + +![installation_with_parameters_183](/images/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/installation_with_parameters_183.webp) + +The corresponding button is only displayed if the logged in user has the sufficient rights. + +If a record is provided with a privacy protection, this is shown in the header of the password. + +![installation_with_parameters_184](/images/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/installation_with_parameters_184.webp) + +Seal + +The seals also correspond in function to the known logic of the client. In the chapter seal further +explanations can be found. The +[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) +are configured in the extended menu via a button. + +![installation_with_parameters_185](/images/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/installation_with_parameters_185.webp) + +The button is only displayed for the users who have the rights to edit seals. If a record is sealed, +this will be shown in the password field. + +![seal_wc](/images/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/seal_wc.webp) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/_category_.json b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/_category_.json new file mode 100644 index 0000000000..10f748e3bd --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Functional scope", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "functional_scope" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md new file mode 100644 index 0000000000..a2f807a1b2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md @@ -0,0 +1,30 @@ +--- +title: "Application" +description: "Application" +sidebar_position: 80 +--- + +# Application + +The following functions are currently available in the **Application module**: + +Web & SAML applications: + +- Create +- Manage +- Delete + +NOTE: A detailed explanation of how to configure SAML can be found in the chapter “Configuration of +SAML” + +General functions: + +- Notifications +- Duplicate +- Move +- Favorite +- Quick view +- Connect password + +NOTE: The Web Application module Applications is based on the client module of the same name +“Applications”. Both modules differ in scope and design, but the operation is almost identical. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md new file mode 100644 index 0000000000..8a87958f40 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md @@ -0,0 +1,30 @@ +--- +title: "Documents" +description: "Documents" +sidebar_position: 90 +--- + +# Documents + +The following functions are currently available in the **Document module:** + +- New + New document can be added in the following ways: + ◦ Right click -> search + ◦ Search via the navigation bar + ◦ By Drag & Drop (by dragging the document into the window) + +- Open properties +- Update document +- Notifications +- Move +- Favourite +- Quick view +- Export +- Authorizations +- Create external link +- Print +- History + +NOTE: The Web Application module **Documents** is based on the client module of the same name +“Documents”. Both modules differ in scope and design, but the operation is almost identical. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md new file mode 100644 index 0000000000..bbcc9fad6f --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md @@ -0,0 +1,23 @@ +--- +title: "Forms module" +description: "Forms module" +sidebar_position: 50 +--- + +# Forms module + +The following functions are currently available in the **forms module**: + +- Add +- Open +- Delete +- Notifications +- Duplicate +- Favourite +- Quick view +- Permissions +- Print +- Export + +NOTE: The Web Application module **forms** is based on the client module of the same name. Both +modules have a different scope and design but are almost identical to use. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md new file mode 100644 index 0000000000..c05b876c01 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md @@ -0,0 +1,28 @@ +--- +title: "Functional scope" +description: "Functional scope" +sidebar_position: 10 +--- + +# Functional scope + +The **Web Application** will act as the basis for a constant enhancement. The current functional +scope will be explained at this point. For the purposes of clarity, the relevant modules will be +described in their own subsections. + +#### General functions + +- Global settings and User settings +- Global User rights + +#### Functions in the individual modules + +- [Password module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md) +- [Tag system](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md) +- [Organisational structure module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md) +- [Roles module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md) +- [Forms module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md) +- [Notifications](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/notifications.md) +- [Logbook](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md) +- [Application](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md) +- [Documents](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md new file mode 100644 index 0000000000..3308e1b963 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md @@ -0,0 +1,28 @@ +--- +title: "Logbook" +description: "Logbook" +sidebar_position: 70 +--- + +# Logbook + +The **logbook module** exists of the following features: + +- Filter function +- Quick view + +NOTE: The Web Application module logbook is based on the same called client module logbook. Both +modules differ in range and design. However, the handling is almost the same. + +Differences to the logbook on the Client: + +The following options are not available yet in the **Web Application**. If needed, you can use them +on the Client. + +- Documents +- Multifactor authentication +- Report configuration +- Applications +- Password Reset +- Password rules +- Sytem Task diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/notifications.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/notifications.md new file mode 100644 index 0000000000..f598d3e458 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/notifications.md @@ -0,0 +1,16 @@ +--- +title: "Notifications" +description: "Notifications" +sidebar_position: 60 +--- + +# Notifications + +- The **permission module** exists of the following features: +- Filter function +- Seal function +- Mark message as read/unread +- Quick view (use button and space bar) + +The Web Application module permissions is based on the same called client module notifications. Both +modules differ in range and design. However, the handling is almost the same. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/_category_.json b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/_category_.json new file mode 100644 index 0000000000..2f4190cfcb --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Organisational structure module", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "organisational_structure" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md new file mode 100644 index 0000000000..63e7052b7c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md @@ -0,0 +1,73 @@ +--- +title: "Organisational structure module" +description: "Organisational structure module" +sidebar_position: 30 +--- + +# Organisational structure module + +The following functions are currently available in the **organisational structure module**: + +- Adding/editing/deleting/authorizing users / organisational structures +- Notifications +- Drag & Drop +- Filter +- Quick view +- User settings +- User rights +- Changing passwords +- Print + +NOTE: The Web Application module organisational structure is based on the client module of the same +name. Both modules have a different scope and design but are almost identical to use. + +## AD connection in the Web Application + +The Active Directory connection in the Web Application works similiar to the Client. In the chapter +[Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +you can find further information. + +![Organisational structure WebClient](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_160-en.webp) + +The Web Application offers the following functions: + +- Import +- Manual synchronisation +- Manage profiles + +###### Radius + +You can reach the Radius server, if the import is in the Masterkey mode. The Radius server will be +provided in the Active Directory profile and will therefore deliver the possible authentication +methods in future. You will find further informations in the +[RADIUS authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md) +chapter. + +![installation_with_parameters_161](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_161.webp) + +###### Predefining rights + +To **predefine rights** in the Web Application, the procedure is the same as in the Client. +[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md)) + +Go to the module organisational structure to choose the organisation unit for which the rights shall +be predefined. Then choose **Predefine rights** in the menu bar. + +![installation_with_parameters_162](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_162.webp) + +**Creating the first template group:** A modal window will appear after clicking on the icon for +adding a new template group (green arrow) in which a meaningful name for the template group should +be entered. + +![installation_with_parameters_163](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_163.webp) + +Now you can add the appropriate roles and users. + +![installation_with_parameters_164](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_164.webp) + +You can add users and roles in different ways: + +- Add the appropriate roles and users at the toolbar under **Search and add**. +- Click on the loupe to see all the users and roles. + +![installation_with_parameters_165](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_165.webp) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md new file mode 100644 index 0000000000..36bb5b7a87 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md @@ -0,0 +1,20 @@ +--- +title: "User management" +description: "User management" +sidebar_position: 10 +--- + +# User management + +## How are the users managed in the Web Application? + +The user management strongly depends on whether the Active Directory has been connected or not. In +Master Key mode, the Active Directory remains the leading system. In all other modes, the user +administration is carried out via the organisational structure module. + +#### Creating local users + +When creating new users, you must pay attention to whether it is a **User (Basic View)** or a +**Advanced User (View)**. + +![installation_with_parameters_166](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/user_management/installation_with_parameters_166.webp) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md new file mode 100644 index 0000000000..f2b835195d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md @@ -0,0 +1,55 @@ +--- +title: "Password module" +description: "Password module" +sidebar_position: 10 +--- + +# Password module + +The **Password Module** currently provides the following functions: + +- Create +- Delete +- Edit +- Uncover password +- Quick search +- Add/edit form fields +- Tagged +- Duplicate +- Move +- Quick view (passwords automatically reveal) +- Favorites +- Filter +- Structural filter +- Authorization/edit rights +- Form field authorizations +- Change password undercover +- Password generator with guidelines +- Copy to clipboard +- Open Internet page +- View logbook +- Display seal/visibility protection +- German/English +- Change user password, if “Change password at next login” is active +- Show notifications +- Keyboard navigation + ◦ ALT+Q: Quick search + ◦ ALT+N: New record + ◦ ALT+S: Save in Edit/New View + ◦ ALT+DEL: Delete selected record + ◦ Arrow up/down in list: Change selection + ◦ Right/left arrow in list: Page forward/backward + ◦ Enter: Open selected record + +- Privacy screen +- Seal +- Print +- Create external link +- History +- Change form +- Export +- WebViewer Export + +NOTE: The Web Application module Password module is based on the module of the same name that is +located in the client. Both modules differ in scope and design, but are nevertheless almost +identical in terms of operation. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md new file mode 100644 index 0000000000..55a5e66583 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md @@ -0,0 +1,21 @@ +--- +title: "Roles module" +description: "Roles module" +sidebar_position: 40 +--- + +# Roles module + +The following functions are currently available in the **roles module:** + +- Add +- Delete +- Notifications +- Favourites +- Quick view +- Permissions +- User rights +- Print + +The Web Application module **roles** is based on the client module of the same name. Both modules +have a different scope and design but are almost identical to use. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md new file mode 100644 index 0000000000..8facda3781 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md @@ -0,0 +1,13 @@ +--- +title: "Tag system" +description: "Tag system" +sidebar_position: 20 +--- + +# Tag system + +The tag system currently offers the following functions: + +- Add +- Delete +- Edit diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/_category_.json b/docs/passwordsecure/9.3/configuration/webapplication/operation/_category_.json new file mode 100644 index 0000000000..69b8feec7d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Operation", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "operation" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md new file mode 100644 index 0000000000..e582734d02 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md @@ -0,0 +1,38 @@ +--- +title: "Filter or structure area" +description: "Filter or structure area" +sidebar_position: 30 +--- + +# Filter or structure area + +As is also the case on the client, it is possible to select between filter and structure. For this +purpose, the following buttons are available on the navigation bar + +![installation_with_parameters_169](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/filter_or_structure/installation_with_parameters_169.webp) + +1. Filter + +The filter on the Web Application is based on the +[Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md). Therefore, only those +characteristics specific to the Web Application will be described here. + +Using the filter + +Operation of the “Web Application filter” barely differs from the operation of the client filter. It +is only necessary to note that the Clear filter and Apply filter buttons can be found above the +filter. The configuration settings can also be found directly above the Web Application filter. + +Configuring the filter + +The configuration for the filter can be displayed via the following buttons: + +![installation_with_parameters_170](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/filter_or_structure/installation_with_parameters_170.webp) + +New filter groups can be added using **Add filter groups** and the current filter can be reset using +**Reset filter. Advanced mode** provides you with the possibility of deleting or moving individual +filter groups. The **Allow negation of filters** option can also be selected. + +2. Structure + +The structure can be operated in precisely the same way as on the client. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md new file mode 100644 index 0000000000..2b82e0ff90 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md @@ -0,0 +1,38 @@ +--- +title: "Footer" +description: "Footer" +sidebar_position: 70 +--- + +# Footer + +The footer displays various different information about the currently selected record in multiple +tabs. It can be activated or deactivated using the small arrow on the far right. The footer is +hidden by default. + +![installation_with_parameters_178](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/footer/installation_with_parameters_178.webp) + +1. Notification area + +The notification area shows who last had access to the record. The users are displayed using +corresponding icons or their avatars. Clicking on the user will display their rights. + +2. Logbook + +You can view the last log entries about the record in the logbook tab. + +3. History + +The history can also be displayed via a corresponding tab. + +4. Documents + +The documents tab can be used to access all linked documents. + +5. Notifications + +This tab shows who has subscribed to receive notifications about the record. + +6. Password Resets + +The Password Resets that have been performed can also be listed. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md new file mode 100644 index 0000000000..fe41a907eb --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md @@ -0,0 +1,44 @@ +--- +title: "Header" +description: "Header" +sidebar_position: 10 +--- + +# Header + +The header provides the following functions: + +![Header](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/header/installation_with_parameters_171-en_679x38.webp) + +1. Logo + +The logo acts as a home button. It always takes you back to the standard view. + +2. Display and hide filter + +As is also the case on the client, the filter or structure area can be displayed and hidden. + +3. Modules + +As is also the case on the client, modules like passwords, organisational structures, roles and +forms can be managed here. + +4. Quick search + +The quick search offers you the same functions as the quick search on the client. It searches in all +fields of the complete database except the password field. The tags are still searched. + +5. Quick search + +Upcoming tasks like export, import, print and so on are displayed here. + +6. Notifications + +here you will be informed about incoming notifications. The notification can also be called up by +clicking on it. + +7. Account + +The user who is currently logged in can be seen under account. You can log out by clicking on the +account. It is also possible to call up the settings in +[Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md). diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md new file mode 100644 index 0000000000..e33ac8612d --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md @@ -0,0 +1,23 @@ +--- +title: "List view" +description: "List view" +sidebar_position: 50 +--- + +# List view + +## What is list view? + +The central element of the navigation in the Web Application is list view, which clearly presents +the filtered elements. As list view in the Web Application provides the same functions as list view +in the client, we refer you at this point to the +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) section. + +![installation_with_parameters_176](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/list_view/installation_with_parameters_176.webp) + +#### Special features + +The list view differs from that on the client in the following areas: + +- List view cannot be individually configured +- There are – as is usual in a browser – no context menus diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md new file mode 100644 index 0000000000..1140cc9506 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md @@ -0,0 +1,93 @@ +--- +title: "Menu" +description: "Menu" +sidebar_position: 40 +--- + +# Menu + +## What is the menu? + +The ribbon on the client has been replaced by a menu on the Web Application. The menu thus +represents the central operating element on the Web Application. The functions available within the +menu are dynamic and are based on the currently available actions. Different actions are possible +depending on which view is currently being used. + +#### Menu bar + +The menu can take on two forms. In general, the **menu bar** containing the **most important +functions** is displayed. It will be described here using the example of the password module. + +![menu bar](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/menu_bar/installation_with_parameters_174-en.webp) + +1. Expand menu + +The size of the menu can be maximised using this button. + +2. New + +This option can be selected to call up the wizard for adding a new record. + +3. Open + +Displays the selected password and all of its details in the reading pane. + +4. Reveal + +Reveals the password. + +5. Permissions + +This button is used to configure the rights for the record. + +6. Password + +Copies the password to the clipboard. + +###### Advanced menu + +If the menu – as described above – is maximised, **all functions** are then available. The functions +on the menu bar are repeated here. The menu is divided into a number of sections. These correspond 1 +to 1 to the sections of the ribbon on the client. + +![Menu](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/menu_bar/installation_with_parameters_175-en.webp) + +In our example, the menu looks like this: + +1. New Item + +This section offers you more options for editing passwords. These include, for example, **Open** or +also **Delete**. + +2. Actions + +The actions can be used, for example, to mark the password as a Favourite or also to Duplicate it. + +3. Permissions + +This section does not offer any additional functions than simply opening the permissions. + +4. Clipboard + +This section can be used to copy all available fields to the clipboard. + +5. Start + +A website can be called up here. + +NOTE: As already described, the menu is dynamic and thus appears in a variety of different forms. +However, the basic function is always the same: The menu bar contains the basis functions, while the +advanced menu contains all functions. + +6. Extras + +All of the additional functions can be found here. These functions correspond to the main client and +will be described in the next section: + +[Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md) + +7. Password Reset + +The functions of the +[Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) can be found +here. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/_category_.json b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/_category_.json new file mode 100644 index 0000000000..a2da549604 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigation bar", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "navigation_bar" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md new file mode 100644 index 0000000000..14cb42bf61 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md @@ -0,0 +1,25 @@ +--- +title: "Navigation bar" +description: "Navigation bar" +sidebar_position: 20 +--- + +# Navigation bar + +The navigation bar provides the following functions. + +![navigation bar](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/installation_with_parameters_172-en_643x142.webp) + +1. Filter + +This function can be used to switch the view to the filter in the left section. You also have the +possibility to switch from filter to structure. + +2. Tabs + +The Tabs represent a secondary navigation function within the Web Application. For each action you +will do a new tab will be opend. + +Example + +![tab system](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/installation_with_parameters_173-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md new file mode 100644 index 0000000000..4b8b839771 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md @@ -0,0 +1,70 @@ +--- +title: "Settings" +description: "Settings" +sidebar_position: 20 +--- + +# Settings + +The settings are called up via the [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are +available: + +#### Language + +You can select German or English here by simply clicking on them. The change is made immediately and +does not require you to restart the browser. + +#### Extras + +Seal management + +Here you have the possibility to manage templates for seals. + +Tag management + +The tag management allows you to manage the tags. + +Image management + +With the image management, you can manage your icons and logos easily and quickly. + +![image management](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/settings/installation_with_parameters_179-en.webp) + +#### Adding icons and logos + +By clicking on the **New** button, the input mask will open. + +![new image](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/settings/installation_with_parameters_180-en.webp) + +After filling in and uploading the icon/logo, the process only needs to be saved. + +![save new image](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/settings/installation_with_parameters_181-en.webp) + +Edit / Delete icons and logos + +If an icon and/or logo is outdated, you can edit or even delete the stored icons/logos. + +![manage image](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/settings/installation_with_parameters_182-en.webp) + +#### Settings + +The following options can be managed via this menu item: + +- Global user rights +- Global settings +- User settings + +The management of these settings is based on the client. Further information can be found under +global [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) and +[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) + +The following settings are not available on the Web Application: + +- Customizable window caption +- Permitted document extensions +- Clipboard gallery +- Category: Proxy + +Account + +Here it is possible to change the password of the logged in user. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/user_menu_wc.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/user_menu_wc.md new file mode 100644 index 0000000000..c9bc19ba0c --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/user_menu_wc.md @@ -0,0 +1,39 @@ +--- +title: "User menu" +description: "User menu" +sidebar_position: 10 +--- + +# User menu + +The user menu can be found in the upper right corner of the Web Application. A right click on the +logged in user opens it. + +#### Options in the user menu + +![bin_1](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/user_menu/bin_1.webp) + +Settings + +All possible settings can be viewed in the following chapter settings. + +Bin + +In the bin you can manage your deleted passwords. + +Help + +A click on help takes you directly to the Netwrix Password Secure documentation page. + +Switch to Basic view + +What the Basic view is able to do in the web view can be inspected here. + +Lock + +This locks the user who is currently logged in and only needs to enter his password to use the web +client again. + +Log out + +The logged in user is logged out. All relevant information is now required to log on again. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md new file mode 100644 index 0000000000..e9eab3a3da --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md @@ -0,0 +1,85 @@ +--- +title: "Operation" +description: "Operation" +sidebar_position: 20 +--- + +# Operation + +Operation of the Web Application has been based as far as possible on the operation of the Netwrix +Password Secure client. Nevertheless, there are some differences that need to be noted and they are +described here. + +NOTE: There is also a Basic view in the Web Application. Everything worth knowing can be found at +the following link: web view Basic view + +#### Login + +There is no database profile on the Web Application. All databases approved for the Web Application +will be made available. The following information needs to be entered to log in: + +Database name + +User name + +Password + +![Login WebClient](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/installation_with_parameters_167-en.webp) + +After successfully logging in, the last database name used and the last registered user will be +saved. You thus only need to enter the password for the next login. + +#### Transferring login data via the URL + +The **database name** and **user name** can be transferred directly via the URL. The following +parameters are used here: + +- **database** for transferring the database nam +- **username** for transferring the user name + +The parameters are simply attached to the URL for the Web Application and separated from one another +with a **&**. + +Example + +You want to call up the Web Application under **https://psr_Web Application.firma.com.** In the +process, you want the login mask to be directly filled with the database **Passwords** and the user +name **Anderson**. The following URL is then used: **https://psr_Web +Application.firma.com/authentication/ login?database=Passwords&username=Anderson** + +NOTE: It is possible to only transfer the database. The user name is not absolutely necessary. + +#### Structure + +The Web Application is split into a number of sections that are described below. + +![Operation](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/installation_with_parameters_168-en.webp) + +1. [Header](/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md) + +The header provides access to some essential functions. + +2. [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md) + +It is possible to switch between module and filter view on the navigation bar. + +3. [Filter or structure area](/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md) + +As is also the case on the client, it is possible to select between filter and structure. + +4. [Menu](/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md) + +The ribbon on the client has been replaced by a menu bar on the Web Application. + +5. [List view](/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md) + +The records currently selected using the filter can be viewed in list view. + +6. [Reading pane](/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md) + +The reading pane shows you details about the relevantly selected element. + +7. [Footer](/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md) + +Various information about the record is displayed in the footer. For example, logbook entries or the +history. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md new file mode 100644 index 0000000000..3363bf7979 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md @@ -0,0 +1,21 @@ +--- +title: "Reading pane" +description: "Reading pane" +sidebar_position: 60 +--- + +# Reading pane + +## What is the reading pane? + +As with the list view, the reading pane on the Web Application is almost identical to that on the +client. Therefore, we also refer you here to the corresponding +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) section. + +![reading_pane](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/reading_pane/reading_pane.webp) + +Various information is displayed on the header – as is the case with the client. For example, the +tags for the records or information on whether the record is public or private. Password masking is +also symbolised here. + +NOTE: There are – as is usual in a browser – no context menus diff --git a/docs/passwordsecure/9.3/configuration/webapplication/problems_with_the_server_connection.md b/docs/passwordsecure/9.3/configuration/webapplication/problems_with_the_server_connection.md new file mode 100644 index 0000000000..1e865a1aa2 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/problems_with_the_server_connection.md @@ -0,0 +1,27 @@ +--- +title: "Problems with the server connection" +description: "Problems with the server connection" +sidebar_position: 40 +--- + +# Problems with the server connection + +If no connection can be established from the Web Application, there are several possible causes: + +Server not started + +First, you should check whether the application server is running. + +Service not started + +The Windows service administration should be used to check whether the **Netwrix Password Secure +Service** has been started. + +Port not released + +Port 11016 TCP must be released on the application server. + +CORS not configured + +Make sure that the CORS configuration has been implemented. Further information can be found in +chapter Installation Web Application diff --git a/docs/passwordsecure/9.3/configuration/webapplication/web_application.md b/docs/passwordsecure/9.3/configuration/webapplication/web_application.md new file mode 100644 index 0000000000..853d714743 --- /dev/null +++ b/docs/passwordsecure/9.3/configuration/webapplication/web_application.md @@ -0,0 +1,28 @@ +--- +title: "Web Application" +description: "Web Application" +sidebar_position: 40 +--- + +# Web Application + +## What is the Web Application + +The previous WebAccess function has been replaced by the **Web Application” in Netwrix Password +Secure version** **8.3.0. The completely newly developed \*Web Application** will act as the basis +for the constant enhancement of the functional scope. The desired objective is to also provide the +full functional scope of the client in the Web Application. The **Web Application** will thus be +constantly enhanced. All of the currently available functions can be viewed in the +[Functional scope](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/functional_scope.md) section. + +![WebClient](/images/passwordsecure/9.2/configuration/web_applicaiton/installation_with_parameters_159.webp) + +**Netwrix Password Secure Web Application** enables platform-independent access to the database via +a browser. It is irrelevant whether you are using Microsoft Windows, macOS or Linux, it is only +necessary for javascript to be supported. As the **Netwrix Password Secure Web Application** has a +responsive design, it can also be used on all mobile devices such as tablets and smartphones. + +The **Web Application** is based both optically and also in its operation on the Netwrix Password +Secure client. As usual, users can only access the data for which they also have permissions. The +installation is described in the section +[Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) diff --git a/docs/passwordsecure/9.3/enduser/_category_.json b/docs/passwordsecure/9.3/enduser/_category_.json new file mode 100644 index 0000000000..47348ad344 --- /dev/null +++ b/docs/passwordsecure/9.3/enduser/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting Started for End Users", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/enduser/advancedview.md b/docs/passwordsecure/9.3/enduser/advancedview.md new file mode 100644 index 0000000000..4a2f16458c --- /dev/null +++ b/docs/passwordsecure/9.3/enduser/advancedview.md @@ -0,0 +1,20 @@ +--- +title: "Outlook: Advanced View" +description: "Outlook: Advanced View" +sidebar_position: 50 +--- + +# Outlook: Advanced View + +Curious about how you can manage your team in Netwrix Password Secure? + +Learn more about how to … + +- Share passwords masked / only for a limited time (i.e. with working students or interns) +- Separately authorize the disclosure of passwords +- View the password quality and monitor all actions in your team +- View the reasons given by your team members for revealing passwords in plain text +- And much more! + +Simply contact your IT department for further information on the advanced view of Netwrix Password +Secure. diff --git a/docs/passwordsecure/9.3/enduser/browserextension.md b/docs/passwordsecure/9.3/enduser/browserextension.md new file mode 100644 index 0000000000..69c596e1b5 --- /dev/null +++ b/docs/passwordsecure/9.3/enduser/browserextension.md @@ -0,0 +1,49 @@ +--- +title: "Get the Browser Extension" +description: "Get the Browser Extension" +sidebar_position: 10 +--- + +# Get the Browser Extension + +First, Netwrix Password Secure is designed to make and keep your passwords more secure. But this +also means that managing - and logging in with them - is easier and saves time! That's why you need +the browser extension to save yourself the hassle of typing in passwords in future and to be logged +in to all your website accesses with just one click! + +Step 1 – Is your browser extension already installed? You can find out by: + +- Looking for this icon next to the URL input field in your browser. See the icon in the top bar of + the screenshot below. +- Opening the Password Secure Web App, logging in and scrolling down: If not installed yet, you can + find the download link in the footer. See the Download Edge Extension link in the bottom center of + the screenshot below. + +![downloadextension](/images/passwordsecure/9.2/enduser/downloadextension.webp) + +NOTE: If you need more information about installing the browser extension, please visit the +following topic in our documentation: +[Installation Browser Extension](https://helpcenter.netwrix.com/bundle/PasswordSecure_9.0/page/Content/PasswordSecure/Installation/Browser/Installation_Browser_Add-on.htm) + +Step 2 – After downloading, the browser extension is simply dragged and dropped into the browser. +See the Get button in the upper-right section of the screenshot below. + +![getextension](/images/passwordsecure/9.2/enduser/getextension.webp) + +Step 3 – After confirming a security question, it is installed, and an icon appears in the menu bar +to "add the extension". + +![addextension](/images/passwordsecure/9.2/enduser/addextension.webp) + +Step 4 – Please open or reload the web application of Netwrix Password Secure (see link in email +from your administrator) to connect your user profile with the extension. See the lock icon in the +screenshot below. + +![extensionadded](/images/passwordsecure/9.2/enduser/extensionadded.webp) + +Step 5 – Now click on this icon in your browser to open the browser extension. See the Adopt Select +**Adopt Web Application profile**. Done! + +![nodatabaseprofile](/images/passwordsecure/9.2/enduser/nodatabaseprofile.webp) + +RECOMMENDED: If not done yet, bookmark this page to have it quickly at hand! diff --git a/docs/passwordsecure/9.3/enduser/cleanuppasswords.md b/docs/passwordsecure/9.3/enduser/cleanuppasswords.md new file mode 100644 index 0000000000..f97813b05b --- /dev/null +++ b/docs/passwordsecure/9.3/enduser/cleanuppasswords.md @@ -0,0 +1,84 @@ +--- +title: "Clean up Your Passwords" +description: "Clean up Your Passwords" +sidebar_position: 20 +--- + +# Clean up Your Passwords + +For a clean relocation of passwords, it is important to clean up all your passwords beforehand. This +means to check which secrets are still up-to-date or if there are any duplicates you can remove +first! + +## Transer Data from Your Browser + +With Netwrix Password Secure, you now have the right tool to save and manage all your secrets handy +at one place and above all a safe alternative to browser-saved passwords! But how can you now +securely import them to your new solution? + +Simply do this: + +Step 1 – Every time you login to a website now and your browser wants to autofill, this Password +Secure Pop-up will appear, asking you if you would like to save your secret in Netwrix Password +Secure. Just click **Create new**. See the screenshot below. + +![createnew](/images/passwordsecure/9.2/enduser/createnew.webp) + +Step 2 – Now the Web Application will open and automatically transfer the recognized login data, +including URL to a new data set. + +![createpassword](/images/passwordsecure/9.2/enduser/createpassword.webp) + +Step 3 – Choose an organizational unit in which you want to save it and give your new data set a +meaningful name to find it again quickly. (You now also have the option to add further information +and tags.) Now click **Save**. See the box to the right of Organizational unit in the screenshot +above. + +## Check for Weak Passwords + +Your passwords do not automatically become secure after they have been transferred to Netwrix +Password Secure. No matter how well protected a password is - if it is easy for a hacker to guess, +they don't need access to the password manager to use it. This is why our solution automatically +checks the strength of your password and much more. + +Step 1 – Paste your password in the password field. See the box to the right of the Password field +in the screenshot below. + +![passwordfield](/images/passwordsecure/9.2/enduser/passwordfield.webp) + +Step 2 – If it is not classified as "strong" (green), we strongly recommend using the integrated +password generator to assign a new, secure password: Therefore, just click on the white password +generator icon to the right of the password field. See the Strong button in the screenshot above. + +Step 3 – The password generator will open. A secure password is created automatically just click +“Apply”. (Learn more about the possibilities of our password manager in the next chapter.) + +![passwordgenerator](/images/passwordsecure/9.2/enduser/passwordgenerator.webp) + +Step 4 – Now don't forget to replace your password in the target application as well. + +**Great side effect!** The access data stored in your browser is no longer up to date and therefore +no longer a danger! You should also think about deleting these passwords from your browser +permanently. + +## Create Strong Passwords + +The password generator offers three possibilities to create a secure password. To open it, click on +“Create password” and then on the password generator icon right to the password field. + +Step 1 – Create a user defined password which gives you the most options such as including and +excluding special characters or defining the length of the password. + +![userdefined](/images/passwordsecure/9.2/enduser/userdefined.webp) + +Step 2 – Create a phonetic password that is easier to pronounce, but still complex. + +![phonetic](/images/passwordsecure/9.2/enduser/phonetic.webp) + +NOTE: This option is best suited for passwords that must be read and typed in, such as operating +machines without an internet connection. + +Step 3 – Create a password according to a set password rule in your company: If your IT has already +stored password guidelines for you, you can select them here and simply click on apply. + +![rule](/images/passwordsecure/9.2/enduser/rule.webp) diff --git a/docs/passwordsecure/9.3/enduser/createnewentry.md b/docs/passwordsecure/9.3/enduser/createnewentry.md new file mode 100644 index 0000000000..b1555eb7aa --- /dev/null +++ b/docs/passwordsecure/9.3/enduser/createnewentry.md @@ -0,0 +1,57 @@ +--- +title: "Create a New Entry from Scratch" +description: "Create a New Entry from Scratch" +sidebar_position: 30 +--- + +# Create a New Entry from Scratch + +Follow the steps to create a new entry from scratch. + +Step 1 – First, click _Create new password_ on the upper left in Netwrix Password Secure. + +![createnewpassword](/images/passwordsecure/9.2/enduser/createnewpassword.webp) + +Step 2 – A form will open. Now choose the form you need, such as "Website," on the upper right. See +the form drop-down list in the screenshot below. + +![selectform](/images/passwordsecure/9.2/enduser/selectform.webp) + +Step 3 – Let`s fill out the website form in this example. + +- Choose the organization unit you want to save the password in like the department. + +![selectou](/images/passwordsecure/9.2/enduser/selectou.webp) + +- Choose a permission template to define who else can see your password. + +![permissionstemplate](/images/passwordsecure/9.2/enduser/permissionstemplate.webp) + +- Set a description for your stored password. + +![description](/images/passwordsecure/9.2/enduser/description.webp) + +- Enter the username or email address needed for login. + +![username](/images/passwordsecure/9.2/enduser/username.webp) + +- Enter the password manually or use the password generator by clicking on the button in the middle + (high number). The password generator will open. + +NOTE: To learn more about the generating of passwords, see the +[Clean up Your Passwords](/docs/passwordsecure/9.2/enduser/cleanuppasswords.md) topic for additional information. + +![password](/images/passwordsecure/9.2/enduser/password.webp) + +NOTE: By clicking on the **lock icon** right to the password generator, you can mask and unmask your +password. + +- Enter the website URL that leads to the login. + +![websiteurl](/images/passwordsecure/9.2/enduser/websiteurl.webp) + +- Add one or more tags to categorize your password and find it easier (i.e., "HR" or "Internet"). + +![tags](/images/passwordsecure/9.2/enduser/tags.webp) + +Step 4 – Click **Save**, and you are done! diff --git a/docs/passwordsecure/9.3/enduser/organizepasswords.md b/docs/passwordsecure/9.3/enduser/organizepasswords.md new file mode 100644 index 0000000000..e8efc70ae4 --- /dev/null +++ b/docs/passwordsecure/9.3/enduser/organizepasswords.md @@ -0,0 +1,71 @@ +--- +title: "Organize Your Passwords" +description: "Organize Your Passwords" +sidebar_position: 40 +--- + +# Organize Your Passwords + +## Add a Team Tab + +The tab system is used to structure all your passwords: Tabs help you to make them easier to manage +and find. You can create several tabs and switch between them within one click. + +Follow the steps to add a team tab. + +Step 1 – Click on the **Plus** sign and a form will open. + +![newform](/images/passwordsecure/9.2/enduser/newform.webp) + +Step 2 – You can now search for a specific organizational unit by clicking on the tree on the left +or use the search field to find the unit you need. + +![search](/images/passwordsecure/9.2/enduser/search.webp) + +Step 3 – Click **OK** to close the form and your new team tab will open automatically. + +## Search with Tags + +With a growing number of managed passwords, it becomes even more important to maintain a structure +and overview. Therefore, Netwrix Password Secure works with tags instead of a folder system: You can +assign any number of tags to your passwords to categorize and find them again quickly. + +![assigntags](/images/passwordsecure/9.2/enduser/assigntags.webp) + +To find a password, just use the search field and enter a tag like the department or position you +are in (i.e., "Marketing"). Netwrix Password Secure now not only is searching for tags, but also for +“Marketing” in all Netwrix Password Secure fields (i.e., Content Marketing). + +![searchresults](/images/passwordsecure/9.2/enduser/searchresults.webp) + +NOTE: Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in +which this word does not appear will be displayed (i.e., all social media accounts that are used +outside of marketing = "-social media marketing"). + +## Choose Your View + +Netwrix Password Secure offers two different views - the list and tile view. Just **switch the +button** on the upper right to change views! + +List View + +The screenshot below shows the list view. + +![listview](/images/passwordsecure/9.2/enduser/listview.webp) + +Tile View + +The screenshot below shows the title view. + +![switchbutton](/images/passwordsecure/9.2/enduser/switchbutton.webp) + +When in **tile view**, you can also drag and drop the buttons on another position. By hovering over +them with the mouse, you will see more information like the username, and you can login with one +click. + +![titleview](/images/passwordsecure/9.2/enduser/titleview.webp) + +NOTE: The **list view** is suitable for many data sets while the tile view is particularly favorable +for the most frequently used secrets. + +RECOMMENDED: Use the list view for all shared secrets and the tile view for personal accounts. diff --git a/docs/passwordsecure/9.3/enduser/overview.md b/docs/passwordsecure/9.3/enduser/overview.md new file mode 100644 index 0000000000..0c153f6537 --- /dev/null +++ b/docs/passwordsecure/9.3/enduser/overview.md @@ -0,0 +1,24 @@ +--- +title: "Getting Started for End Users" +description: "Getting Started for End Users" +sidebar_position: 70 +--- + +# Getting Started for End Users + +It is time to set up your new password management solution Netwrix Password Secure! The process +won't take too long, but you should allow yourself a little time to get to know the product. As when +it comes to your IT security, it's important to make sure you get it right. Below is a step-by-step +guide to setting up a password manager and leading you through the first few steps. + +## How to Log In + +Where can I find my username and password? + +You can find your login data in the email provided by your administrator. This email also contains +the following information: + +- Link to the Netwrix Password Secure Web Application +- How to login +- Information about your browser extension +- Bookmark of Netwrix Password Secure diff --git a/docs/passwordsecure/9.3/faq/_category_.json b/docs/passwordsecure/9.3/faq/_category_.json new file mode 100644 index 0000000000..0c7ff6cade --- /dev/null +++ b/docs/passwordsecure/9.3/faq/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "FAQ", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/faq/security/_category_.json b/docs/passwordsecure/9.3/faq/security/_category_.json new file mode 100644 index 0000000000..1a38cad5e6 --- /dev/null +++ b/docs/passwordsecure/9.3/faq/security/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Security", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/faq/security/encryption.md b/docs/passwordsecure/9.3/faq/security/encryption.md new file mode 100644 index 0000000000..06ec693fb1 --- /dev/null +++ b/docs/passwordsecure/9.3/faq/security/encryption.md @@ -0,0 +1,43 @@ +--- +title: "Encryption" +description: "Encryption" +sidebar_position: 10 +--- + +# Encryption + +## Used Algorithms + +Safety has always been one of the most basic considerations when designing software. All other +requirements were assessed according to how safe they were. Parallel to the development phase, the +theoretical concepts of external security companies were examined in terms of feasibility, as well +as compliance with IT security standards. Prototypes have been ultimately developed on the basis of +these findings, which form the blueprint for the current Netwrix Password Secure version 9. The +following encryption techniques and algorithms are currently in use: + +- AES-GCM 256 +- PBKDF2 with 623,420 SHA256 iterations (client- and server-side) for the creation of user hashes +- PBKDF2 with 610,005 SHA256 iterations for the encryption of the user keys +- ECC (with the "NIST P-521" curve) for the private-public key procedure + +NOTE: All encryption algorithms used by Netwrix Password Secure are FIPS compliant. + +## Applied cryptographic procedures + +Applied cryptographic procedures The container encryption of the passwords is based on the +aforementioned algorithms. Each container has its own randomly generated salt. Each password, user, +and role has its own key pair. When releases are granted for users and roles, the passwords within +the database are hierarchically encrypted. Netwrix Password Secure also uses the following +cryptographic methods to achieve maximum security: + +To integrate an AD, you can choose between an end-to-end encryption (E2EE – the safest mode) and the +Master Key The server key is protected using the hardware security module (HSM) via PKCS#11 Brute +force protection for logging in by means of automatic blocking of the requesting client Certificate +protection when using applications Certificate request for client/server connection You may use your +own certificate authority (CA) as an option. Latest version of the Secure Sockets Layer (SSL) +Passwords are only encrypted and transported to the client when they have been explicitly requested +in advance. More… + +**CAUTION:** Only secrets are encrypted. Metadata is not encrypted to ensure search speed. Secrets +are usually passwords. However, the customer can decide what kind of data they are. Note that +Secrets cannot be searched for. diff --git a/docs/passwordsecure/9.3/faq/security/high_availability.md b/docs/passwordsecure/9.3/faq/security/high_availability.md new file mode 100644 index 0000000000..1b3ad7ffad --- /dev/null +++ b/docs/passwordsecure/9.3/faq/security/high_availability.md @@ -0,0 +1,43 @@ +--- +title: "High availability" +description: "High availability" +sidebar_position: 30 +--- + +# High availability + +## What is high availability? + +High availability is designed to guarantee the further operation of Netwrix Password Secure in the +event of damage. A series of requirements need to be met in advance in order to use this feature + +**CAUTION:** As the configuration of high availability is complex, it is (generally) implemented +during a consultation. If you are interested in this feature, please contact us directly or contact +your responsible partner. + +#### Requirements + +The following points should be observed during the configuration. + +- It is essential that MSSQL Enterprise Version is used for replicating the database (even in the + case of a replication across multiple locations) +- To achieve a better level of protection, we recommend operating the Netwrix Password Secure + database on its own cluster +- A Netwrix Password Secure application server needs to be licensed for each location. Every + application server has its own configuration database. + +Load balancer + +- To reduce the load on the server, a load balancer can be installed upstream of the application + server +- If no load balancer is used, the distribution of the database profiles for the users is generally + carried out via the registry + +If a database is set up at ”location A” including an AD profile, the certificate needs to exported +there and then imported onto the server at “location B”. The database is replicated using MSSQL +technology and can be integrated as an existing database into Netwrix Password Secure at “location +B”. If the application server at “location A” fails, the server in the registry needs to be replaced +(location B) and rolled out again to users using group rules (GPO). + +NOTE: Only peer-to-peer transaction replication is tested. If a different type of replication is +used, it should be tested in advance. diff --git a/docs/passwordsecure/9.3/faq/security/penetration_tests.md b/docs/passwordsecure/9.3/faq/security/penetration_tests.md new file mode 100644 index 0000000000..bc05ed4133 --- /dev/null +++ b/docs/passwordsecure/9.3/faq/security/penetration_tests.md @@ -0,0 +1,23 @@ +--- +title: "Penetration tests" +description: "Penetration tests" +sidebar_position: 20 +--- + +# Penetration tests + +## External Penetration tests + +The high security standards of Netwrix Password Secure are regularly attested by external pentests +of different providers. New functions in particular are always subjected to penetration tests in +order to have them thoroughly checked before release. The resulting findings enable us to detect and +eliminate potential vulnerabilities in advance. + +## Why we test regularly? + +In pentesting, external and certified security auditors look specifically for security gaps and +weaknesses in the software that an attacker could exploit. Attack scenarios are simulated on the +client side, the source code is checked and the quality of the cryptographic process is assessed. In +this way, the security of Netwrix Password Secure and the data stored in it is tested in advance in +order to be able to offer our customers effective protection and minimize the risk of success of an +attack. diff --git a/docs/passwordsecure/9.3/index.md b/docs/passwordsecure/9.3/index.md new file mode 100644 index 0000000000..f25fed5e95 --- /dev/null +++ b/docs/passwordsecure/9.3/index.md @@ -0,0 +1,25 @@ +--- +title: "Why Netwrix Password Secure?" +description: "Why Netwrix Password Secure?" +sidebar_position: 1 +--- + +# Why Netwrix Password Secure? + +## Users depend on passwords + +Now more than ever in their day-to-day business worldwide. They are used constantly and everywhere, +and they need to be professionally managed. Passwords should be safe, have at least 12 characters, +including uppercase and lowercase as well as special characters. In the best case, a separate access +password should be used for each account. It should be changed regularly. It is hard enough to meet +this challenge in private settings. In a large corporate environment, you wouldn’t be able to +adequately manage this task without the use of a professional password management tool. + +## Scalability + +The scalability of Netwrix Netwrix Password Secure (NPS) makes it suitable for use in SMEs, large +companies, and global corporations. The flexibility required for this task is the driving factor +behind our development to meet the ever-changing requirements of modern and safety-conscious +companies. NPS is the perfect software solution for companies that wish to effectively manage +security-relevant data such as passwords, documents, or certificates at a very high encryption +level. diff --git a/docs/passwordsecure/9.3/installation/_category_.json b/docs/passwordsecure/9.3/installation/_category_.json new file mode 100644 index 0000000000..64ab617b78 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/installation/installation.md b/docs/passwordsecure/9.3/installation/installation.md new file mode 100644 index 0000000000..7250488faa --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installation.md @@ -0,0 +1,79 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 20 +--- + +# Installation + +The following pages will provide you with all the information how to install the different Netwrix +Password Secure components. + +## System landscape + +The following overview presents a basic production Netwrix Password Secure system landscape. Version +9 allows the use of several database servers across all sites. These are then synchronized using +Microsoft SQL server tools. Any number of application servers can be made available for the client +connection. This ensures load distribution, and allows work without significant latency. This +technology offers enormous performance advantages, particularly in the case of installations that +are spread across worldwide locations. + +## Client (presentation layer) + +The client layer handles the representation of all data and functions, which are provided by the +application server. + +## Application server (business logic) + +The application server is entirely responsible for the control of the business logic. This server +only ever delivers the data for which the corresponding permissions are available. The multi-tier +architecture described at the beginning allows the use of several application servers and ensures +efficient load distribution. + +## Database server (data storage) + +Netwrix Password Secure uses Microsoft SQL Server to store data due to its widespread use, and its +ability to ensure high-performance access even in large and geographically scattered environments. +Smaller installations may also use the free SQL Express version. + +## Conclusion + +At least three servers are thus recommended: + +- Database server (MSSQL) +- Application server (Netwrix Password Secure services) +- Web server (IIS, NginX, Apache 2) + +**CAUTION:** For databases in a production system, we recommend using a fail-safe cluster. Microsoft +SQL Server can replicate the data to a different data centre, e.g via WAN. We also recommend +providing a Windows server for each function. Separating the systems makes it easier to expand and +scale the system landscape at a later point. However, it is not absolutely necessary to separate the +systems. Accordingly, all of the components can also be installed on one server in the case of +smaller installations or test environments. + +### Firewall rules / Ports + +## MSSQL Server + +- Port 1433 TCP for communication with application server (incoming) + +### Application server + +- Port 443 HTTPS for connection to the Netwrix Password Secure license server (outgoing) +- Port 11011 TCP for communication with clients or web server IIS (incoming) +- Port 11014 TCP for the backup service (usually does not need to be unlocked) +- Port 11016 TCP for the Web services (incoming; only when using the Web Application) +- Port 11018 TCP for real-time update (incoming) +- Port 1433 TCP for communication with SQL Server (outgoing) + +### Webserver (Web Application) + +- Port 443 HTTPS to access the webserver from the client (incoming) +- Port 11016 for communication to the application server (outgoing) +- Port 11018 for the real-time update (outgoing) + +### Client + +- Port 11011 TCP for communication with the application server (outgoing) +- Port 11018 TCP (outgoing) +- Port 52120 TCP with the add-on (outgoing) diff --git a/docs/passwordsecure/9.3/installation/installation_server_manager.md b/docs/passwordsecure/9.3/installation/installation_server_manager.md new file mode 100644 index 0000000000..6b75d3b922 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installation_server_manager.md @@ -0,0 +1,44 @@ +--- +title: "Installation Server Manager" +description: "Installation Server Manager" +sidebar_position: 20 +--- + +# Installation Server Manager + +## Guide + +The MSI installation files and the associated +[Application server](/docs/passwordsecure/9.2/installation/requirements/application_server.md) can be found in the corresponding +sections. The following step-by-step guide will accompany you through the wizards. + +![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-1-en.webp) + +First you are required to read and accept the license terms. These can also be printed. + +![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-2-en.webp) + +The next step is to define the location. The suggested location can be retained. + +If you want to use Netwrix Password Secure as an identity provider +[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) +must be selected. Otherwise, it will not be installed. + +![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-3-en.webp) + +Start the installation. + +![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-4-en.webp) + +The last step closes the setup and opens (if desired) the Server Manager. + +![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-5-en.webp) + +## Authentication + +After the installation, you can login directly to the Server Manager. + +![Server Authentication](/images/passwordsecure/9.2/installation/installation_server_manager/server-auth-en.webp) + +NOTE: The initial password for the first login is “admin”. It should be changed directly after the +logon. diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/_category_.json b/docs/passwordsecure/9.3/installation/installationbrowseraddon/_category_.json new file mode 100644 index 0000000000..e654bf472d --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation Browser Extension", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation_browser_add-on" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md new file mode 100644 index 0000000000..277b83e401 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md @@ -0,0 +1,24 @@ +--- +title: "Google Chrome" +description: "Google Chrome" +sidebar_position: 10 +--- + +# Google Chrome + +## Installing the add-on + +The installation of the Google Chrome Add-on is done directly from the Google Store. You can access +it via the following link: +[Add-on for Google Chrome](https://chrome.google.com/webstore/detail/netwrix-password-secure/bpjfchmapbmjeklgmlkabfepflgfckip). + +Alternatively, you can also access the Google Store via the Autofill Add-on. To do this, right-click +the icon to open the context menu. After a further click on Install Browser Extensions the Google +Chrome Add-on can be selected, whereupon you will be redirected directly to the Google Store. + +The installation is started via Add. + +The add-on is now installed and the icon is added to the browser. + +NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +installed yet. diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/installation_browser_add-on.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/installation_browser_add-on.md new file mode 100644 index 0000000000..4da7a236b8 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/installation_browser_add-on.md @@ -0,0 +1,14 @@ +--- +title: "Installation Browser Extension" +description: "Installation Browser Extension" +sidebar_position: 50 +--- + +# Installation Browser Extension + +Following browser extensions can be installed:  + +- [Google Chrome](/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md) +- [Microsoft Edge](/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md) +- [Mozilla Firefox](/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md) +- [Safari](/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md) diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md new file mode 100644 index 0000000000..8b6534686f --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md @@ -0,0 +1,18 @@ +--- +title: "Microsoft Edge" +description: "Microsoft Edge" +sidebar_position: 20 +--- + +# Microsoft Edge + +## Installing the add-on + +The installation of the Edge Add-on is done directly from the official Store. The Edge Add-on can be +downloaded from the following link: +[Add-on for Edge](https://microsoftedge.microsoft.com/addons/detail/netwrix-password-secure/ahdfobpkkckhdhbmnpjehdkepaddfhek). + +![Add-on Edge](/images/passwordsecure/9.2/installation/browser/addon-edge-en.webp) + +NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +installed yet diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md new file mode 100644 index 0000000000..f42bc00077 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md @@ -0,0 +1,20 @@ +--- +title: "Mozilla Firefox" +description: "Mozilla Firefox" +sidebar_position: 30 +--- + +# Mozilla Firefox + +## Installing the add-on + +The installation of the Firefox Add-on is done directly from the official Store. The Firefox Add-on +can be downloaded from the following link: +[Add-on firefox](https://addons.mozilla.org/en-US/firefox/addon/password-safe-browser-add-on/). + +After the download, the add-on is simply dragged and dropped into the browser. + +After confirming a security question, it is installed and an icon is created in the menu bar. + +NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +installed yet diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md new file mode 100644 index 0000000000..1c91616943 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md @@ -0,0 +1,15 @@ +--- +title: "Safari" +description: "Safari" +sidebar_position: 40 +--- + +# Safari + +## Installing the add-on + +The Safari Add-on can be downloaded from the following link: +[Add-on Safari](https://download.passwordsafe.de/v9/Netwrix_Password_Secure-9.0.3.dmg). + +To install it, simply double-click on the downloaded file. A window will open where you then only +need to drag and drop the Netwrix Password Secure logo onto the applications. diff --git a/docs/passwordsecure/9.3/installation/installationclient/_category_.json b/docs/passwordsecure/9.3/installation/installationclient/_category_.json new file mode 100644 index 0000000000..81712fa0bb --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationclient/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation Client", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation_client" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/installation/installationclient/installation_client.md b/docs/passwordsecure/9.3/installation/installationclient/installation_client.md new file mode 100644 index 0000000000..97b53020d8 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationclient/installation_client.md @@ -0,0 +1,100 @@ +--- +title: "Installation Client" +description: "Installation Client" +sidebar_position: 30 +--- + +# Installation Client + +## Guide + +The MSI installation files and the associated +[Client configuration](/docs/passwordsecure/9.2/installation/requirements/client_configuration.md) can be found in the corresponding +sections. The following step-by-step guide will accompany you through the wizards. + +![installation wizard page 1](/images/passwordsecure/9.2/installation/installation_client/installation-client-1-en.webp) + +You are required to read and accept the terms of service. These can also be printed. + +The next step is to define the location of the client. The suggested location can be retained.You +can also define whether additional components should be installed. + +**CAUTION:** Please only install the Terminal Server Service (for Autofill Add-on) if terminal +server operation is intended! + +![installation wizard page 2](/images/passwordsecure/9.2/installation/installation_client/installation-client-3-en.webp) + +The actual installation starts in the next step. + +![installation wizard page 3](/images/passwordsecure/9.2/installation/installation_client/installation-client-4-en_339x265.webp) + +The last step closes the setup and opens (if desired) the Client. + +![installation wizard page 4](/images/passwordsecure/9.2/installation/installation_client/installation-client-5-en.webp) + +## Installed applications + +There are always several applications installed. + +![client icon](/images/passwordsecure/9.2/installation/installation_client/cllient-en.webp) + +This is the regular Client. + +![offline client icon](/images/passwordsecure/9.2/installation/installation_client/psrofflineclient-en.webp) + +The Offline Add-on allows access to the data without connection to Server Manager. + +![icon_autofill_agent](/images/passwordsecure/9.2/installation/installation_client/icon_autofill_agent.webp) + +The Autofill Add-on is used for SSO applications. + +## Integrating a database + +For connection to the database, the creation of a database profile is obligatory. The following +information is required: + +- Profile name: The name of the profile. This will be displayed on the client in the future +- IP address: The IP address of the Netwrix Password Secure V8 server is stored here +- Database name: Specifies the name of the database + +## Distributing database profiles via the registry + +There is also an option to distribute database profiles. The profiles are specified via a +corresponding registry entry. The next time Netwrix Password Secure is started, the profiles will be +saved in the local configuration file. The database connection can be made with the following keys: + + +``` +HKEY_CURRENT_USER\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfiles +HKEY_LOCAL_MACHINE\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfiles + +``` + +These keys are structured like this: + +- HostIP: Server IP address +- DatabaseName: Name of the database +- LastUserName: The field for the user name can be specified here + +![profil-registry](/images/passwordsecure/9.2/installation/installation_client/profil-registry-en.webp) + +Is the profile set with the following entries? + + +``` +HKEY_LOCAL_MACHINE\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfiles + +``` + +Then the last used date base as well as the last registered user are created with the following ID, +when you log in for the first time: + + +``` +HKEY_CURRENT_USER\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfiles + +``` + +NOTE: When the corresponding registry entry is set and no related database profile exists, the +profile will be created at the next start-up. Please note that profiles created like this cannot be +edited or deleted in the client. diff --git a/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md b/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md new file mode 100644 index 0000000000..0e05de97f5 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md @@ -0,0 +1,31 @@ +--- +title: "Installation with parameters" +description: "Installation with parameters" +sidebar_position: 10 +--- + +# Installation with parameters + +## What is installation with parameters? + +The installation of the Netwrix Password Secure client can also be optionally run on the command +line. This method also requires the transfer of parameters. These can be combined with one another. +In this case, the individual parameters are separated from one another by a blank space. The +parameters listed in the following section enable you to adapt the type of client installation. + +## Running on the command line with parameters + +Run the installation via the command line: **MSI-FILE.msi [PARAMETER]** + +**Parameter** + +- **AUTOFILL_ADDON_AUTOSTART=“0”**: Deactivates launching the Autofill Add-on in Windows autostart +- **INSTALL_AUTOFILL_ADDON=“0**”: Deactivates the installation of the Autofill Add-on. In the list + of the components to be installed in the setup, a check mark has not been set but this can be set + again by the user +- **INSTALL_OFFLINE_ADDON=“0”**: Deactivates the installation of the Offline Add-on. In the list of + the components to be installed in the setup, a check mark has not been set but this can be set + again by the user +- **IGNORE_TS_SERVICES=“1”**: Deactivates the installation of the terminal server services, no + matter on which system the installation is running +- **INSTALL_IDP_SERVICE="1"** diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/_category_.json b/docs/passwordsecure/9.3/installation/installationwebapplication/_category_.json new file mode 100644 index 0000000000..c328f38534 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation Web Application", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation_web_application" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/apache.md b/docs/passwordsecure/9.3/installation/installationwebapplication/apache.md new file mode 100644 index 0000000000..762531e32a --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/apache.md @@ -0,0 +1,49 @@ +--- +title: "Apache" +description: "Apache" +sidebar_position: 10 +--- + +# Apache + +In order to integrate the Web Application onto an Apache server, it is first necessary to enter all +of the relevant settings: + +## Document directory + +The folder from which the Web Application should be operated is entered here. The default folder is +/var/www/html + +## SSL certificate path + +It is necessary to enter the directory in which the certificate will be saved here. + +## SSL certificate key path + +Finally, it is necessary to enter where the certificate key is located here. + +![apache-en](/images/passwordsecure/9.2/installation/installation_web_application/apache-en.webp) + +Once all of the settings have been entered, the Web Application can be created via the button in the +ribbon. The folder in which the ZIP file is located will then open automatically. The archive is now +unzipped and the contents copied to the document directory on the web server. + +The configuration for the Apache server has now also been created and can be viewed on the Server +Manager. + +![apache-en-2](/images/passwordsecure/9.2/installation/installation_web_application/apache-en-2.webp) + +The configuration can be selected using CTRL+A and copied. It is then directly integrated onto the +Apache server. + +NOTE: The configuration of the Apache server is always individual. Therefore, it is only possible to +roughly describe the process for a standard installation. + +## Standard configuration + +The file /etc/apache2/sites-available/default-ssl.conf is (for example "nano") opened. Everything +between``and``is now deleted and replaced by the +configuration from the server. Apache is subsequently restarted via systemctl reload apache. + +The Web Application is now ready to use and can be directly started. Further information can be +found at the end of this section under "SCalling up the Web Application". diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md b/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md new file mode 100644 index 0000000000..3b05c8d6b9 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md @@ -0,0 +1,93 @@ +--- +title: "Installation Web Application" +description: "Installation Web Application" +sidebar_position: 40 +--- + +# Installation Web Application + +**CAUTION:** This guide focuses on the initial installation of the Web Application and is not +relevant for further updates. + +## Preparations for installation + +### System requirements + +Please ensured that all [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md) requirements have been met. + +### SSL certificate + +When the web service is started, the certificate created in the basic configuration is configured +and connected to port 11016. This is the connection certificate for communication between the web +server and the Netwrix Password Secure server. + +### Databases + +All databases that are to be used on the Web Application must be enabled for this purpose. With a +double click on the corresponding database the option "Access via Web Application" can be activated. + +## Installation + +The Web Application is generated by the Server Manager and made available in a ZIP archive. +Depending on the web server, the ZIP archive is created accordingly. The installation also differs +depending on the web server used. Irrespective of the web server used, the following information +firstly needs to be entered: + +### Destination + +Name the folder where the ZIP archive with the Web Application should be placed. + +**CAUTION:** Do not use the Server Manager installation directory + +NOTE: If the web server is created on IIS, execute config.bat to handle integration of the web +server. + +### Server IP + +Please check if the IP address is correct otherwise no connection to the Web Application can be +established. If the IP address is wrong, you have to change it in the basic configuration of the +Server Manager. + +### Web server host address + +Enter the IP address or the host name of the web server. + +### Port + +Enter the port that is used to communicate with the Web Application. + +All of the subsequent steps or the required tasks will be explained in the associated chapters for +each specific web server. + +## Custom Branding + +You can personalize the Web App with your company’s branding by navigating to `Custom branding`. There, upload your logo files and specify the custom text you want to display; the updated branding will appear across the application once saved. + +![Custom branding configuration](/images/passwordsecure/9.3/installation/installation_web_application/configure_custom_branding.webp) + +## CORS configuration + +A button for the so-called CORS configuration can be found on the ribbon. It is essential that this +configuration is carried out before the Web Application can be used. A list of the permitted CORS +domains will be saved as a result. Requests received via the Web Application can then be checked +against this list. The request will only be successfully carried out if the origin header for a +request is available in the permitted domains. + +In order to add a domain, simply enter it at the bottom of the dialogue. Clicking on +:material-plus-circle-outline: will add the entry to the list at the top. + +![cors-en-new](/images/passwordsecure/9.2/installation/installation_web_application/cors-en-new.webp) + +NOTE: In general, it is sufficient to add the IP address which was also saved as the Web server host +address. + +## Calling up the Web Application + +The process for calling up the Web Application is dependent on the configuration of the web server: + +- Web Application in root directory -> `https://hostname` +- Web Application in a subdirectory -> `https://hostname/path-to-subdirectory` +- Port is not set to 443 -> `https://hostname:port/path-to-subdirectory` + +NOTE: In order for the redirect to be used, it is important to ensure on apache and nginx web +servers that no other host listens to port 80. diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/microsoft_iis.md b/docs/passwordsecure/9.3/installation/installationwebapplication/microsoft_iis.md new file mode 100644 index 0000000000..53771713f1 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/microsoft_iis.md @@ -0,0 +1,64 @@ +--- +title: "Microsoft IIS" +description: "Microsoft IIS" +sidebar_position: 20 +--- + +# Microsoft IIS + +If the Web Application is being operated on a Microsoft IIS web server, there are two methods for +integrating it into the system: + +## Create as its own website + +For this option, a website with the name "Web Application" will be directly created on the IIS by +config.bat. The Web Application will be operated here from the standard directory +C:\inetpub\wwwroot. + +## Integrate in existing website + +requires there to be an existing website. Therefore, a website needs to be firstly created on the +IIS web sever. The name of the website then needs to be entered in the Server Manager. It is also +necessary to enter the folder from which the Web Application should be operated under "website +directory". The format here is "/Web Application" + +![IIS installation](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-3-en.webp) + +Once all of the settings have been entered, the Web Application can be created via the corresponding +button in the ribbon. When the ZIP archive containing the Web Application has been created, it is +copied to the previously defined directory (C:\inetpub\wwwroot as standard) and unzipped there to +create a new directory. + +## Config.bat + +The file config.bat can be found in the newly created Web Application directory and now needs to be +executed when logged on as the administrator. This will integrate the Web Application into the IIS +web server. + +NOTE: If the system requirements have not been met, you will be informed that the URL Rewrite and/or +Application Request Routing modules need to be installed. In this case, follow the instructions on +the wizard that will then immediately open. In addition, it is necessary to install the WebSocket +Protokoll. Afterwards, config.bat needs to be executed again. + +If the website has been correctly created, this will be correspondingly indicated by the +notification IIS page created. + +![IIS-creating page](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-4-en.webp) + +**CAUTION:** Following a successful installation, it is imperative that config.bat is deleted! The +config.bat file should also not be used for an "update" + +## Certificate + +The certificate then needs to be saved. Select the newly created website on the IIS web server. The +bindings can now be opened on the far right. + +![IIS](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-5-en.webp) + +Select the https entry and open it for editing. The SSL certificate is then selected here. + +![IIS](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-6-en.webp) + +In addition, the Netwrix Password Secure certificate needs to be exported from the Netwrix Password +Secure Server and imported onto the ISS under local computer > trusted root certificate location -> +certificates. Further information can be found in the section "Certificates" diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/nginx.md b/docs/passwordsecure/9.3/installation/installationwebapplication/nginx.md new file mode 100644 index 0000000000..ab7ec622fb --- /dev/null +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/nginx.md @@ -0,0 +1,50 @@ +--- +title: "nginx" +description: "nginx" +sidebar_position: 30 +--- + +# nginx + +In order to integrate the Web Application onto an nginx server, it is first necessary to enter all +of the relevant settings: + +## Document directory + +The folder from which the Web Application should be operated is entered here. The default folder is +/var/www/html. + +## SSL certificate path + +It is necessary to enter the directory in which the certificate will be saved here. The standard +path here is /etc/nginx/certs/Web Application.crt. + +## SSL certificate key path + +Finally, it is necessary to enter where the certificate key is located here. The default setting is +/etc/nginx/certs/Web Application.key. + +![ngnix installation](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-9-en.webp) + +Once all of the settings have been entered, the Web Application can be created via the button in the +ribbon. The folder in which the ZIP file is located will then immediately open. The archive is +unzipped and its contents are copied to the document directory on the web server. + +The configuration for the nginx server was also created together with the ZIP file. This can be +directly viewed on the Server Manager. + +![ngnix installation](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-10-en.webp) + +The configuration then still needs to be integrated onto the nginx server. It can be directly copied +on the Server Manager for this purpose. + +NOTE: Every web server configuration is individual. Therefore, it is only possible to outline the +normal process for a standard installation. + +## Standard configuration + +The file /etc/nginx/sites-available/default is firstly opened. For example via "nano". Now search +for the entry `server { }`. The configuration for the Server Manager is then added. Finally, the web +server is restarted using the command systemctl restart nginx. + +The Web Application is now ready to use and can be directly started. diff --git a/docs/passwordsecure/9.3/installation/requirements/_category_.json b/docs/passwordsecure/9.3/installation/requirements/_category_.json new file mode 100644 index 0000000000..af267b40ba --- /dev/null +++ b/docs/passwordsecure/9.3/installation/requirements/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Requirements", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/installation/requirements/application_server.md b/docs/passwordsecure/9.3/installation/requirements/application_server.md new file mode 100644 index 0000000000..bb16428681 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/requirements/application_server.md @@ -0,0 +1,42 @@ +--- +title: "Application server" +description: "Application server" +sidebar_position: 10 +--- + +# Application server + +#### System Components + +| | | | +| ----------------- | ------------------ | ------------------ | +| Attribute | Minimum | Recommended | +| OS | MS Win Server 2019 | MS Win Server 2025 | +| Architecture | x64 | x64 | +| CPU [# Cores] | 4 | 8 | +| RAM [GB] | 16 | 32 | +| Disk Space [GB] | 70 | 100 | +| MS .Net Framework | 4.8 | 4.8.1 | +| MS WMF | 5.1 | 5.1 | + +#### + +#### Required configuration + +- Service User: local admin rights, 'logon as a service' allowed +- PowerShell Execution Policy: RemoteSigned +- Mandatory Ports/firewall rules + + - Port 443 HTTPS for connection to the Netwrix Password Secure license server (outgoing) + - Port 1433 TCP for communication with SQL Server (outgoing) + - Port 11011 TCP for communication with windows applications or web server IIS (incoming) + - Port 11016 TCP for the Web services (incoming; only when using the Web Application) + - Port 11018 TCP for real-time update (incoming) + - Port 11014 TCP for the backup service (usually does not need to be unlocked) + - Port 11015 TCP for Entra ID communication (incoming; only when using the Entra ID + provisioning) + - Port 11019 TCP for using Password Secure as Identity Provider (SAML) (incoming) + +- (Optional) Server needs to be domain-joined (only when using AD provisioning (not Entra ID)) +- (Optional) Provide SMTP-Server details: hostname, port, auth method, protocol (mandatory for a + variety of features) diff --git a/docs/passwordsecure/9.3/installation/requirements/client_configuration.md b/docs/passwordsecure/9.3/installation/requirements/client_configuration.md new file mode 100644 index 0000000000..a04c4f5141 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/requirements/client_configuration.md @@ -0,0 +1,31 @@ +--- +title: "Client configuration" +description: "Client configuration" +sidebar_position: 30 +--- + +# Client configuration + +#### System Components + +NOTE: Our Windows Application (Win App) is not available for MSP-customers! + +| | | | +| --------------------------- | ----------------------------------- | ---------------------- | +| Attribute | Minimum | Recommended | +| OS | Win 10 21H2 19044 Win 11 21H2 22000 | Win 11 23H2 22631.3235 | +| Architecture | x64 | x64 | +| CPU [Cores] | 4 | 8 | +| RAM [GB] | 8 | 16 | +| Disk Space [GB] | 50 | 100 | +| MS .NET Framework | 4.8 | 4.8.1 | +| RDP-Version (if applicable) | 10 | 12 | + +#### Required Configuration + +- Mandatory ports/firewall rules + **a**. Port 11011 TCP for communication with the application server (outgoing) + **b**. Port 11016 TCP for WebSocket communication with the server (outgoing) + +- WAN/VPN connection to application server: MTU-size = 1500 bytes (1472 bytes + 28 bytes for the + header) diff --git a/docs/passwordsecure/9.3/installation/requirements/mobile_apps.md b/docs/passwordsecure/9.3/installation/requirements/mobile_apps.md new file mode 100644 index 0000000000..89a0dc7ea5 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/requirements/mobile_apps.md @@ -0,0 +1,19 @@ +--- +title: "Mobile Apps" +description: "Mobile Apps" +sidebar_position: 50 +--- + +# Mobile Apps + +#### Required Version + +**CAUTION:** Our mobile apps are only supported on devices with the official OS (no jailbreak, not +rooted). + +| | | | +| ---------------- | ------- | ----------- | +| OS | Minimum | Recommended | +| iOS (Apple) | 17.7.1 | 18.1 | +| iPadOS (Apple) | 17.7.1 | 18.1 | +| Android (Google) | 13 | 15 | diff --git a/docs/passwordsecure/9.3/installation/requirements/mssql_server.md b/docs/passwordsecure/9.3/installation/requirements/mssql_server.md new file mode 100644 index 0000000000..2bbab17206 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/requirements/mssql_server.md @@ -0,0 +1,32 @@ +--- +title: "MSSQL Server" +description: "MSSQL Server" +sidebar_position: 20 +--- + +# MSSQL Server + +#### Required Version + +RECOMMENDED: Using MS SQL Server Express can lead to significant performance issues because of the +various limitations. Our recommendation is to use MS SQL Server Standard as a minimum. + +Please follow Microsoft recommendations for system requirements for SQL Server. + +| | | | +| --------------------- | ------- | ----------- | +| Attribute | Minimum | Recommended | +| MS SQL Server Version | 2019 | 2022 | + +**CAUTION:** If you plan to install the MS SQL Server on the machine with the Netwrix Password +Secure application server, please ensure to meet the combined minimum requirements for both systems. + +#### Required Configuration + +1. Service User: dbCreator (only required if the Netwrix Password Secure is used to create databases + (recommended)), dbOwner + **a**. (Optional) Sysadmin (only when using the Netwrix Password Secure Backup Service) +2. Collation: Latin1_General_CI_AS (if the MS SQL Server is using a different collasion, the + database needs to be created manually with the right collation and then be linked to/in Netwrix + Password Secure) +3. Port/firewall rule: Port 1433 TCP for communication with application server (incoming) diff --git a/docs/passwordsecure/9.3/installation/requirements/webserver/_category_.json b/docs/passwordsecure/9.3/installation/requirements/webserver/_category_.json new file mode 100644 index 0000000000..9b0df2001b --- /dev/null +++ b/docs/passwordsecure/9.3/installation/requirements/webserver/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Webserver", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "webserver" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/installation/requirements/webserver/browser.md b/docs/passwordsecure/9.3/installation/requirements/webserver/browser.md new file mode 100644 index 0000000000..0a3d03a546 --- /dev/null +++ b/docs/passwordsecure/9.3/installation/requirements/webserver/browser.md @@ -0,0 +1,20 @@ +--- +title: "Browser" +description: "Browser" +sidebar_position: 10 +--- + +# Browser + +#### Required Version + +Only the browser extension provided in the store of the supported browser is supported (NOT Chrome +browser extension used in Edge, for example). + +| | | | +| ----------------- | -------------------------- | ----------- | +| Supported Browser | Minimum | Recommended | +| Chrome | Last two Stable releases | Stable | +| Edge | Last three Stable releases | Stable | +| Firefox | ESR | Stable | +| Safari | Latest | Latest | diff --git a/docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md b/docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md new file mode 100644 index 0000000000..9da45043de --- /dev/null +++ b/docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md @@ -0,0 +1,39 @@ +--- +title: "Webserver" +description: "Webserver" +sidebar_position: 40 +--- + +# Webserver + +#### System Components + +| | | | +| --------- | --------------- | ----------------- | +| Webserver | Minimum | Recommended | +| IIS | 10 | 10 | +| Apache | 2.4.58 | 2.4.58 | +| NGINX | 1.24.0 (stable) | 1.25.4 (mainline) | + +#### Required Modules/Extensions + +| | | | | +| --------------------- | ------- | ----------- | ---------- | +| Attribute | Minimum | Recommended | Applies to | +| URL Rewrite mod | 2.1 | 2.1 | IIS | +| ARR | 3.0 | 3.1 | IIS | +| Websocket Protocol | - | - | IIS | +| mod_rewrite module | - | - | Apache | +| mod_proxy module | - | - | Apache | +| mod_ssl module | - | - | Apache | +| mod_proxy_http module | - | - | Apache | + +#### Required Configuration + +Mandatory Ports/firewall rules + +- Port 443 HTTPS to address the web server from the client (inbound) +- Port 11016 for communication with the application server (outgoing) +- Port 11018 for real-time updating (outgoing) +- (Optional) Port 11019 for using Password Secure as Identity Provider (SAML) (outgoing) +- (Optional) Port 11015 for Entra ID SCIM provisioning (outgoing) diff --git a/docs/passwordsecure/9.3/introduction/_category_.json b/docs/passwordsecure/9.3/introduction/_category_.json new file mode 100644 index 0000000000..7a06add9de --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Introduction", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "introduction" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/introduction/introduction.md b/docs/passwordsecure/9.3/introduction/introduction.md new file mode 100644 index 0000000000..9d5cd3dd79 --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/introduction.md @@ -0,0 +1,14 @@ +--- +title: "Introduction" +description: "Introduction" +sidebar_position: 10 +--- + +# Introduction + +## Welcome to the official Netwrix Password Secure documentation! + +All Netwrix product announcements have moved to the Netwrix Community. See announcements for +Netwrix Password Secure in the +[Password Secure](https://community.netwrix.com/c/password-secure/announcements/122) area of the +community. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/_category_.json b/docs/passwordsecure/9.3/introduction/versionhistory/_category_.json new file mode 100644 index 0000000000..ffb42b5dc3 --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Version History", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "version_history" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.0.30423.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.0.30423.md new file mode 100644 index 0000000000..52340922cc --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.0.30423.md @@ -0,0 +1,54 @@ +--- +title: "Version 9.0.0.30423" +description: "Version 9.0.0.30423" +sidebar_position: 100 +--- + +# Version 9.0.0.30423 + +## New + +#### Cross-client change\* + +- The encryption system has undergone significant enhancements to bolster its resistance against + brute force attacks. Moreover, it now aligns with the latest OWASP recommendations. + +#### Extended view (formerly FullClient) + +- Windows clients have transitioned to exclusive compatibility with 64-bit systems, optimizing + available RAM resources and enabling concurrent operation of more RDP sessions (also affects the + SSO and OfflineClient). RDP libraries have also been upgraded to 64-bit. +- In the recycle bin of organizational units, it is now possible to permanently delete objects via + multiple selections. +- The clarity of the user interface has been enhanced by defaulting to icons instead of logos, + offering a more streamlined experience. This adjustment also applies to the Web Application. + +\* This improvement affects all views (normal and advanced view) and Clients (Admin-, Web-, SSO- and +OfflineClient), the browser extension, API, and the server as well as MSP. + +#### MSP + +- Price details can now be customized on a per-customer basis, allowing for greater flexibility and + tailored pricing options. + +## Fixed + +#### Extended view (formerly FullClient) + +- The export now also works when using special separators. +- The export now also works, when text qualifier is empty. +- The "Add" permission for imported organizational units has been corrected. +- The report on "Inactive user accounts" now shows correct data. + +#### Web Application + +- The OTP field can now be reset. + +#### Server + +- The "User deleted" event is now correctly recorded in the logbook. + +#### Browser extensions + +- Even if no URL is stored, the username and password can now be copied from the browser extension + again. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md new file mode 100644 index 0000000000..9b52d3b21f --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md @@ -0,0 +1,29 @@ +--- +title: "Version 9.0.1.30479" +description: "Version 9.0.1.30479" +sidebar_position: 90 +--- + +# Version 9.0.1.30479 + +## Fixed + +#### Extended view + +- After duplicating a password, the quality of the password is recalculated correctly. +- RDP connections now work again on Windows Server 2019. + +#### Web Application + +- The quick view can now be scrolled correctly even if another modal popup is open. + +#### Browser Extension + +- The search in the browser extension now works as expected again. + +#### Server + +- System tasks are no longer deactivated after each run if they were configured with the interval + 'Once' in the past. +- HSM accesses are limited to a minimum now. +- A self-defined password can be used for the WebViewer export again diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.2.30602.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.2.30602.md new file mode 100644 index 0000000000..1d1c737d0a --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.2.30602.md @@ -0,0 +1,40 @@ +--- +title: "Version 9.0.2.30602" +description: "Version 9.0.2.30602" +sidebar_position: 80 +--- + +# Version 9.0.2.30602 + +## New + +#### Advanced view (formerly FullClient) + +- The fields "user colour" and "initials" have been removed. +- For better readability, the option "Change Active Directory synchronization status" has been + shortened to "Change AD sync state". +- The "Settings" tab doesn`t close anymore when another option is clicked on (This only affects the + Web Application.). + +#### Basic view (formerly LightClient) + +- The "View details" option has been renamed to the more appropriate term "Quick view", which is + already used in the extended view (This only affects the Web Application.). + +## Fixed + +#### Advanced view (formerly FullClient) + +- Uploading a file now also works if no file name (e.g. '.env') is specified. + +#### Web Application: + +- Buttons to multiselect documents and applications have been added in the mobile view. +- The "New organisational unit" dropdown menu closes now when another tab has been opened. +- When multiple objects are selected, the button "Form field permissions" is greyed out now. +- Predefined rights templates for more than one organizational unit can now be edited + simultaneously. + +#### Browser Extension + +- Passwords can now also be copied to the clipboard if no URL is stored. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.3.30606.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.3.30606.md new file mode 100644 index 0000000000..dbcbacc840 --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.3.30606.md @@ -0,0 +1,13 @@ +--- +title: "Version 9.0.3.30606" +description: "Version 9.0.3.30606" +sidebar_position: 70 +--- + +# Version 9.0.3.30606 + +## Fixed + +#### DesktopClient + +- The PuTTY Client has been updated to version 0.81. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md new file mode 100644 index 0000000000..6cf5f533f7 --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md @@ -0,0 +1,106 @@ +--- +title: "Version 9.1.0.30996" +description: "Version 9.1.0.30996" +sidebar_position: 60 +--- + +# Version 9.1.0.30996 + +## New + +#### Browser Extension + +- UserVoice Winner: Stored OTPs can now be retrieved directly via the browser extension. +- New improved autofill logic: The autofill function has been completely revised to enable a more + convenient automatic login in the browser. +- Cross-platform authentication is now possible: The Windows app, browser extension and autofill + add-on can now authenticate each other. +- UserVoice Winner: You can now also use htaccess forms for automatic login. +- The SSO agent connection for the browser extension has been deprecated. Here you can find + instructions on how to switch to server mode as well as an FAQ to this topic (This also affects + the autofill add-on.). +- Browser extension profiles can now be configured via policy. +- Opening Netwrix Password Secure from the browser extension now works correctly. + +#### Basic view (formerly Light Client)\* + +- SSO applications can now be connected with passwords. +- The button “Ignore application” has been renamed to “Hide application”. + +\*As the basic view on Windows has been deprecated with version 9.1.0, the basic view from now on +always refers to the web app. + +#### Server + +- Missing data is now migrated to ECC. +- The web server configuration routine for IIS has been improved. +- If you change the deployment mode to "Members of groups only" during AD synchronization, the + checkboxes for synchronization are now ignored. + +## Improvements + +#### Platform-client change\* + +The following names have been changed: + +| Obsolete | New (English) | New (German) | +| ------------------------------------ | ------------------- | ------------------- | +| WebClient | Web application | Web Application | +| LightUser / Basic view User | (Basic) user\* | (Standard) User\* | +| Basic view (Ansicht) | Basic view | Standardansicht | +| FullUser / FullClient User | Advanced user | Advanced User | +| FullClient (Ansicht) | Advanced view | Erweiterte Ansicht | +| Browser Add-on | Browser extension | Browser-Erweiterung | +| App | Mobile application | Mobile Application | +| Desktop Client | Windows application | Windows Application | +| Web Endpoint | Web server | Web Server | +| SSO Agent / SSO Add-on / SSO Service | Autofill add-on | Autofill Add-on | +| OfflineClient | Offline add-on | Offline Add-on | +| AdminClient | Server Manager | Server Manager | +| SAML Service | IdP service | IdP Service | + +\* This improvement affects all views (basic and advanced view), apps and add-ons (Server Manager, +web and Windows app, autofill and offline add-on) the browser extension, API, and the server as well +as MSP. + +#### Basic view (formerly LightClient)\* + +- The basic view on Windows has been deprecated. Basic users can still login via web app. + +#### Browser extension + +- Login errors are now displayed correctly. + +#### Server + +- The quality of secrets stored in the database is now encrypted. + +## Fixed + +#### Advanced view (formerly FullClient) + +- The footer is now displaying the latest four involved users again. +- Resetting to the default settings for actions in the clipboard is no longer saved when canceling. +- Drag & Drop while updating a document is now possible in the web app. + +This only affects the Windows app: + +- Rights from organizational units to passwords can now also be inherited recursively. +- Login security has improved: Credentials for one application can no longer be reused for a + different one. +- Report details are now displayed correctly again. + +#### Server + +- Changing the form of passwords with multiline passwords now works. +- Sorting in the (emergency) web viewer now works correctly. + +#### Server Manager + +- The migration summary no longer shows an error message when all ECC migrations were started + successfully. + +#### API + +- It is no longer possible to attach data to more than one organizational unit. +- Passwords that are changed via the JavaScript API/SDKbuD are encrypted correctly. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.1.31138.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.1.31138.md new file mode 100644 index 0000000000..87e4f7f741 --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.1.31138.md @@ -0,0 +1,72 @@ +--- +title: "Version 9.1.1.31138" +description: "Version 9.1.1.31138" +sidebar_position: 50 +--- + +# Version 9.1.1.31138 + +## New + +#### Advanced view (formerly FullClient) + +- To facilitate the management of multiple directory service connections such as Active Directory or + Entra ID, this is now done from a central location and requires only one user right (Can manage + directory service connections). +- The tag filter can now contain more than 10 tags. +- The protection of sensitive data in the process memory has been improved. +- If a browser tab is already open with the web app, this is now used first when creating new access + data via the browser extension (This also applies to the standard view.). + +## Improvements + +#### Server + +- The logging of errors in the realtime connection is now deactivated by default. +- The migration from RSA to ECC has been improved by better performance and by eliminating the + migration of organisational units. +- A new security setting has been added that fully logs access to encrypted passwords. + +#### Server Manager + +- To avoid typing errors when exporting certificates, the password must now be entered twice. +- A new security setting has been added that fully logs access to encrypted passwords. + +## Fixed + +#### Advanced view (formerly FullClient) + +- Offline synchronization now also works for cross-platform login (This also applies to the offline + add-on.). +- The setting “Restore last opened tabs” works again. +- Closing the Windows app works again without unexpected crashes. + +#### Web app + +- The setting “Permitted document extensions” can now be reset in the user settings. +- The “Clipboard gallery” option can now be changed in the user settings and global user settings. +- When uploading many documents, the list can now be scrolled. +- The list of documents to be uploaded can now be searched. + +#### Server + +- Documents with forbidden file extensions can no longer be uploaded. +- The speed of loading filters has been improved. +- An error when loading passwords after replacing the database certificate has been fixed. +- The “Add” right can now only be transferred to organisational units. + +#### Browser extension + +- The automatic entry in iframes now takes the correct address into account again. +- A bug has been fixed that prevented some websites from recognizing the data entered during + automatic entry. +- The fields with the type integer, decimal number and checkbox can be used again for automatic + entry. +- Profiles with long names are now displayed correctly again in the browser extension menu. +- New passwords are now recognized again if the user is logged in to more than one database. +- The cross-platform login in the browser extension now also works if the URL of the web app has + changed. + +#### API + +- After logging out in the JavaScript API, the “isAuthenticated” information is now correct. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md new file mode 100644 index 0000000000..c6b4e456fc --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md @@ -0,0 +1,56 @@ +--- +title: "Version 9.1.2.31276" +description: "Version 9.1.2.31276" +sidebar_position: 40 +--- + +# Version 9.1.2.31276 + +## New + +#### Server & Server Manager + +- You can now assign an alias for each database for login purposes, eliminating the need to disclose + the real database name. +- Individual databases can now be set to read-only mode. + +#### Web App + +- External links created via the web app now contain the database alias if one has been defined. + +#### Browser extension + +- The browser extension is now able to fill out OTP fields. + +## Improvements + +#### Web App + +- It is now possible to define the URL in applications of type Web as a regular expression. + +#### Browser extension + +- The performance of the browser extension has been improved. + +## Fixed + +#### Advanced view + +- The import of CSV files now handles organizational units correctly. +- The quick view and history of passwords can be opened again. +- Spontaneous errors when changing selected passwords have been fixed. +- Web applications with URLs defined as regex are recognized correctly. +- Logging in to the Windows app is possible again if you were last logged in in the standard view. + +#### Web App + +- Entra ID tokens can be regenerated in the profile list. + +#### Server Manager + +- The version of the nginx web server is no longer returned in the header in the standard + configuration. + +#### Browser extension + +- Web applications with URLs defined as regex are now recognized correctly. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md new file mode 100644 index 0000000000..262cc7f39e --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md @@ -0,0 +1,44 @@ +--- +title: "Version 9.1.3.31365" +description: "Version 9.1.3.31365" +sidebar_position: 30 +--- + +# Version 9.1.3.31365 + +## New + +#### Browser extension + +- Based on Manifest V3, a new browser extension for Chrome has been released. + +#### Extended view (on Windows & web) + +- A new filter group “Directory Service Type” has been added, which allows explicit filtering by + users and roles from directory services. + +#### Server + +- The alias of a database is now displayed in the Authenticator app if one is configured, and a new + token is generated. +- The session timeout for new databases is now set to 1 hour instead of the previous 6 hours. + +## Fixed + +#### Extended view + +- An external package with a vulnerability classified as weak has been updated. The vulnerability + could not be exploited via Netwrix Password Secure (This also affects the server & Server Manager + as well as the autofill & offline add-on.). +- The obsolete property “Spaces” has been removed from the password policies (This also affects the + offline add-on.). +- A possible XSS vulnerability in the WebViewer has been closed (This also affects the web app.). +- A problem has been fixed where the password was not saved on the server after a change when it was + copied to the clipboard. +- The cross-client login for the browser extension is now also operational for synchronized Windows + profiles. + +#### Server Manager + +- The configuration script for the web app under IIS now also works if there are spaces in the + target path. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.0.32454.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.0.32454.md new file mode 100644 index 0000000000..379e22192a --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.0.32454.md @@ -0,0 +1,74 @@ +--- +title: "Version 9.2.0.32454" +description: "Version 9.2.0.32454" +sidebar_position: 20 +--- + +# Version 9.2.0.32454 + +## New + +#### Web App (Advanced & Basic view) + +- The web app is now available with a new design and can be deployed via Server Manager. For a + limited time, the old web app remains available as an alternative. + +#### Advanced view (on Windows) + +- Additional time periods are now available for the "When revealing password" trigger: 6 hours, 12 + hours, and 1 day. +- API login is now possible with an API key that can be generated directly in the Windows and web + app (This applies to the API and web app in new design.). This simplifies the login process and + increases flexibility for integration. +- For more targeted synchronization, it is now optionally possible to limit the attributes of Active + Directory and Entra ID users to be synchronized (This also applies to the web app and server.). + +## Improvements + +#### Web & Windows App + +- Multiline password fields can only be changed when they are revealed. + +#### Web App + +- To provide a better overview of all password changes, the "Show password" button in the password + history now also displays the encrypted fields of the historical versions. + +#### Server Manager + +- The alias of a database is now displayed in the database list, enabling quicker identification and + management of databases with different names. + +## Fixed + +#### Advanced view (on Windows) + +- Cross-client login now works for database profiles distributed via the registry (This also applies + to the autofill add-on.). +- The values of list fields in passwords are now displayed as expected. +- The Windows app now always starts within the visible area when multiple monitors are used. +- After updating, translations are now loaded correctly on the first start of the Windows app. +- Copying multiple fields to the clipboard while editing a password no longer removes the field + values. +- A bug has been fixed that prevented users from switching the Detail tab in the footer. +- An error in the tag management was resolved, which caused the buttons in the ribbon to disappear. + +#### Web App + +- An unloaded translation in the notifications has been fixed. +- Reloading the web app now correctly shows the "Locked" view again. +- Browser language detection for the web app is now reliable once more. +- Deleted users and roles can now be removed from permissions (This also applies to the Windows + app.). + +#### Browser Extension + +- Excessive console output in the browser extension has been removed. + +#### Server Manager + +- Database login via the Server Manager is now also supported when using IPv6. + +#### API + +- The JavaScript API now again supports the creation of valid users. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md new file mode 100644 index 0000000000..b66370d1fd --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md @@ -0,0 +1,47 @@ +--- +title: "Version 9.2.1.32530" +description: "Version 9.2.1.32530" +sidebar_position: 10 +--- + +# Version 9.2.1.32530 + +## New + +#### Server & Server Manager + +The default name of the configuration database now contains the host name of the server. + +#### API + +The version of the API can now be called up within it. + +## Fixed + +#### Windows App + +Active Directory users in MasterKey mode can change their first factor required for login again. + +The distribution of translation files has been optimized. + +#### Web App + +Password fields of type ‘Heading’ are displayed correctly again (This only applies to the new +design.). + +When creating a new user, the field for assigning roles is readable again (This only applies to the +new design.). + +The distribution of translation files has been optimized. + +#### Browser extension + +A problem with a vulnerable package in the dependencies has been fixed. + +#### API + +The ‘SaveRights’ call is now functional again in the JavaScript API. + +#### Basic view in the web app + +Mouse hover effects in the basic view have been fixed (This only applys to the new design .). diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_history.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_history.md new file mode 100644 index 0000000000..4c51cf7b85 --- /dev/null +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_history.md @@ -0,0 +1,30 @@ +--- +title: "Version History" +description: "Version History" +sidebar_position: 30 +--- + +# Version History + +The previously released versions and the corresponding changelogs can be found in the following +sections. + +- [Version 9.2.1.32530](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md) + +- [Version 9.2.0.32454](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.0.32454.md) + +- [Version 9.1.3.31365](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md) + +- [Version 9.1.2.31276](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md) + +- [Version 9.1.1.31138](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.1.31138.md) + +- [Version 9.1.0.30996](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md) + +- [Version 9.0.3.30606](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.3.30606.md) + +- [Version 9.0.2.30602](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.2.30602.md) + +- [Version 9.0.1.30479](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md) + +- [Version 9.0.0.30423](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.0.30423.md) diff --git a/docs/passwordsecure/9.3/maintenance/_category_.json b/docs/passwordsecure/9.3/maintenance/_category_.json new file mode 100644 index 0000000000..01a1e6dd4d --- /dev/null +++ b/docs/passwordsecure/9.3/maintenance/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Maintenance", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/maintenance/eccmigration/_category_.json b/docs/passwordsecure/9.3/maintenance/eccmigration/_category_.json new file mode 100644 index 0000000000..615b99fa82 --- /dev/null +++ b/docs/passwordsecure/9.3/maintenance/eccmigration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "ECC Migration", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "ecc_migration" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration.md b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration.md new file mode 100644 index 0000000000..a153677b72 --- /dev/null +++ b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration.md @@ -0,0 +1,13 @@ +--- +title: "ECC Migration" +description: "ECC Migration" +sidebar_position: 30 +--- + +# ECC Migration + +For a better overview the ECC migration is organized in two sections. One for the administrators and +one for the end user: + +- [Admin Manual](/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md) +- [User Manual](/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md) diff --git a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md new file mode 100644 index 0000000000..00a890cd92 --- /dev/null +++ b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md @@ -0,0 +1,78 @@ +--- +title: "Admin Manual" +description: "Admin Manual" +sidebar_position: 10 +--- + +# Admin Manual + +## Preparation + +Before you execute the migration, you must ensure that the following preparations have been made: + +- Installation of the latest Netwrix Password Secure-Server, Native Client and Web Client +- Check in the [Database properties](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md) if the **offline + access** and the **mobile synchronization** are allowed + If that should be the case, **contact your users and make sure that they have to synchronize the + Offline Add-on and the mobile app**. + +**CAUTION:** If the OfflineClient or App does have not yet synchronized items, they are lost after +the migration mode is enabled! + +- Backup all certificates using the Netwrix Password Secure Server Manager + +**CAUTION:** Only certificate backups made through the Server Manager are valid! + +![Certificates](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/certificates-ac-1-en.webp) + +![Export certificates](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/certificates-ac-2-en.webp) + +- Delete or restore all non “permanent deleted” users + If you have deactivated or non “permanent deleted“ users it would make sense to delete them + permanently, otherwise the migration would never finalize. Keep in mind, that every E2EE User must + log in, before you can complete the migration. +- Only have **one active Netwrix Password Secure-Server** + In the case of multiple Netwrix Password Secure-Servers, you need to stop all Netwrix Password + Secure-Server services on all servers except on one, which actually is used for the migration. +- For each Entra ID profile you have to create a new token. This token must be stored in the + corresponding Enterprise Application under the Provisioning tag. + +## Migration + +NOTE: During the migration, the database is in read-only mode. So it is possible to read all records +from the database, but it is not possible to add new or edit existing records. + +#### Start migration + +Clicking on the icon **“Start migration”** in the databases' module to start the migration process + +![start migration](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/start-migration-en.webp) + +Select the database you want to migrate and enter the code-word. + +Remember, The code word is “Start”. Please make sure that you have read the whole documentation. +Otherwise, data loss might occur! + +![select database](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/start-migration-2-en.webp) + +You should see the message, that the selected databases are now in migration mode: + +![start migration](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/start-migration-3-en.webp) + +As written in the message, export all required certificates via the Netwrix Password Secure Server +Manager. If you have multiple servers in use import the certificates via the Server Manager at the +end of the migration process. + +**CAUTION:** If certificates are missing the migration cannot be continued. + +#### Watch the migration process + +In the migration process you find all information about the current process, what is already +migrated and what still needs to be migrated + +![migration progress](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/migration-progress-en.webp) + +After each user has logged into the database and has been successfully migrated, the migration is +complete. + +![migration finished](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/migration-finished-en.webp) diff --git a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md new file mode 100644 index 0000000000..11eb4feb09 --- /dev/null +++ b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md @@ -0,0 +1,25 @@ +--- +title: "User Manual" +description: "User Manual" +sidebar_position: 20 +--- + +# User Manual + +## Preparation: + +If you use the Offline Add-on and the Mobile app it is necessary to synchronize them before your +admin starts the migration. + +**CAUTION:** If you do not synchronize your data, it is lost and no more accessible after the +migration! + +## Migration + +During the migration every E2EE-User of the database has to log in. Keep the client running until +the message **„Userdata migration finished”** appears. + +![userdata_migration_finished_en](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/userdata_migration_finished_en.webp) + +NOTE: The migration can only be carried out with the Web Application and NativeClient. A migration +just using the Extension, Autofill Add-on or the Mobile App is not possible. diff --git a/docs/passwordsecure/9.3/maintenance/moving_the_server.md b/docs/passwordsecure/9.3/maintenance/moving_the_server.md new file mode 100644 index 0000000000..e9a3b9d153 --- /dev/null +++ b/docs/passwordsecure/9.3/maintenance/moving_the_server.md @@ -0,0 +1,103 @@ +--- +title: "Moving the server" +description: "Moving the server" +sidebar_position: 20 +--- + +# Moving the server + +## Preparations + +It is necessary to make some preparations so that the move can be completed without any problems. + +#### 1. Installing the SQL server + +If the SQL server and the application server are on the same machine, the SQL server should be +installed on the new machine first. It is necessary to observe the +[MSSQL Server](/docs/passwordsecure/9.2/installation/requirements/mssql_server.md) for this process. + +#### 2. Installing the server + +The Netwrix Password Secure application server is installed next (see +[Application server](/docs/passwordsecure/9.2/installation/requirements/application_server.md)). The installation itself +is described under +[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md). + +#### 3. Basic configuration + +After the server has been installed, the +[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md) is +completed. A new configuration database will be created on the SQL server as a result. If you want +to retain the old SQL server, it is necessary to give the configuration database a new name. + +#### 4. Deactivating the old server + +The license first needs to be deactivated before it can be activated on the new server (see options +under [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md). Now stop +the server so that nothing more can be changed in the database. + +## Backing up the data + +After making these preparations, the data from the old server can be backed up. + +#### 1. Backing up the system + +If using a virtual machine, a backup of it should be created. The old version of the server can then +be restored in the event of problems. + +#### 2. Backing up the database + +In order to transfer the data to the new server, a backup of the database should be created. +Although this is also possible via the Server Manager, we recommend carrying out the backup at the +SQL level: right click on the database, then on Tasks and Backup. The desired target folder is +selected in the following window. + +![insert backup](/images/passwordsecure/9.2/maintenance/sql-backup-en.webp) + +#### 3. Backing up the server certificate + +It is essential that the all available +[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) are backed up. +Depending on the installation, a different number of certificates are required here. + +## Configuring the new server + +After the backed up data (database and certificate) has been transferred to the new server, it still +needs to be integrated. + +#### 1. Integrating the database at the SQL level + +Firstly, a new database is created on the SQL server. This option can be found in the SQL Management +Studio after right clicking on Databases. It is usually sufficient to simply enter the database +names. + +![integrate the database](/images/passwordsecure/9.2/maintenance/sql-new-db-en.webp) + +As soon as the database has been created, the option Restore (under Tasks) can be selected by right +clicking on the server. The Database is thus selected here. The backup now needs to be selected. It +is also essential to check whether the correct database has been selected in the field "Target". + +![restore db](/images/passwordsecure/9.2/maintenance/sql-restore-en.webp) + +NOTE: This method can be also used to import backups that were directly created from the Server +Manager. + +#### 2. Setting up the server + +After the backup has been installed on the new database, you can be start the Server Manager and run +the setup wizard. The [Setup wizard](/docs/passwordsecure/9.2/configuration/servermanger/setup_wizard.md) is +used for (amongst other things) reactivating the license. It is now possible to enter all of the +desired configurations for the server. + +#### 3. Importing the certificates + +The backed up certificates are imported via the certificate manager. + +#### 4. Integrating the database + +Finally, the database is integrated onto the server via the database wizard. + +## Modifications on the client + +If the IP and/or host name for the server has changed, it is necessary to create/roll out new +database profiles from the client. diff --git a/docs/passwordsecure/9.3/maintenance/update.md b/docs/passwordsecure/9.3/maintenance/update.md new file mode 100644 index 0000000000..dc4d636070 --- /dev/null +++ b/docs/passwordsecure/9.3/maintenance/update.md @@ -0,0 +1,111 @@ +--- +title: "Update" +description: "Update" +sidebar_position: 10 +--- + +# Update + +## Reasons for regular updates + +Our development team is constantly working on the further development of the software. This does not +only involve fixing any problems but also primarily the development of new features to adapt the +software as best as possible to the requirements of our customers. Therefore, it is recommended that +you regularly install updates. + +The documentation always refers to the latest version available. If Netwrix Password Secure deviates +from the documentation (e.g. in appearance or also its functional scope), it makes sense to firstly +update to the latest version. + +NOTE: The update check on the server or the client can be used to easily install the latest version. +The update check on the client must be activated in the settings for users beforehand. We recommend +leaving the update check deactivated for normal users! Otherwise these users could independently +attempt to install updates. Since a new client cannot connect to an old server, this results in the +user not being able to log in. + +## Requirements + +The requirements should be checked or established before an update. + +**CAUTION:** Please always check the Changelog for requirements or breaking changes before updating! + +### Check the software maintenance package + +The right to install updates is acquired with the software maintenance package. It is important to +note that you are permitted to install all updates as long as the software maintenance package is +still active. If the software maintenance package has expired, you are only permitted to use those +versions that were released during the term of the software maintenance package. Therefore, you +should check whether the software maintenance package is still active before an update. This can be +easily checked on the Server Manager under +[License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md). + +### Creating a backup + +An update always involves making a profound change to the existing software. A corresponding +[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md) +should thus be created directly before the update to ensure that no data is lost if a serious +problem arises. + +### Checking compatibility + +An attempt is always made to design the Server Manager so that it is backwards compatible. +Unfortunately this is not always possible. Therefore, you should always check which client version +the Server Manager is compatible with before an update. The version history for the relevant version +will provide this information. + +**CAUTION:** If the password for logging in to the Server Manager on the database has been saved, it +is essential that it is noted down or temporarily saved elsewhere before an update! + +### Latest installation files + +The installation files can be downloaded from the +[customer information system](https://license.passwordsafe.de/kis). Please simply use the access +data that we sent to you by email to log in. + +## Perform update + +### Updating the Server Manager + +The Server Manager is simply installed on top of the existing installation. The password from the +Server Manager should be made available at this point in any case. After the installation of the +Server Manager, the database is only accessible when it is activated. If the password is only in the +Netwrix Password Secure, it should be temporarily stored at this point. + +NOTE: If the service has not been ended in advance, the installation wizard will give you the +opportunity to do so. If the service is still not ended at this stage, the computer will then need +to be restarted. It is thus recommended that the Netwrix Password Secure services are ended before +the update. + +Further information on the installation wizard can be found in the section +[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md). + +### Patch level update for the databases + +The databases are usually deactivated after updating the Server Manager because they do not yet have +the corresponding patch level. This should be immediately checked. After logging in to the Server +Manager, the module “Databases” is immediately visible. If the databases have been deactivated, you +can reactivate them directly in the ribbon via the corresponding button. The patch level will be +updated during this process. + +### Updating the client + +The updates for the client are also simply installed over the existing installation. Further +information can be found in the section Installation of the client. Naturally, the update can also +be carried out using the installation parameters. + +### Updating the Web Application + +The application server must firstly be updated. A new Web Application +([Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) +is then created according to the instructions for the web server being used. The document directory +on the web server should now be completely emptied. The Web Application is then unzipped and copied +to the document directory on the corresponding web server. + +**CAUTION:** If the Web Application is being operated on an IIS web server, a new config.bat is +generated for creating the new version. This must not be executed if the Web Application has already +been installed and it must be deleted without fail after a successful update. + +NOTE: If the Web Application is used, the module: `proxy_wstunnel` must be installed when using +Apache. With IIS the `WebSocket Protocol` becomes necessary. Further information can be found in the +chapter [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 +or newer. diff --git a/docs/passwordsecure/9.3/msp_system.md b/docs/passwordsecure/9.3/msp_system.md new file mode 100644 index 0000000000..43371e0260 --- /dev/null +++ b/docs/passwordsecure/9.3/msp_system.md @@ -0,0 +1,58 @@ +--- +title: "MSP System" +description: "MSP System" +sidebar_position: 30 +--- + +# MSP System + +To ensure optimal operation, we recommend that the following hardware resources are made available: + +## Microsoft SQL Server + +The following system requirements are the minimum system requirements and should manage around 10 +customers with less than 20 users each. + +- Windows Server 2016 (or newer) +- MSSQL Server 2014 (or newer) +- 4 CPU’s +- 16 GB RAM +- min. 100 GB HDD + +**CAUTION:** Please note, that using a SQL Server with Express edition is not recommended because of +diverse limitations there. + +If your customer's count is growing over time, you should add every 200 users a minimum of at least: + +- 2 CPU’s +- 8 GB RAM + +## Application Server + +The following system requirements are the minimum system requirements and should manage around 10 +customers with 20 users each. + +- Windows Server 2016 (or newer) +- 4 CPU’s +- 16 GB RAM +- min. 50 GB HDD +- .NET Framework 4.8 + +If your customer's count is growing over time, you should add every 200 users a minimum of at least: + +- 1 CPU +- 4 GB RAM + +RECOMMENDED: Currently, we suggest you use an application server to handle a max of about 100 +customers. So if you reach 100 customers, you should set up a second Application Server or use some +sort of load balancing between the application servers. + +**CAUTION:** Every additional 1000 users an additional Web-Endpoint - incl. loadbalancing - is +recommended + +**CAUTION:** Every additional 100 customers/1000 users an additional Application Server - incl. +loadbalancing - is recommended. + +NOTE: Please note that individual variables - like the number of passwords per user - will affect +performance. Especially for MSP-Systems it is required to monitor performance continuously, and add +additional resources on demand. diff --git a/sidebars/passwordsecure/9.3.js b/sidebars/passwordsecure/9.3.js new file mode 100644 index 0000000000..f4e8941a40 --- /dev/null +++ b/sidebars/passwordsecure/9.3.js @@ -0,0 +1,8 @@ +module.exports = { + sidebar: [ + { + type: 'autogenerated', + dirName: '.', + }, + ], +}; diff --git a/src/config/products.js b/src/config/products.js index ba9a1c4239..dec863814b 100644 --- a/src/config/products.js +++ b/src/config/products.js @@ -373,10 +373,16 @@ export const PRODUCTS = [ categories: ['Privileged Access Management (PAM)'], icon: '', versions: [ + { + version: '9.3', + label: '9.3', + isLatest: true, + sidebarFile: './sidebars/passwordsecure/9.3.js', + }, { version: '9.2', label: '9.2', - isLatest: true, + isLatest: false, sidebarFile: './sidebars/passwordsecure/9.2.js', }, { @@ -386,7 +392,7 @@ export const PRODUCTS = [ sidebarFile: './sidebars/passwordsecure/9.1.js', }, ], - defaultVersion: '9.2', + defaultVersion: '9.3', }, { id: 'pingcastle', diff --git a/static/images/passwordsecure/9.3/installation/installation_web_application/configure_custom_branding.webp b/static/images/passwordsecure/9.3/installation/installation_web_application/configure_custom_branding.webp new file mode 100644 index 0000000000000000000000000000000000000000..fe5391def6ac7f01eed84199eb4b18327c2e2db4 GIT binary patch literal 63197 zcmdSAWmFsA7d0GcDOTLQKyfWj(IUm&i@Upfiv_2+Lxa1!Q`{YjYjAhxncsiCU*EN! zuTNMoWRlF>d+t7apR;EYrYJ9gf<%Y}0)bGZB*m0LAebW%2$mQD7TBY8iZKjqJ{e0Y z%Yi^%)F9B$AQ0#g*!6QC1af5sfesBopsy()5S~LuixNNZ!UrQ62{B*`JRU?_{ecal zgQS)-ur>MLFIrOHD)0}yikql zCnW6{AaATzuUe)dRmbFrvVU|9(9g`3>)6Y&+dM<*y^em-@jR#1rgSxGHaI1C(m9&F zYf|V@`(5o#?KasDFV&wA;y#HhC(ue>dFJhH>K>10rDndIrm~|5+;0RTkQ=b#f9#J8 zP#&fXny=9Hu4Xd)Z%1>r-Rf7LYTN(4>iHKtquYShj9#{z;Nu75g8!eV&&6PQZvG5d zMWp)#A!TV6H)i~gAGTKqhmfMtG2eINIEs*0@@`XMUTjo>OH*8E%_Cq-P#q|^$#_Y_H45ob4sGU4vE4cPG?<6 z2j0(2JtL-s5NtBFxK#Rf$Ix7erhXVOFfqmS_zW3-CBHHrX(!X)OxK_)`P(-R6WDFg zb~5FvJHsKaWTKVj)uzLoUT|>XA*RG1V^XMeo+JO-x#!&ZFN2JQmmiGj$9xEd5#CYy zI{}Bo|D(#kjl45=;{MXLdl{Fmu)sh|oh@|~>I6bZ3eK6@=OtKJSkPcjE-fvUkdPoE zB2rUpPl5CQR&C3dJ)t65x2@_>g*rzb7-ho)b1{g^k+l_2I^ivnnX` zsY#*i+Se(+lWXvZ+Ou9;yRp*e5Sp)S`S$t}Blx)Qd$;Po?t3S2HOf9@a(Rq0ym$3> zCG>W6r2p1ZTYL5Tbf%E6jMutDgHJ#pRX7v$n>$XjSk>!hPD9`8ARpO!8O{H`=hv@a zK7w!ixiPp%!4aC$00w@1mXgj_R^Y$roiEqslzaD6x%m2WghlA-xEAW9g+9)n)~(>5 zqFi<2MfN&Hvt_FkZIPD9V4T&Nx3qlz>Y$mk?&*RpzpZ|@+UoxDc%z}~I;ZQt3I`$~ zA;Hh?N$CrONBaQ#Yr^-`xum2*r};7`=>d`d<$5MeY%9&WLJ1ohRd{QL9y8E+TVJVb z!vG+bgM*WE)#qxg^X=tK-(wRlYj1gZ+5KecW|*O}uAyPgWkwG8@N-Q5sj z+~$TRVUF@PXAQ?~GjiOk&b=i~(U&bA;jhS~Xqs#B%yS&&jg9V8IpWFse$Cz{x5ta8 zLUBVo`};+fX*skFb#)%?YZn)eGaSglBF#Fu;??c#x-)gT5-|lc2fD3p<$CR26IlW> z$;{#iC@3gVk&&N*wk|xV$9^7 z()l4FA)rsV5dbFS>)GRnKBA!=wVd8P8CPpoYhFLSbQ?^vMs99yT5ud*Jwy}pZavn@ z$;l;3Qzc3twD_HGbO$5jEj6r8O>Oc-KP^~rNYkx0JDZD&it6i=OTr7E2$4L#rN$yXjayK4WPo zOBPoas|XJiT9Mp%CjE9P*zB6b=H4)?h=$!&^GES#+*zIs7z~E_)6(*ow{2`}%+hgh zWN*(x-dj^p$Y%jtDxU6Pj|q;h2Ea8Mv|DG2K=7~ zp3XXjl1Em(&)Snr4I@iSO7sBu>pySdWoBk72tMopS!Am<|LYyRp7%+8>uHPiLWM4{ z-$X`6<})V7d&BMiC;^A&pEf zZLH*q-_uD+$?NL+%PNWciX*VfveZ}IXnqdM4Yqwo7@&^pe3oDl$WTrdV`*a}clHEL zyj0A9^NbvK-}c2`wtq)qAq_EVrDk;i`sG#x3oK~BaRHc4iCSrv*I}{C*OR*^_zxef ztgY=^PZ|tZ?~iLIZm+Kur2$I2df*4;DHj9bxvOYBo#r@^5PF>Y8;lH49q(<>g>(kb=j!ZsxX04i?CF{!a z@^W8FMESxEgkQ9)_LbF|6p@zmnI1U4~irWiR+rFI> z|6_%Iryp?I1zq>d0!x6bu(I!i*3Ve5k^DM^vL`y9FGqj?C+j#Nf(#<)@)2YL}Fgv^AI6%Szd=^lY%C^g40O$S()A?j? z_X8+B_l^Ef+@0(GzmBK_yFCN|-Pzx#ow(xUfH8u74_{hzsY21Rq*^iF+jnx2Y z+F`tbhd(9MtxQj_!OK%VvC(e%RN|nsGj|htVdG(QR_et}FnfYE(&ekKavUH+-2reF zRukDmotlhEBc>otfcaEZ;y)n(T$NTJx2(Ve1a{SR0R}X2Wj$ZUD{A)sTTyALwT+F- zJJjv%Z6a1k=>zg2yG+b8yxfr&Cywy}NvdiX(Br)KfE z#&qQH@Nnh+HI38S%gYP&bGzvdkOKsW2VO1y6{+G z>QRC6V1|`x)qY100w_zC`W@)ytxms}+mq#0_vdFGIR)zejT>s->#L~dn0izHi+ijjOJ>CT0lwDPCkdhU)1^}T zmWvQM1%7o}TnFsO61uy)b(oVSKckBPM~%Q^5q!ermYdE2(kDN)q!r?F`Xm1H$Xq=|5kl6)#$~Hy(8H zup6Sd4=_?o1zv=>hMvUt?*Itt6Qu#L^0j@%M!LDZEh$-=pD#FioKXa zSYkR=Rz~J(h1VG~?0y!TGFFnG6sQ?bi{cvo_h@PPI^g&L9zK33FNYRL0XcqBcXNul z+1bz>3;Yni>i~3$a3g1D_5nw`HVWK`#fH_z#ndq~KvV$C04>LeV@64dL<}iVZUIzQ zP*9Mc-`8Nv&HwkxhZcLwv!k_@FH?TGfh3}j`W@k>gC=$#0LG~)rA7v}SjnBMhuGLy z;ZKSxDl=796L8&|B;>Wr%xl7laq?gI(jWGmd?)38X6jGsj`JLjcZ=k zz>q*YPQ2V-4YiU6wk@r!auU)Cv@|rhJ*`C$`Zbjj07^Bg<^cd=UD4d{NGxsn88fWU z2w1`f0UjO;{O=U8DeUI*uCDc_T54))cB6T!^m7Xft)9gA_zv3^0A&H}7oNitJ+rhl zeAQ;V3}6oTeYb9t*;<xc+M z@iV5Q=^j7!^I$CHJ_Jmf)-v-&L=syZ++{HCWu%`^Q~c81b{wxDP;bBP7rj@}{#dfk ze?EC>D&u~#w*0je$Xm2Ew)7A867#nUhSL1GQQE88j+%>MW-E znCl3n@|7JUV)r~7$)1h0dkt9EXlL#>R3yfmLj!=`+nVHDlks+O!tXX` zBfZ-L-0h}i3{Y_@l8VEJ!0wb{Rygzj=bmO12H2l6ybSgDqMeO&n1)#4YP|-EhIKAG zFPuHCdsy*->9f6?&N_5com&pwpPWzLYC2i0J4~D14#x1a+dA(8?_ACZOLU4jW^kTr z-o8FV2R=~891~WQJyiBQ4b%-$vfN?sy&V0TY;Vn#Wj);j=AW9-KaX=4N9Lw5G zv*#C>P5<(Ghs9*Ce4GAvT7b+N78J=Wc?z+K^Y?Oe`IdOuo_+)}V6}g}5cMVUk~#Te z$>t3N;H{qSAr&WFwqn z+dWS;zFISGMd{CXdZgavooz1@dwssoWI`_2Xk`3e69Z{fuf$G`IpbG&8XCTL(CYfD z0B57ibk)m`{mU81#NrTa8xbbpheYH6yPk63bqDSUNA?#Wjlw1c9J$bgF_Fl*=^{g8;V=Dg$#AUi| z8&TQ8f2r`<(yB&fWb6eIy9}aY{m3M3WsnJ)L5#fgzjXs{B{*hau zN-`Asl@a|E0Z$QiXT4))*gtRHYKcFm(x}gH#yVCh3E}R0r_VJiWfAZZ@yqS5y~J12 zzv#R}$fU-@-jGOFX%K}P!^*+UHf`a9-ejMJ9^Ir6J4K_EO0%dy*~0 zrG&FUl)2ivG=_J=Yd~ekXAix)?k?;jziuA?+u6p^VBG`@VmK1e?`${>HzWIQzYkQ=4j6uX@$?l z-3$DHOVGxEyYkk{rbAvvT)5Ava_mgMHf3 z;bqzm4?0~<^?O!4Mbi+==E-0o*r}{6w~LSja`3Iz&f!Ry0H&>S_09dP^gxn8$b<9Y ztZ{ZiW)S2s!qUq7vGdtNMH70q82ef&Hx#9xLFt6$UX8fAq7mm&*Cr45vk3eavrGsw z7)U^uTl~Bju5yC6lI@7Lj+;ozSL9k4H6P01NhomZxcF7^b>6urqI9lO2P4KixYNt& z+(7y5*4rv+uGm|GzH=@0^>nFaXn$rL5^gtR>PotBpr>_~N|GFt7in$YeR6lhgH0H? z#p0gF`(DO+&NbVTA$6QPn{Cp$ltF9^i^|g1(%tdSv}-qNchrsV~Gk8_((YG=vKpJQ^qCcSuki^z%jp z5lbDMJ$cf^OabW#61MOE=TUcmUT8iRH4;NIy81H8Iss8&Mo}o>XJ8!SKP2W>pZ6vf zL8H0}`BRto-FM4jO<>bN`6+_t!}{{++X;=f2$DMhkpIT~*34%3&&1ik_{-;T;=>67 zE|?hzXp*<0@q2#pqZ!|IaD|ABX28sLqQmHj>$O#Zs5mNbP#V{m<+$clnyN$kq^MN6 zQEU-de{SR9KJL6lwAnY8Fn?*P>>-f>bL3EU1oGC->)MmiRYupc9?xa<9Pm>CUDs*U z(7&Vh93V>5&i1@NeE#>7Q|bPTH?!v200a&v_#LjFi24O#h`au1qwRkIj&jyL$MFROma9$R>1ct1NUDH<1m; z+c2>$@B8Yk2I*)zKfDs!nW6*j%X6A$qWxcTCc^POveQmq$NO3aiuh~-Jn$q+d%o>E zXs5S*l=tUT9Kp`74f&nNuVohz?mC!`&;lw(reYUPRaK9-AZoaEf4SpQNOz=5Y6V#c$pSX^Vsy>D+y=gcBCbd+{!{0TC?H z*of>L>nqI5VXqq?mro7LoptbdXNkXlvx=vBI*9(O0!DuRqE>;3fSRAo<)ybzPsp`8 zsjaiP0RagR{N#YiZ zpFLNjhrm(THD0N-?ie2F46PU2v)n zk)QI;1rhmzTD&$DLGSTlzN4!*7kinL9qn$hhL;cviR%-?5`Ud{bSE?cVi99amM=^T zJx{IZMu25QrO$YZpA56(CZ$B}AuEscgNBRMpS>4&IZOBC(I4KRu_KSt8BSb+9BOwC1Ns>tYVc#3RuL9^J6`BrZO-(sFSbnvZqY=7 zsn%f`=%*X#I_x8N05vd`ef<`I@#k$NK{~M+|jtnz|T$GrOZT)ajSn)4!nd~ROo|B_wzt8NO%Vwn7`|>To4*$?F3&7+QWk%PyGkvhT+(s4_zwzmBxEtw4wK)$ zlsI>B-EFD#TA)dEY@&cIgK_CZ>VCRC*MX{H=w#dJzo6IUv72>Y|Ciftr`vzRyWV#8 zdWuwU55_O;TE)DCQ=$8d}!nNg7wBZ#70jgCB(7BU>W1Wew zjpHC^tx;^;H&9pI!H7U#=rBu(`Y^TUr9%ge@iUZjPQh)*Ic+=1P~M#*Viw$6JBl25 zfx7*Sv*I$SIdmvZq-&W=V=T$@t=wJZt$3fY9^nmv6}PE#aX4U zrJ%Xv?kF5%aoT@fO_h@v0Y>#pU~&Cq!juypRAF=`Q&QG%n^)w!JA+Hhk6 zhsWB|vAUkk>G~wQ{eY5=x;s`;R}Cq2Iji_M0Vy?mh%@z`nZgAB;ri4Se4Wk^0pqKgMRcTH|EVhBO{zEd~G%%E| zl-t_!ZT~iUD=aV8;uklC-K$a~4GvH3zgvyjWaCHj1x94jhiZa;^90_efWN`IMm;+(BT`Vt7mklqBR$9FDf!u&j1es(VpYbLyo;hyz-DTde!vcCtB zX<=s(CAVYlgE=3h3YaW~X1O`2WMbk~LP-6?TbXfbB5W!Y9AKb?yOe;54H# zBD7EnV3Trx==;Mq22GwVdAlnqd0WbO9;|E)L~=K+J?la4fk}P$6VMhwc9WN9I+tQU z{A5V?g$cHflB9%tdMhIW{j};lCu`*50OwO~f7e!Z%YUXJvuitYfAPQA*?5jUSMrSHx=vbShdx2hi+CC3qL)tPkKUU6W=|}9-&VSS z^W%b)P5Cyl{A&5O&AOpW>Tky>b*_J&r^F$1D5Ri$$%6@3TwpN8kgWbH{Hsel;RE}M z$`3zT1h@?T?MzdjX;ery<%jkIyw!K5gfKpk)~rtvaqC=QUZYd;IaedCB8y$jts){%ma z={?fZx59L*bs-uDN2V#p%Rr5I`2M;#cVk=I4O{Ghdtk-jP&3Dl=YiU8Dc#pX|90KJ z*xpQ#XIpou#r0^70_J2S4M?I>|F;IiSsF(m-_GbC{Inqm_s*rpL4Vu%CTvYp8qowS zjeXrO0+9n`I|$Cqn0GQp*&Ws^u4hQ#?$&|AzW)T^+ZJcirNJiltD|BNMfROc-xF#+y7yVVxg zy=^p7>BDtTza68!WZ+(fHQwj3o4I7}Oy|bu2ikj}Dl>mAI{E)zJE`gr`@eUnh94rS zWzFh+GY=wcdH=hs!CCVkZWuVhx&6=w`+47CGpmrV{o9R^dFp@XMNDu?Wbq1WlBfaa@}WlQBJG9Lru|@Jl7DtK*w&Ujs==xW|Gpw5b`N zsaWGGZN@VVZdicAE?hcEE~f2)A*Hc@rwY8hrs21WjsbhlpyRB1D3i_)J`6B&muA@? zPp#bgVihTwCLS{3rT@TQ)ixDRzvz1q_LAv|I##J}1180v8fOa*1y>@57w2&Ps2bn( z`6XJ5b!jj@s+Lj9O9nE5VX;0ZCY_sxazl-?&ygLoSrgdV&0}9P=!1JEzZ5Kwr{lkq zy$?G4$*Nq{KVG4#Fi@6q9DlLaJq(AY`DjwXOpEJczArM{W7&-`7ZMZ-UKfCx`mxGx#=n=H-cEo2YQX&?)L(4uHxlFqF?#;&gQO)mH<4Go1S+uxD zlonK{>RIsvzdVW-Butlwv>etICab*CCDON8o5L*lDVy(6r-^}zZb3qJoDGE z2qpZgbi$KywRsvdJ}oz{myCsK1`;B7aD>xosB*=qf7_VEeHd6uu?ID@DB?+A?5SRg zA0{FZ&DVKoQi!F~9tyxweQ;SEx1RAZY2W_Nf=?Qju2FtW%9xA-3mTh>ZxpUWTy^iC z_+u6~-e~pqN6P>9m>iqU^vQ;}i<>BYvM0ClOmPs_E>aQ|qFdaUql%J#y3eA2T;nN2 zz_PfVe^rL2#M1fay8uT{`t4$a6F$up-|M4&wX++`i1=m{eUri#@ysa^9WUyp2Pz0X zKz2yAro}K5ot0peAo*TgZKpu(oZZ1PLIam)nViKP7Y>!l`aBZ5Y^trfX?#1LSH!Z$ zKrRHf4RZlAks~4!r);+<58>a9BAY1@CH56!+QD@s(NNARaU$VgitmF}gRyy8j6dqX zRnt)n!Ok-Upno(SgJd8gB+YvIu)%{Q`s+5^I1iY|DwLnu8gnawl`2LJ1=ShFjS1vS zjfj(u6)PL*{Zbw_d=J7G{mY{I5Zo@B*rbr6o$r93__2`1c#yy15;-V9VVAyOhTTr~ z0~xD`tz$74Ek%$^1Tn!3mLDm|t3N7S3IJ{AUozt2&(B7_k~?46NNVaEZT{tP(KgVS zMEIAm~Sqvae<@LjH)l!f*=L*IDdDLXn&FdyoV!pAk>>Cd zji%&i?9Zf?cDEfXS{4X0H{?@Qq57M0>BPjT)D>HaO}9bB%ATM>wd3);al=`3+*L5M zLy`N+K7mlTh?ejQHcMiUg4jrU?g%xTo5%sLt67<3ZNHbG>GXvz&*g9>6dZq9ck<{iRslsbwn6T$Xo*&5KsxM zh_>u)=>4U-{#nyFIq2uyn4Xky(BH>sSkNG>-rUY6?=kwJVC7Iwx;7QsUb)L609#D( zEvlLby*?SH1Trq9PJo$#!kjnHeZ?WYt^V6L9AC^BcGFgKo$N>43Hd=z7z|?*UXzIp zu~eRf?*gzBKtCu)Wx^R2;@D~m2NnNzU!tiEG25bZ1BRhIOgX51RxQ5 zAPX=&ZI;9ur8>5Vr4GMjPvR!yz#QR{Cq(a*=UP&3;sFUPv7Fo!a3aeBAf`-2e?Q@DffokL~0Ue)Lbgp60_LTgpRs36*kGgEE#$H zr$n>3*+st>!&ei1UL+5Q_M*NknZWQC2xJLlMOg^{;Nt5yTV+EMz;5Uf?Sbp1D_LSU;opn*ju7z&O{)%V zePJxtFx_l=xgmFS)4}ESkqU&TluSGxO{n-mnwwPAmM2dYgo{G61@-)huP6!C&WTgl z1%^eQD3e%b1L#@WIda6IYUijagWD{_sQe(QA>(|NbUIX zH~y8}HWr6OJ`{y?IhD2_8bu0lKBA{qVBsIW;Y>biFiB-3mKks;S9JMjZex{47xRK zn2l{yJ%${7>g8^mQ_b8IaakRFfc-=^B)^eoV#Iu4m8XYKdA+!Uj~v~eNHqfu=gXyhz*IkXaBRWHb>E(`9luuGiA#t^s5`9O%vlv+`?OckgI z${r0CSn(KglZ*54S!5&=v1l{VLe*9F_ra|H{736cGxKLJv9>=yQZ>qF-}i=svvK0B z0=NDWswFn54#j!!7fOeDc%tSOX>5F{L9~sM3B#haw1dhfmRWU9k|vwNa7*OjMCq+k z1M$R;#a$?c1utP;4pS>MY~@MMuh4rsu5!e;02yb0T_={WIz&&D$4kLfq4L7!E*1C# z2VI#8nNm|Tcm93fZ?L=mKh+^jPYwVTm&k~ntexLuJu>LE^bjX1)iM1H_3Ee5aXDwc zArw>W$|wBkubRb-e;>KD_21d_oWomcfi&Z!iXje|Z(2bI)M%_y33rzEAWoc)u|%y$ z#jT-^ByAx>b*P4TnmG2bhobGFO^J+{Qj9oj%XmwXL*EAe-JXY z8Hb$q8#P%J4a8*=D+sW{T_zLAq5!;LIfZ?oZ7XL!kd(&dK>buuo!>Be?GI_ ztw5d;sYW0zzcptwZGBB=$Q#}vTSbqc$HYqXV#Xk+Idj-H4N*tTpLRPH9D{_7H6uM9 zh9W^g<cx zv}(9912Zly2o~_nqhG@%{?>nkaM3pTsu#$`i}UF=kch-Y9@HAu$n7hRuPo}@DGb^= z^6p|`3PR{8qLOXElT8Ye$;X=+`I-NoOOV4+A>e^)*~L?hraP984gGm7zfCZl3^ZpL zjWp}19h_3;st#^DoLX$))jH@|<2 z#r{u@Kd3QpZ61jltqiyqM!xI82^+vb6XMiKFaJmBSu6ONlz2)yguU=bHE~OBCtC)) zw(;e0&`L5F-YjhouL^Dz#YReUjMx1|4GJhpt~QNComXwAjZI@VbLqDtSE!xJGWnR2 zS|ef%dEO=e_YgVS;9q6U&VP=1T;w7exjskZluL21xL62p`mo&&>G*0MOA~+;xiUm^ ze|&TH!Cb&izC}?3{VC#m3ZdtMI965_$*;0|ICbU^LLPtr<1IKNDU;;qB3a7%Z40LM z5z&xd=hFmo=F}S_p*a+MCV$`!&!EI|*21U6vW_0d5kU)!MCUX6&NMzqz(-@6hbJeD zAIZCky|+!~>!Oej1RHmu7+`&qmJU;qeUG6vc2%kSAfT1LLyq@Lw~MdY2lna76;i>wKoto5Ks`kosqz*ClhcdQDByHExEq+FjS!{JqFo>SoQIr5A z4C91jZtPx7P1|9wXHaL5`2z>kMPB!Z&vUF8RdMxmnv`rhJ{QbS`p&8*Jx<%DWG*pO zNBjrVacYjr#U#;M9PL_!{0)pR`7U)E>gw^zMHy^KA?TXxO6LsEa>xOuJ)X_ZIkuq~ z_omF1i&Q<|5R|DRCbyCFrZZRHCH99l)#;U^g-OhO$p2l+V<$OVg#eCal(mRj7NjMR z*I!bE8#NwGIL_Erg%?xnqUsq+$kb9QN-?1|x57P`NC}a%3dn&@noQ+jPn$k{d|?d| z{^l+nLWw*`{pq~WHdTv@X+PSnj9qI3y`NRR%4_BW=(-@vW>L`f7Iy*?aN3l-!y(aV z(c1%$&97HSA`N3eYoBG6VHgj|pt~%x`5n5q6CRG<>-(4LhIEEHkT-De^Fm_{;tpqP z5nocWJ3=UboJU3}5AT>`>5SCshQPL$?xY4DCL%9;dqC>!A@laLg{H;W^iLJI|CsO`1#j#*zKD$=#NcY5m@8>F}=qqjgE39 zu1leiv6onM&)|(CV3x}AJ8Ey3aJwbaDJ1x{7&Z15xYN-Fs}6ktjgTM22^31B(h@^{ zGcJJ){?(bFH=Z`L@PM#g243L7zoEZP9RGTZK)xmJeHl)$?V%1q!HLiK7Qkkju3SZI zwJ3&L=pP*X{CAgl01dYjU2uH( zFoW?(vtq7Tkzu@O?qgQB^w1|;#|NECH1GRRumVo`c%B{?!gobBVp2+Oi#7D503i`N7^ow)HY=E2Mc}F1eQ;?KowBl!rwL{s%G;vlDE+C=|n^=St${NG8 z1krX_zeL+Dw>LuF9K?>~34AS8a2yl$g%Q#y;^=knk;D=Hp+b2Qn3qp|C6MNeDT6Qy|E#3HMsqy*lXYr5b7(QZnk zNa5XBMgyeZ<^P^S>UwfpMz;^UQa^Y^CNqL3Q#5{i=s@uT=m#=g>6AdrkW+4(ze{|#}i+}2S+=aM|YS7Ev+u*uJ*iDe@Pu~!2@KpoWF?@sNyz#abJq1A=hiLUHugtj8Si_m}SXJj(g@d{{^pU;7=Q1G_q(|b9L#VX6iCJ;M2 z#-A#1r%w_Zc^3jz#2)`|w=x4Lr@2(Sxwy`;)Z#bME}UHo*{Am=uQ!QO zI2SoTTe4hh`V& z`{k}hcL{zk<+SW#mYauuiG^#VRr1*7m^>}^C*2yiEXQXjCHLrpsJ{Bcu?UfxpBSJR z2q*JIsq%^jWhJlqWW37|sY>~6&a{9jayp}v6U|crI-~dy;TPeYg_1m7g38?VY_>U`zF0PTa+7N z7N`3zagJ$C8#nkpD*1b&)`;eCEaeBddTCq59o`*zB7j=o5jfi=>fm9oc431)nvFGS z04@cGgb4_r;YX&FZ=FSbA2g&Y2*X3{nR<-jbAlD_CTp41ErxVEraNhi3u&7Y+yYbF zoD{{Twe4ig^&U)D;pNXiLivDfVt1G*f{GBsVG@rfG?xhW=8teaZx#KfUls)vQzNy` z_F1m*Q@MPra}{U9%whv62|+wT@+U%!`{ULUG5{1mc$PQrL{F2A{(vh_Ss-490PdYM zdEp|^O2Y)_f`SysC>F!xOL;2N1HUlZUz-fO^?iN<*T)7x)d^>KAt)W@RZb}qNuod* zN&FrAj|oq_9V&!1t#Rc72fGNW=uS)iowjnZMf_>{dyPRempOx*s3zf9`cnueD)}nK zLAb4^$(cc)lf^fhbZ;5Kuw1~GND~ha5v5Z^>fxPXns!aU2? z-$ef@N1I>A1HH23y`HPcIZzz?Tj6KvpV%z>HIk+-? z!C1+|iRZ6okw7?+J*0%g0s$T?>C7Wr$Pt+ID_2p3GO&6_F+1X@Skff0rZaRzCNc_2 zwX~o}+%mwTirY;1Xnr(RV+}b_6tTSRokD<@sOv6^Wn4-UZM;pSB2D}V4{Eqc`~rIy zW`D}m!n-uB9qtJS`U7eaUomo-D3+y@!t0>`OWfEj_9I|O%bEWTbS$l~igfZbwsbgFw}S&*k|bIYlu$2lW+QvRHHSovYbQkW-!|5%0x^ zf!$GG7;*t_=P*_nVvtj1ztUX(qTA4_++wLRL*COIhM_Z*GnY7v2-id1^RNwTj0JE0jyGhE>Eb*g8xauWnpTy5sk!}=A%NWcqAsP)FUHb? z+%PMiD#P#dDT8a<@&w3%?$+jn>8>D(+a76DyT?{W1T%(oC6-rL5Iw*OxK*I#p^0 zVsrJ{$)Gn?Dt9sv<2%1iXZK9{NJ{W>jKajQM>Bp<;(9c%`*Tfs2I5OF^ARC=G=fvz zGv*_9EfsL>A)G=iP+2>Qdjki2Id3rT!#C16m}`nc>i#KHqPG>EVLQJu2g8Nb0iVhK zdQ@uA8%+OB%QLEt}P_62Q{{B!SNQWi}3fy zkA#T%x>CNh=F!Q=jaL#Eqky*%-BFWnI#Xb5{*kbS9Cd4X=p=NPCxl2>my_&f>r>e3P4n+*bXk^}oS7}$L zIxp7&QJQtcU-jyc2$SGG8w7o!z-9y!;_{A|3NteY{q5jCm);*#48%}FM@!;&3(v32Yh*FDYvX}y zaGvVdE*GzZizqt$>;T)uB9YJr;= zkL-f{{44V;jyh5>a+{PDCvG7LCF2Rifb*q-XUVG} z3qB?-${4%Wj}?UpR*~NGAIN;ci7e1c+Hjqc1+ugI>qRcJ0k&dO#F}R?2pa}0-wFF& z61ulQ3zYwCl`5?{q<%_KB6MxjY8g23$@8Tla)&+2&Z@)v|EYUP^pv!e4 z6^iMmai;Jm-#b!9qUzyYxbd5aiQB|>+2ijQ#6;p9YyMR0x$d>1M&26NVi><$R9DdF z-NOEko&~Xq#rC>zZ2U`R&mg5Ec`(sXswnT(c}f!9@|6{K_NcAE4=)>g=EBULF6{rl zhmLI^)xKwhhqx``bm4p6=XwZOk-LuH+}j4`Pc6cvHR_*M!_@u|q747G;s{EgfZO=@*rQ@UPN= z|NHXOaO;QR!XGs`L!}5FpR7CPwUx!&+NLOx|50uY+?okcbhOQ#RZK0V&T_lqRoYzv zcRTMItdU>GFh_K{iq`5KvGuXuXt2D>b3t!~*yO9oAML_R!2d~_w- zY?3D2Xu(qzziL`{jpT%NG)wn!W8qc^3g{Mld03(u6Q(aZ-FvB#^Tm0?tqo8H@EdPx0}$rZEf}x z{$cYAaKAB7ZhMx-4AAaudPF`>?_PngK$FCY71>xI(2Ss9ysevv-r`OooDEjXiG^jI z0aN+iwRvRp7hliZLh4U;XACHN<)!9Nd;`}*T1pG!w^%=IC1gep1!}k0VwAqQldi^R z5>wuTll%NSz64{mIQjvVeXe&+NvM4ana{1ktAO*1#LRBRFQ-wOl?I;oATCJ0@kLNU zsEcc>{)VD_t^2J;OQFs8DfFZyPLCYDHEI`Ug@f~=hJrpKMUT$Ea3;(u4S@Q^i=gTG& zo}iyl#dKj!=zCPtVbm@}J_23tWfnx9<5bNXsCgyzm+!!bJACq3f3vT%(+Fd<%_d8+LhfkUUTCf(#99XUv)h6&AT#lNpjwu=GhqVjagE%?%21%4 z4FjgVzAZs^i$M~_mKu|uRu|gIs0USBNuLZtn*$Ho#koe^gR=P3#ac#dNj7v+rw=f! zayHA(XaR%ETV$Te$wFFEW8*jD9{}9KRW(CIiagTfWtX0-o`=F~G>#e#Pc8BN-AZFl z`vXZ5(^L@@plcoO7Pq&yL^s z^PtOmMQd{Un8Q4O^x->P*W&O7XQHYEf047kjH#TGlk<0hz92fM`N&By{|-YfcQyJ{ zWu+vavC94-9?sWN{eWO{SDm)n#JSd_Z6Ues`-+QI6sWOUkK_tyG_yNo(m{LtQ*~OK zUmyeD2hk9Mff+8ZJ;+h7_{p%V39fse>}J{2cy!l3KeP`Jsc;6_df~tuMR$-3G#ePR;a2m080{} ziBjYKER)JGNp-B_q2a$$;Rq&Ev(r+qrRyzugpi^NwNqqpoLuBrCe#E3N>+J9wnMp$0YaEWg!ls~CUJ*h)TjB=hmILZ11nnX3)x>1dWe0UeH z{5sn&pU8D;P1FL-I;^9H#)#-1Ix=WTEMujYY01GVabS18!g2xqq93@R6qBotENQ-1DIsYfG%lpa0$9<03D?JwS%`uwZ&&gqC$+EK?yeWgmA@W6JG z%riuVNJ8Rb-j(hiDxCQne+PkRE}ob61k|Rq>8!J`*;@016<$zNF-54s1J@`qRyLReVpKRLww9tC~nXg)YqbvM4n+saE7!SJ9>!o(<;EN zDLXDJg)3(&*G;G*qrr%F=zHu;WgIfypg@i@vhYYD*1RFA?-3F6u2`RQl?RP&`6w#* zQ|sab<)qV0f1H*n4dTbs|mpLhS$VSJQq+VTS}&rKv=*}5$# zUGX@CmaRY~7+s*5oxK4+{fJ;y_B-q$62S=-JZXEJDh=-2UbZbzGnB;jwE?5VaFqeM(8*VgAzYN z?i`^sVNC{C=T{PN%3zU9YDg-U6P_U)bZs(~MT^B~@&Z{&kl~7sBVyV4H1V#KMsj!(1Wi+1nOifkvQ${ zx?2f)5g}kwtKVjHulClxln?TU%V~t$R);l03-iZYw!}myBE7Ag;iqT}WuEvx2)O0q ztMbBqVbB3JEFp^4h(Y*}k-IJ1vGnh7!DY_bWc{S4?7Yq7<#6mOhAHJ{Ixt44ovH#yCT(Ht7yh26xsRnd#eFV}g@U0wX^1s! zXH+;!h5H*!f03=zt#?ad3U}2|!*wRBQ%E4iTAC6B5mwvB2%G%|4cx2J{D|u6LdeK@t00(lLGpqCqOEg__6S z{``}016gZ+TeCya`MMmL3iGq9#rkyl#w!$9&_fLA42mC2$uW^ruSL?=D=fD@=Su=T z>J?$vP9Bq?ydxxY`(J~mbNnCP((9;k%k019-tf1RNW8AnBv$50m{^AN$PxAkH&Io# z=D()}wR;uT*KNMvY0hp^BsvzpO2ep99<1xnf9+i65x&{BDTREs{Bq=1(An_%8ISgZ z*K&igzoUN)?-BL`xC)Oy;5>E>nZ6gP8>py@R(hpI@NRmAo!fEM#wyx~$3g=kB=$Q~ zu0KB!cMeNJ^$Iuh=}JRTq|B0pHW($a#Z_2d>M!qj&@3;h@v-PR&7zdy#hOnBW$|ix zAi^JU45ckq((RYe1W>qjwg-qBHyaI*)go;psxu@oWwV6+{K_jOd0D#n2u8f9nX$Nx z|E_V0R@cpkwe2#Y%n894$*=kr_@pMoq`E=p!6u^x!je?S<)*|wSHo;NC~B_#$wDF# zf#&b`R~{#I>&|L%EZzBw+nQ2)E92VZ{4^nF&*`l35L`4XK!N%&TvU=}g5X#TSL;PQmZ1mrb9wz*I zBzY|JpEh#>$B`@=01Bi%5b&=UY+FwVs$7 zT4r>j&2oI2no<;GvnumhKl_$;6F_F@7#W|)RbNN`_oicV*~5AxaYv!W>|8QYf-k;! zkEpvCVJ`_*%JBz{qUpm{j3Q%iu~JZ$W!J%?%iyLE?QGvzVV|65iHt@6c+D6FIY*nM z_R62z+ukXe&FIaAO22}#paL*!JE0=l?QusVpo(kEmHk)< zZT4f^u%DyVO#oM+qW4U6-3we7w|VY<89MjIPt+Q#1G#Er0>-AJd)Cwij*a~n#eI9U zNE7S^JeLn@YME4zd&h`>YXSs$t0xHs#Ps}1ye8i)OxYANuCU|w{M&|G!B6p%3#WHi zSq9P2+ez2tErx1dS}0!Egm+w%NT1AG;k|^jgqDCJXYEo4k(kDS8#icNj`!`J^>R(9 zJdL2f-CyaOl%BkfAG{a`77LGx>l^epx-YW-G?;LvIz54Uq?1fy*F|4biGwr0hU$hA zZo9v&1Erii*rNg(CAMFDYNOjiC3-xgcnsmCD)=uSk0i$G$Jy;6!z|Tr9q9Rb|Hf91 z59B)JHgYul7+LJ2=xuOnRXTpaCOE^x4w?q`Ku0~~6mL|iXH2R?5SbX=snO!lWH$rU z2(KW)i65$rO2v%rX52Ea2h`h4_l&arD|=q_3jd+d52l4qMAL%VfifT;O8Z~M%>OsP zj)DUNNFBgT00Bpu0v4pWeT7bVz=FyK&+*g+KR-WVpOvMhvc|sx>ofcBKne5o!~^_6 zfVFm*oLyaA-NLdt)ZU(L0i1`mj!&-zPTQ%4ZwEMSW*~u3E1>-V z#6-)`&keXVmk(er(kkPsSjn#>FVFbg2v8LTsv{#K@-uH8xR{$yJLQ;L)OB^~hpIMt zE-x>&^qeGYY)WY&Em}{3<96-cV)%5PnjXx)5~i0%gIu7F4yS^>*I*l5?RS5*`mn>j z=Xz&?3%jW=0Y(Ms&mkb-*=0-+AP-EnDyY5q8=Z$$Vd#-PCWxdO8o)Ml za5w>s%j!v;9X~oE2RHYNK)XeR*F=Z=`{$kl02~@HW4pgTAtoeTu6Nqh(9%zqreOIf z;?O1#0F0uu1G-Yuh}x-R|ijLMwsT z(2@asn{mq;uzdi$0}@*T1BC& zQz&*)6>&Q6VenW8PNN}4-9YO`taYqYc_Cb(5tn(H`&cTV+vK}6A)mKNhm1+ z6cMmqHh9WaiSpjRos@8at#p)S! zeN_xm-_m3Ydi(mq!@_`VSThT_4tIaP*v+SVlhhZR*{?~(Cu@M*<8iVA5U<)_zcjS8 zP8NRACxQ|jkZb@<-t0m4m1yqRKhXrd;_CX^@KBxwkJ|A`$df5`5ui#Q9(AiHaXlu- z9i9R!3k!`FV>t-KzAV_tK%JXx!GS1iX-Oe^?W9`(83tTDLy|VEE9#PxlK+4npf%AY zn^ewiry3Fg9_!2#oS8$+Z45(I#(0wkf6hFGPJ>=Afm8Y4Rc0Y{kv_06YNY2{|L+Vr zIy%~QDxit%F#59V71y_Ubpp7?y4qSQOe6^vnu2jlj&%9KDuI9}-?%E%Qbs0%t4#=ua9wu}|#NhXcR`&Mg zrKOnwhM~bezkdXm2NE1Co~bO*XD+@;M1dXu3X~bzUwI1P@^hoUgtW(#OZ|5|1|`ih zAfRoN2WTiX;Ag&%BCv%luyBA=;y(jr; zHjuy$rwY8yPfja(p70L#_A`LFtO1x)N=iy^ujHGxk6`Yc`x8pV8aNHXKU{u8@Zz)4 zT>%^dQdf{(X%_QD=}oZCu*bUtD&=N2q<8M*+R&Ch)

ToqU<*yl^RW1|Ifer*ZLkYKb826J~Z~G7_R!{mghE~-R`!Y_Eegkn=JMl z$&*BG91||Sy!UR5Be=V&d)oQlHk!$O&Ha3T(BQIbV9Wm20lRklLA&xef||MQaKd5v zQ6YEsfQa;8gctBPAzwCmj-C3PXbKQXV>h8WnsmwB&37fnX~gwMnz5$DilCY7y-97m znFo9H^jF(W>A)v@33!MoB5b!4fhdc%3T=VCL=Rq5VVPdT#;B6t{;x9K0I#u%WntEp zFcw-~dTSeN_mh>x0W&Zvfh0|=3f=tvRxqSvF?PRvLY)3%wLo=`ocLb+ehHqtyv5wr zmLYZM`Jm0O&F!jrsG{-eUic=C`Ds42^_JV?d1N`jr_!a%vrud=o;*7$l_AAk8(RYM zxo`8e@Xca*>?i)ZwyS`)D~)T0=ri-w^7(3)`*<;gr|T8Nk!=3mL3*Zut77U#J~Vq@ z^GD&wE{~b=mOVg?mNKtg-bQ5;_gWbX-Dp?3?qNc1{$}U;jro*6ckVs`S@3YK)%5XV zteEK1q3tnS*P-Dp#J11tbbWRCc2DVXOhb6@Nbv4{RaghK4}`mx*BB5Q>?nFI25!{N z7j?_t|Gsp%7|r8-z(c_5L$Be0@9<35-r#;V;0(9XxcO#6Znow6CFDbk^>lV_tLczU#p8aCq2VDa zt0IcpX|?&@1SNAtz*D80($aJ0DlhSBFYiDri zwU(X+l&muRCtsc1H#r2*VS7_e5?pJItM~;LpxX z&-iX01Q14qJOe^c$ouaf?zXd82n!qE-PGimr(ljF&(!>Mi|6>a<)-T&2EUxapZ?p{ z^jEz%xld;&S`|7nFl>9nTCGJHl(i{gadD=cgl| z+`FwlDak(n+fpAQ&(jVE-^YqvKkMc3)+YpF@0;K2UBqpVrcm>zzZPwf!0VRl7UIW# zgxmmQKT|O=w&ZAWGP|;}=UYSJrAE8^p3$==T(H9ax=g?6DyzH$k6k$4DUU@VQS}bG zvhn=Z`Tl$2Z{@ZNb9c_W&+fCqB;5W#bNVb5~ULbtEN>N3F6n5K|_b(Q6+ z(dw9R+`pRoLe<0RI}7Rc^~vZV{`d+vzavmyT(Uz8(QqSs8yIt{t2)>{Nk%jg0%dc9#z&GVoaMO-zvh zK(d>{>4le)n!memkjKwvyM;Udiw!d&$q8HyEnOSD^(i3_*gS0Cn;>9b1Ofj`v*?BP zkmAhy!SIATpT$RF9XwG;%iGQ5m5p;gH<4uLE9hwKKtK)M-PnN?fJzzyDcg;jKQ*)? zx4INLkH!AY`;G>QDoN%~m7rQ(&u!&;+FJMRAp@=l@=NXi5I$>zgR6qVRc>Exd9fj_ zUiz0AlCR^&%`%cYa|M>_8Y-GCKJc^I`<_kQfaSFqzk=uM4I0R20v%xE?6^%s9BGQ5 zfhn*wbV4|8{n!bVkBZlk_GAc>zkrh>AFeL%Y$TtX`UQNoc`juyOT#x1p=O%D>!EpH zI$_=ij6OV-nj%QLK|cH3HdRzuMad@iK73UADCSUXo1oKn`f2f9Gug|)F~Oy}X2r+D z$UjrxXx@z~8Q=$8Ny9+)VLN9l%5rdca}*6{ngcwjzB}gX621tG{wQ3-&97OdHRHo| zot!dNR5$V(_TOQ=cQ=y%K)F|`R}hYfGDj@9&5or zc#Or>NPgGdLC`PN%i&3Cb59Ze;e4z#l(*_*ehB65c*-% zwcbHIs^|e+2Yx12H-dIgL>vE}mFh**I#ljX$rI+%(NsW_ykl{#aB8(U9 zgWh8mwT0{%)gXsHIos=yf$s?=U(IBNSu53|Dz`to+>Uk-OzXxw%*Epjo1*+uQA`T>#%OKFr&k>$%)j5jr;GL=f~;F&x5OeewWL$TB!=>Clyr7 zrw2-PvBJyohWy-)*O${m5k5f3QC8(9M22`gwzlz?1sJ;>9v_qf^5f}JO)T?n@CrNN z4e3qi{@h`juSE4VKu0pL68)Q~?>)w1mRc!X!Mo&YV=N1Oc)G`x1QUcjN*-IY9yr23 zNpAMcPIrMhcqG@Ez1d4FH0QxmyzFLmn4ohx{-Qx&3B zQVcV^%~_(8^U@&~|5#D!^D^*t;**|2IV-_w!IZug)pjz=01H_}pikVbPf|GFWGq&Y zk^>^uV>0~)W?b7vXa5uy1(62BxvhmUi3MysC@Nw9<^>lGL5sHjZokU#ja1u5eoc9Z~R(L*-CnnLT{(DE=@y^F&BHiaz`Z)t~P0^Wpf;2Re9iI0#yS zuot5QV#~qA+!hj4ObS`^qOt=Dxf>#jeD078H_{hH!e0Vgu#kZ{~!k5*qb zUvFV6U7kXtRss!vE8-+XYKtaN%o4g`i_Z`c&^7m~>WJh=mZ8&bZ9cj1!fFX_A++!LZZ2N3tJ@qokdqofb z7V>3I`!qDazweLzj-KL}z%ppLAk_(8$!7xC!0;>c>lo`*f29$e5rZHxmyPov)}x;C zPSAdo;J4OjzADwzf3LT^HlTiZ?_Q8PMMJEQef4?nCvEsz6LZ{3D+MZ~BoKF&<|G$O zIV4e7F*1<3SWUQ@g~HMD`#-6wxn$mB^YFcxvH%M-2AdJ$xg!l!yM=}zjaNiO`MqCm zitl~u(2{H(U?HAx$CE>3^!tJWl5avt1W-ld_4I!OvIb2HfeM8(4Y2aBFdUYI1o3U(gi61+ha4H+*wWa8dwuS*IT*Gwad+Gad?lbFHEwdZC=m>v5YQPe zY-wwjlEHocw)1l?lQpozC<`7}u|v+?q1P5I%4MU<=Q|@EDcoM90t`bqS2$%|Hqpf? zjMs+ws&I*fdO0lvGB}!_2ghQDmaV#k{N(3d|8%fEUQrs?bugV3QIg3B94q3JhF-`n z{rK!!;`;&;ry{=n2^j$blWv177elJD^~G=l4y{4uu)Kyy^VYg;&0lyQ)+EO8a3})@ zpgw9JY*A&7bIY^0T@bNfIq%2Vih>ho*=qCHBK-NbKn3!fLA6p^N;OyAktjdxE1qV9 zVAlfR87|1g!^RO4QG69>%qknQ9j=KgZAvEcRuLzAmLkX>o9t9i34au z5Tjo~qzoGMuUjPEbsT6B%^~q50jxp93yADGKqv1m4@xW~zO!GmA`>9fWOe6La_*-* zowqd$+^t--&z6@Ycs=w#>Fw5^6{hw=YaO7JBrce73o5Gb{>+bnx&qr3Ej7(~RI6d81NGrTw$2Bh4IIjF)FF zM@)$hTG?3?riY%JI9fVdD7!l{rmSvZHhtL>Ykunt}lc81aqx(S%mXJYZg5+LQuCY+zC0(ii6I0&|Vz)>9VmmpV``uv9O= z>2JqBMfLX+idb&WL>aDXeVWtv zaRQFY?YrF1qx*TRc+pt(MxX$XCtgab_cH#Q#t|08sQK^|@0OB4^LG3jr-6`Af_IH& z1Ci^}kOMwVYT0Jaq4c<{rsL!_-{(i!Qzy20-X;9kiho!&_d#9jEmEu{i%Bo3!?d4a_n+G zrzA7!ZBgVCWoggQ#P4lPB<=+2`wJt_njFZly{&x#mIQ*heYLi z3x6H~vv?o-iW!)QnM$wWagK@Yi*P*kHh1r1)AZ%*3E%Un#4A*YA&4}eAk!k&EwmS;nu8DEW~d`H~(ziHudMGubaTW8QNcpn2% z_eIu!sAGO|Wg-7L=)!@fq+jDUFL>VZ$1`w9veHpz616vRnQZ>L$Ka27DAwHN9`?To zo@X^z_*WM8;2%&?EW%IXLYsznsjoDI&qW*9O0K)LdZ==?{~TlIs6u)_!og?FSfxA zK_BVNb4bUbE zW=+u+I90H4Gc`Sr#L5^TA>i0+imSpe5ve_SXzeJgDrp_=@1*jJu(=@`Smvh`dfAsYVndQ6#H@h@&yqQ^5ib57{M;%jDf;iHl1 z#L-@hg_L)_(TV``pVS6o2N{5Uf?McPCBu2$*sG@Hg`|n&=y}ZepnvV|?#ZWXvuMDL zu7So40{o?bD!Qu(O5-jn;e~{|aL}VMl4#jQDK)*os%p;*(A9lT?nAJD@G1n-<_;XS z*tAHxOqkh8;B#BO5i`0bKo4y!YN%WgbkRrr3UciUx$P$2#kbbgD()0MPu!Rv zJCv6`ZIC~@v^K3i-bPTat0~#U$O6f;;xG1YuXzxEhd)vNVrqz#+|2SATEONWDWu*z zCBP~M8FH~9Ya`BPi+PQRCt{;sMc^z^y~?a~!P`*I`7^K1bGHf+VG`?0gRsHdX*=gh zWz6HY5UcornpO2fbeoazMyi0C%*O(S=Baj2iWIRHvNt?t|8U08zLL){?LVyya{Dv-^S^X9C_FVE z*FS=KURwAFpfY;o*9{~vp3#uFP$pu#6)rGCAbDSk=fd!_`_>Y9DtKa+v=~%52->CbI*B0qV(#)&29r9|xM#3pl7)Awsix6EkMWWRaxsPdW?;|vn&&pJd?Wa83isHt{)*OVBv|o)K?An29)zKhw zYhQvAM=g8fxtE=hnwWDb)8o034kU$9$Fh6Nr}fZypl;tid5<5wdH1Qq(JSiXbO4x7 z03hgc0O$=pJF6|1ynK!Ce>!v8pi!yB`08Hq8QwedG?^aD@B>!nRaB1=3v}BTTR^|^ zb>XPpXbaN>cjBOV5F#Vd6t_m#H}e374@w;$aQ^J4rgghvt-c8#0y)3Fj2XCnn) z?B=h9C*A>n*P95J4XiDg>a_aXO`9vM{1-DdA$ejNz;f{4xYgPPGJS4bFgYASl<~i% z*q*SO@s*eq19ZX|VQdRDVh!x+^5Q1-`8s3m?L{K;MJMf7XQO(5y;d zi^J|V)9v2UcwQSlr795=m%cJM)cf}-{6QUgOBS=WZ4$_6koF67p4~k$u&B_H7FIcN ztA7m@7e$AS4jj1!Pc@6?PDW|qA_ehfl88RoaF&;SFqz6-RE-j=H%}J-{)XqDZ-p6W zYS6kchCmSlAwY(WL;TvT7Cab(23mvKIcu5L&Sugx1EKPm)=FZO|<@AVA=7(h6mG~ ze3{H~gh489CfkT_mKob{^?h+vN|s>Bn@Y3?BqpekIoN#(MRVR|)lo0yk}8;-&yVzU7q#bo zM8f?71qGLif|;D87{O_AZT^ZR>sVw4{vt8^$p!&^1VLS?97T3#DAi8)3KySHY^G)f zUy&DGp@3?0DJAf55_lNXnxC3>s8PF>MbP%VG$lkIPe{=@%52U3zSu^l@m7NOE6SahcuJQ^=8&b9Rqii zmFhQMif1%|tWV#oXk~qAn*HxZ{L?TZ8?5j;69XTd$R^0nX%5%z!r#2Y)Z~RBMK%TZ2purAIM0uv>M=$%ADyAXLp z(99GvmD`4Ue48`-iX|e^;Q)HK-tmLhvH#W2??bg@Mza?iEFl_-7-s(zn_art{`{YV zK9sSrTcBRY76E&d+?n8IL?2fk7&U{C=3bv)FyLHwlx3GKWkg&y{0(qeVbv?8ODsVd z7)VNHerKYvrg9qkX~vTek3#aZnl}O&7lNkqm-+9{jQl zF-rF|JT<{XWv~WE>@1k|xFp3O7l#=PW7qj<21D%|yoVmwk0Be?2tXr2Ox$zFkU+9E z85C-)vw7{IKrZoB1|bg!iGJ^?PgZ;nQ8#%K1!sL!|AINo)h3cKV*u#JZD`f{A6opKTYLOBvqcNMhT?NxNq z6y7jqf+W1MgnUp6DjOGN1~R0in=_0uNUTwT&0M!mdalby9F5d5KUBocgx$3ZNIFLt zmHqkh^R-Co2q9IhPT<(t&KIL0+Rsx(X{vabv_^0*kkv5To#IW0ix1_I#epy;n>V>L z&3Z0+c-3C?7Gp%8@oQ>lJX6QqCw%O=*=>NiF&J5=r8m1bOVT}Tq_j6nJ|E|Yw)pjh z6_Xd?#kP|M@z?Dn4(Dr(5G{Y>gjtUloVV?1aIbw{`@E7q1?um2Is5WlDJ&G|>J4{5 zx!gsDi>G{3P0wzk(>w_txu}&2wf|c=ffe=-^TI!R{5pT6bsKNR*FTCSw?U!T7!yq*0+6GaSMq>PG5hpZxGQ=wXS@+~8MM84vvO-rL#I7aPIv%$v=~;V|Qx z)V%xB{26G~anSKWSTt$#bCTBfu(Fs?C>}T~4y`@rKh6_>qs08b~RQ@JndO>|=)TNHsbI zX-#zvi%A)N^-{!lm3;0Sy1L3Q*eT+u&~eh}rFTLI`}Np`bNvdm{4;9?*!`0X!RO|lS@i+WBb z3}mu6x|j36HKM(5!65_LWHb2K+YqZLjDLh1um+NU+N)^4j|_w%*}-A5QpSP7LiSJh z0iPw)qQlxBMF{#KS~YjW2;c+A>BysOhGMu{v}a`aTk zA5I4~^ytA=>!`bB#h`+u1PL)RkQWs%ujNznv6G)j3?Ds}`JiGzFQSjMuAU~G*_`^u zcn}6a7C>}UObdgw9=a@?#$I=ok}_2q83-yz!B-C6nS+zhEFv=)-;#g?l5DK!3Voq} zyVVQd;X2Q>uh^G%OjqBYH&YL+HO9B%Tk&FhJI9#t^{y#n)a$lAd$M~DLBVa~5aKut zN^$mB{77_)U{#mS&3LFU5lxn%;TMWE!A}dDJ}zF%+FrI;ydm!~zjWs>f7+(L+IB~i zZ;N8;Eh2DiBLh^3wtC)p<{PX5eQt-v`^oWX{?l#H z4_?l-gLp@c_tL3HT1`>RgtVYlg0L_&IuupeJCrlqO}*^-Z1D|3D08fn z+gtU46i*72xr$Sv&;!{$1&m@qn46D~%PiOIfz+|Wdyv?yyG|xr&0O}b8CJS=#}o~B zrixQpqE?3&hnx;%k!|$;K%Ney`j6B67Bx>BQkfP?3K(C zN;rxVVLu@uccFW3(yJ2{)=iM_s}fQ1|UuoW-00nE#|ATdj~YFrvXPk>y|ATyi>5jnb-ucNqb z9dlhvn?QwRdWO_88Mv6TO}ztVP)mI6lpV{4)ek}HlKVQPnQit>=AT|Xa12gHj){uI zn?=Pu@BH6IbcIX(a=UjP_@;q_-n?-(TWzt#!}1Np#P+I|(chS_hj6F%6$zUH$v}&B zV36u$)2DijaPXd@9Q3vkLJBT(Ug?MSU7HySsUp%mJnTo140sOs+d5qRTB$Nz|Jb8= zY_9_6+h_t8colMpaki5)Vd_);_;%8-33r;7HJ2rgJ&wXHx&6fss~jcB!KTE)z+=O)DJe-sH}L3| zai7ya-TL-u&u?kKMFZPsbVv#rA&k@W!Yd!y9xIaPM}Hr&U9Dxod6+qt_XgsN=pfjv z(&$~zLR0w{UmGIXwQXoat3+N_?QHP5*(a;wXSL!EIrm$3yc^9-5kt;MES&=+1du1d zm{}yIsz}o=TG{}qlq}ZMb1~0U0(1icdi$-=3ec}k1;VX^K|mnElj94g;!$=Tp|_>_ z#lTXtb%EQUO}jB-|I&vJ0_OP)iAJ@%DP_qX3V>UQ{z-T__9Ja8l~)$zC$6ILkJqqf z!=07TXqEt5AQH2H7q5;{O2(bQJw%06?5iv9j2Ml>fCkeiqAv{w0lXu?WB~S|Ess&<6E6zbwLx8g7=;8TDBiI{KTez_Fgo+>;9z6io0U`2 z-I_6J*Enaqg3MQCm(HaC&|#eyeQd5>_Dvb!)&xnL-lpG4cncS(O-oa%Iwd;z$+s# z5aY%y7S{63p2FKC#U#h~>r2)GX{<=0ReK;xs4ooq#JC)N&P5+FDur$~=5m#1pd5rI5@3`HA!)#0ZYH;tS*AGVLeWKU@P=vG_FLF^`ts zoueQjL9?o^j*+V#-C)}D8C_c79sP&n-%zu0XM8xaa5%86368F8>XGX_AazLLSeb>} zBnPyz#+xN*;33f}Q(XY08%U)DV*^P>m0}@^3^c<2G|FWVk5Z{{+~+?==SyI}XZtAP zk|04(;=;l`2uTjUmMcP%40v^>Ghmyo1a6RE7`FyR0(w1k@M zj+*?Qgc7Z!OJeV^$ium)8+$FTa>q64G%bcZ#xGg9Zis44HS1?J;d~bfV$+_-4S2 z0{GEI9`q;_FlaZ{>j)W>UHeFD_zQ>$riV?tXfjO`x|NE|lMTN@678_j@(V6Yy7O0$ zhC>A&5K=;xHU%UN(#0UK;S@v#a##~k*}0fFCp>8EIzK+#KXG}B!^g&D2V zWwwS$3U1YId%l>3+BFdupFCMMcqkk_tInd(r$WWMptxqgnP9<#FMiZVKR;hR zu@9FY2%tW${&HU}oK0tM$@d5(X=kdG`KC>go**$08t+S(I>+4_fyFh& zWF!m{K3cJMj=c}r7|M8JY>&)lU8U8uFe?8NSS-Nhpx19diCaxfndJt?YbRScx;PF~$`?4I zX$7+L)KU#{?3X*ki{4`Ry6Q0b$2GnpDTIp!I9)b~NG(>k8!5?++w)BNsVeTSaL5@4 z-Wj!uDk6q`lGH;MGO6SdLjLHURssi1@>xl?6xc`k{8mW4&{$xm+ z8_lE%&Tfd(fK6tgbg)$sW7}QbM|{7fqNMYN2V2FnFMktWF1bFi`;wD}G(s*6u1)j0 z#9m9bcym0kzsx#m(PSd|`6~vpi}|9Jio-ry49<_he$v1^u&A`(K}jT`v2yiCd|Y+3 zBE4951&n^Ttp3tu)6MJZyg0~A4yJPLrUalKi$P88FZdY_I?kaN$n%lN%M;LaIM9MUAz^DbTh_V_toy{fnMgdeesiy{L_Z7Wn1cAO?_??lQ%S~5*krMigc z-+o4V?D`XLaLJJ!>ecH67xO>y9`wex_kIk8KtgXXGLvxA&;~TKIAbEENNF~DKYM;0 zy=f1P?Xp>F4LbZX7oc$CZ){qBxbF zQz$(eJfbY9OGr2dDtYtH4C6#%iVc)IqmCgp#dY?~QhxgrCN4VfB;NXV70kzk5p z%(-ZLLT{Oqkjzoq!?N}13OvTQ0Pzc%Gf}ATayk<~7n>5z-!VM%u8VM+X+|<< zPpHW(Fz-JTWYEpemvoVSMu5|P4;2f>6cRFJs3C0%$v{II%rYD@=5cM^vF2K5bwY&bm8 zSke*bF?qHdt8>cqoFWP?UNew5MSi|;^DvqzO8;&T9weeh+4Qv`MNVH->7zmyDI+T@ z4rVZ>*2MBBtOeViyg*D5Arfa8r27_4xaf~`R~rb*efjVs8sY>gUO{4$=Jz)>>sk(s z<@HUX)1rQINi{%vUooc`5ac>A2*$pX!?`}93PBD*Zk$YdrpF1O8?^7C*<77 zV#uYD?(msDlFSoAIr58kuzOo$q$5K@@*>3vKEF0aUrKag{_PUKo)0s5UwLGE9%C7d zMmKYI!vxxB`e#o$rBkyRo=5xXZu*S=ypgh?^6!7MUxaQm4K=+-1Y~)(O(%11xnk0r zMvA zo2Ron_8n2d7Q#$=x9QAArpuH~w>ax^v%|VCEzO$zB5JE1_(zu&Q@DR=}GXG1RuF^?dZ4EbhW>*KDRaL4cYb z4xpiLJ=(e|sHvFrGMsOZA|Vq*c$7_cuF(06dL5v-wWMT&iA^=KaWD zv|M4nAl3fa<<~}L2p1Q7I-{rWY5#DI+ok;dWQ@1-seLEY0xwLvxO|)aCUVW=h;B+> z*6M!{_m)vrc2T(KrW64wDTz%ZARPjdQXA=%29c6(Hw_{oC|%Os-QC?FCEXw(-MR1j z&bfEoaev%D=f^n?$Jh$&&HJu*tr^dp&oi0nhSjYv1BW<UbHbouS2w(Zw+=TXR3QIzV-_(}Ln_J^k_*FM0U#GV$niio9euB--?DD${_5 zCdl?LRw42wv{!N0B&n>Qcwb=E6W13P;Vq$?pPJhZi6LK^qa~&!9%N zB8`p9mqFT#ySkOp$2+dQ6q`OLmGG1M3lbM$a|Y!5+FA%iUH)h|*{#O7jwH~Ch{Xw2 z3GIgL?Y9{5+I4>D(x1$|TA=DWYZjBqmOM;aL>i;6rS*N4*!rSHTDTBru~q%0p3E!kQl9N@vb0Pl*K4 zm?Znf%agRY_yV7Q6Hk`OpRkmcI>*mbLTlWn(+GV?4=zi}t`i1(6>>RY(PHT?DELhQ zj~cp)hOMDsm+7iMT++iaJXkY~r-xs@8x^v4`+mqd2^AzPsE{nTAIiT<-u|e%Q^ROT zygU6^@|wxZTHm?R8d%M~EGghbYRE1BWM?-OGTxF|1La&@jSXuq+xB>hGY~xtPcM~b zJCDux@6%rV8oZk`C1zLS3r_nps1(VqUHL2^vRQ+3F;^zv($%|lmD?#djdq;2I$Z#o z!8;^@&KOYFy9dmY1T0;cEp?a_Ep$4Q1FK4Mh`hrpkjyeh_fw`>QW$Il$-B@ba!7G! z1K*w5D#iuwCB3UK#2q{IoGPSHPjdSWZ#y0#44>P~i9((>Wq_?|Qx^>@bmp6JtS z>-a(%5pKKNvyarMjS@7>ZLZZOo0-KowXi(dFBymU;vT;%_irL8DALT_L`ec0EWs~- zCHqBgac&C#uaz=-PN0P1=OTQ$+HnI>eM+ zx1Sg@>fh}oL+J3%3B*O+SxFw^Y#CuN!RL4<&6htqbZ+bbF_xQ8Ksp(9NY@6gbPl+tYfQrkV{K%-w(aRPq(Zv;3#gy);* zQReGrE5n%rUWLa$yc|SYJ)!Lh*kS@{#)G^I^sC;I!!s|Vbe-S&LpcxHT}s$nW1<#+ zx*c~@Cp97^plIS2OLVz%m(ORNldjK-*c8RUi2;(*$noPhiB@k-R%C=(oJf!|J_>AJ zL?*&I$}~ZcGnQ7&GAhNZ>5@vBf1P599uTr-@y6{@y(g_KySRxxwbU{$epW9SMv!hB z8MQqlkE4ZZPGa^xu8q%V?wBq0&nHin*J+|oSz~F<8-D(tm}UdSPvjcCXA|^!ZH{iJ%>|AEO`loJBOwLmD6nyT$pYKqx zCb1z>_W!+D2G=km2W1XwjIj@MV0GzPABLF28`@QAT*ZjinKg&v;_mWa1{#TAtuqrx z1ke}P$Dl7ylHQCcl^GsNn2`kD9Dje(Ltk7IgU%MLC!wc(xM2#u=+>vh1>W_6`9A~v zzy4B4zs+ziH0D754wpYn_Zk(#(fe05I&iL5fr$_m$@nsW)B| zgeFHvim5h)>ius=N~A8mPJG(yo;7$Z zL)?}<@4CL<5nY*?sXflv;4j^mjq2`vd**!?lIuJvYH$>(;mp`jrN>du%T&jxQGG21OwKn<6q!4bKp z5|`1?n00yHRc@2C<0i{Ab{3Kef#g&hlo4Z~g>CqCq}wdKc=4j=Q-u~w?xckZLD^<( zoKc)Su0J4A&;9qOfN_w_t~qkV%(&uL>3*#ZiZ5fxSFv^%eT7N>FeiOJ5-hf2Ti{|y zCO*fsaBE&!~ZN1X!b>sQSjyPra+2Hdw1{wyL^)cu5SXHPL6cp^O*Plv0B&DW$ z-=Fj;rMxvwG=syh${yy+Mn*@yw_Y3W9vqCART8+xL8+y|_O z$mJj7(*4%sPE3!h!v{XZ_DcEjh@NJt1M1k8iqB~d!#vGpuO&^y5LPDwc4ADSS zphkxkKbYmpfn#_f4%(qGNe+cdqu)G_Z8hNncdnSsj~6V-m=hfx9bZ8Go({is9~&FH zcjH8vv0H~L;Yy?AgP_aa)cyVaK=dnfb92#?U?m{gkh+8P(c4=jerUJRdw|fm;t!bS zcnjT>1lXQ$0q=craj`%xuX4_s3U}2_gdE#$ zsgXBU7VHA3u)8|0zk3T59Tl(_B zb8{0)#s`kd&y&^Fk2I0>`=w2tYscV-R9H?IYO&NV!n!yh5cARGcj3a9f4r`i;LrJV zNXWKBtEJhpUyV$utp8VeYd{H6_Gc+T(kEa)U$eF3(?R-#XNp1$cy-;YT8fXv4>Q zTKMwKgqWBx5Kx$XJoI5_xmjtwM^x9ed0?rzEKM9$kECbU?hEjEGRO~F^g`lA_Vp{pbD#4p`2C&eJq|&8ZE>%&F%2H#mhaK~|5@gGx)4AFzMVF_*?NqAg+n1C zB*0s9biudmZso&I&Lyv=qOnj3`Do&LUP1Y&Tx10qUz)CQS%{O*bpU58Sdtt9?#@NQ zugHT3!_9=E`&6(#809txZf+@U6__Kq~1*Mn{aWDFwYh{m<(h`2?gy4i0Pz3q`K( z&te^O@|vuc=6M(DY`VxtdEPu8pHL!+@#DANjfR(MSG|S)cq-A6kdWYYx6Gkn+@OSf zc9yTqNQBX|16Fgk?Yt*4asoU(u+!_F1_d(a0DT_B`h+2xuTG2izdtAct>Bc)Qtg4^ zO(!u>plMu0GyhempM)*~Xze&F_cKLhEesf)z~7xE1o=3am~2wET^!hX-KEWz8a(V9 z-qLiEK)x*1pXo|;`JBWf(n|N+P6NhPoW_=bKn^0l?LyE+;jYBzh78<**VeSAq0dGr z;))$XLmCWek5&?0^2tQ}cbSOew8v}F`-wK6e^0~t%(;LcXm?EGG3&YeXAT7s6f~r7 z-H+=2FHksI3-?Zzr$>YvB51}=&KefmZt4(W_!tnM(>$NcS;Pb4t_pGbD&{xwW%G4x z8xRojIy<@&LKMTA&C|Rdd*Tfq?R-vl3=xKg9_K&Wup!TP&)XjA5b^u`V?uX}5;!8q z!%kzO*O+bKkYtoSE+KRdyG%u@$Bn~LP3u&sp9=ve9^ltu{Ur{!EGH*m zgCCNw&Kziw8#S<-kRWetT%bpUMok*Zw#=I|ReP`{5<2X1Fb1S1eD0>pSRd)2KctLR zQa6~!JzJFv)bUST>F_&9no0$Eg;Nysm}6yIN^5FrWus6bH99t5Y)eZ@H1O#$s)6?@ zs@dLVn04su?E|p=O<=FItVNAZs5I@gB`az0-^SFT9pa-~C$NP@?~3d#{J0Y#2rip<3*l4p0mWA~ zr*iS>pl5#tX989i$7{kLtN(jmrbE)yeyKJtN_{MaXHw-CHZJDyYm%tw9nx@6LV=Hr zQ5`#rYudCUHf#9Nu6G1tin~>mD|R^3=zO!qh9mLUn`5m{sBnFFgWM>G=H9Z$Ve3_D zQ+yKvmeWCn`~S$0{_jNTfAz&OIH9DH*L+1wI4^}lmol!tgmrH(rg<@_Y8X9WqpG)q z>0mod*-%zzUV8710Dlgliyf?J9^Xhif+WxlCiiod7H!|>Xbh9&g25Cbldosz7>u;v z|5HTQ$#xGtkj_?Hu|s}ZAaVLG$`Sr4IH=rLRp(9fnqLi*lS{&}nbqh3khJVBvr^U* z-`PL39?@R8K70Jp&oR8kD%@oKmdex9WphoT;!4X;6SiL#K0Et{afq-37BV9WW$`vs z`_}@q$Ie=4^s940EBn$D9QDv*+(QPcHl#86!w>7dSMDEPf^^S5^z54^tKE^-Lw7L} zV8$N(#V)hqzoQZ`s5FEYj7(ENK4W0QucTGqJqD}AYD!zuO5GLNZQ359FE3N5qTZj2 zZA~@rs$f76w{cGZTs_|AZu2-(I{u?;+PD8 zC(l-11~xd(o??n>I(fSnp3YWzWIE-kul?35EfF!o5#)e zocL$l_dleB6yfeM^H5%WamHp51H=w3eWZkW)}`)E)S7U$2x(kBq5>{LLGY!zkR}Lm z@-f3KvLSJjfGC%Fv<`<@@YC-==^Odw`?f0+crDtkYUP@8o4=jn=PH*SAE9xbs{Ti& zgX`kC=!n46-V6(2idBK1*5Qr*Z=p4Mdn&i5G6y5?OI}mI7xH$EBTIJxb$d zkiE1!R4fCiXI^!in{Zw2yWQ`>y^_QfSAs&AX9^7VE{ zCu>TElI?c|&6L@`iKFFY+aDp^8ar(*TvsGD3|x+}BnsWOsk|WYo0M!7%F^ zCAb+IOW?N1m*y!_Ld5E2uX6_V2>-n@;eL&dJ?lU$;n zB-~jGt#~>kb(VOC^As}-=CgmTv7YZHaw-|bE};KDnwc?ZY!0qYxG2W!+BIFmG^N7a}II+Z#XqW zN6`sKaTn5V>}+m$?Z?FrrRYxp??>6s+@->SJd0gfJP#}R&KdjE_lSbEg-3P&z3f2+ zric4af|6*bZSb4|M3Zq$#31Db?`_aAa7w}*Nou6Km;Keb*f{s4 zdd|VIRY^yz2hu_O=@y9yuaqniCvypHq7h@$`b!MQqffRK!havIel_uZ>g)1+FwV@S z`t#NvHbm0oaCF&zZ!ry{(aIx!fwYT*l1t9#NqEsc8f!wJga*=GMK3X~!}NKj1`IBv zsTcCvoYFWN$zXlLbE#%DoS%N_3|*2?gf8X5;)eZ-=OTH33qO|Kde0d>rQj`FhShJ) zDH~%29dB2)e+iS*cK^mGQ)iBLG4G~XFfEB9-4+RmOdhR~XfW~?y6NM84YB4Pqh}2L z8+9H?&6rnG`tUfJlF*us3W+AXv$EUFdwm)B^OJ|Dl{DTu2Po7%c(h%^PMi(pWq4 z{yQ6A$Z_by&5*q5u<_K(cv6W@g!}6wA1*_<0p%<*O)p7GB47Iv3b$TTnIOcT#ftpb z@A=Gin1?uLKoZM>_l3;#DOM0f3@*N>C^ME;5Jtr6^G)=Sy-aq1SoE>2sB!DzERrT@ zO-^v^gN?C2hd4Cj`MY;j17P!SCRdan!x8)S(2EXJ>H;T0M$UAudCA zi`%X+c~oD)Mu`;>)qAC}k;NtA$IaV6l-_h_L1XfW{WQhf@Rk$!J~aN>vo;6gy`-m@ zZ5LV3Aj+=IO|-5sxINtCxCsVAR=@ws-kbp_z|&rIy~s)L24!{3zZ*rgDhd1VWlHc) z7GNR9^mmhF#)i$*H+6QKt@o#TV%?CB{F{-i!Rp6*il8RE6J%-VMN5o(V%YljDFj(M zDQSvq0l7rwWJOqbnv{??iN*Qr(RaBNhh5-R10{f`tSnEt2pxRI*X`|`d4H!QFGa{! z*07K`?Qz?=X1XUh#xd-I1|S+^0MV>Wm%cHCEAAA>eII`*YDXad4jw*CqDDvt`Giqd zb93OZ2I8pCGx<7DNHwgdWQP>U@aE+)OD!F|ms!w7#t%;w&_m2og_cWk7CUvuLq)hm6O^ z@R<^5bVKY-q(yn{Ky(H|Ib4D;^H8<3+?8Dq{cn}6@8Zy~AYfC#yK`zRv{%RNJKhSI zdt1Bw>O+SBe;q(?YgP4Dzs8WPWCh4fO)qtE--=TU02=aoEzw1Hv4iC@0f#K=b-6z+ z*UoHD+Gv8E{OA9yVK#vadtO6QQjGuLEX&bqjEF()f5S*hFMWMvpPtRwcP!4}9~Xry zjwWQ$@5hCGyxub;2F29iRM+)jdT9{pl9;*uSC%e*_Y?dxM@LrJ)xhbFn70FfL>xyG zjZaJ+H2=M>jzI^JXR3(4{{IB}k7e@jpAvNFX06let`B)NgP)~@mQ3WxKPitvhekF$ z4;{q+U;@D9QtFwg0Z^P$tw10B|9xT2VV5nie6FAYLiYdhNy4m=TGxfIbPZ)uDThAz z9Itqz|05LXd~zq0%YhmD|2px zih&xr)2I3VSqh>70Kb)%08m^CdXclW&Eex*etqp4pxiFBji!iu)4DzWoFXGQ%FArD zI!=88{HiX!-@M;f$)!O}79E!6X~UH?%h`8=+~>6F9`k3ppg^b8cBPtGHs9H7)LH0~ z1+0gYjovprVFeYHcP1+pa|70)$|1Om%_27*IL>yvApq`IE*5+$ZTXx!gOf$iOpsES z*vsBY9&e1u!uZFnoFG2=V}mVwtn2;6^qK-|Aa(`JW%xN~&$*lkITK&l6n(PwDx^Ba_v8w`FCX?Dk-ROav~G z$w|{Ln-y|>CKx?HMHzA2R?pN@puM$nfGr8;qpp`N{%Vdoc!k{TL$Tr^;B(V!@^5Jy z$*0YQE_>`i<~(~-?$O01>vV{Zp=*#(VR0|5*RV}s2^tUa?aF`6^sxRRuIE<2c~+2$ zaV>jLVJt=|JdQsVXr6SGFNSP4>zj)kwQidXePQm8e_m$h9=}K+Ud}&A1sQH^f_(JH zMV_QqN?}CtZO@RGB=08;%HtVv@6##p?e=;M?B-h;CVTS^eSA9kJ*w|m8xf{X<|okI zA*d(HpJ8L6QCIr}Tk&%=y@%1)OaB<`XJhA@fsWg;M<;5!>(Crg0iDLvFGt(?u2xEa z|5Puhd0p*hy8iqE50b>j{%K{})pXzK-95u{+IBT+c*E4x`9g185Al`_(Dm;4dKfTf zPApKU>!GPOy%;lE9qxTqevk~zJ1tbx!wLO?vSuE5M@=pPbFS{2#nfsZgK9r~gJ>1A zqESc6^&BaJ!_=CIhQx={g!$9BO^|;rbNyQ@kW#y(;^$Epd1KHeBz=8gejl7!Q>v|j zcCUzc&&B@}7dc%FNk|+I5`>2)2Ju(LXupADpo#BxrhLVt@<-1&UqqJ&@W%tYR3*n$DX3d-Hx{?Kc*537_;A*4)V)^47vn<> zL83PQ(UH<5@ZjXpF}+EY@~5tBv{U6eEm=2Fl`4j&{#dTMye8nzZLMizr8)*#$N9A* z`ppsNw!_UMyGF5?{W`VAqUTE8-MzY}1@ z!{@u`e&Yhe3IBkN)kZOAmHX;MYm@zI(-#k4VDqG3)ao$^Iq1-UY*%rRAlt)Xn_s5ptXiZI*f+q!{P3FFB|pC83zjKCOaJ}H_jtjblHo63Zy%y6cY zy+uKaL_sYJpTZ8?*VUO0%dYk*7E!6T`-f#lv)&r1Q@hThH>$ssaq&`Wz2eXn3_@=% zcs&&xbFXy_FB{o^b2AmkpTmQ7(HywhW8*;h4rc-)YY^4hSf~p=_l$hGy;kguvb|0y+RuBc4H14Wg z(&N!lrbwbLnL-BTl2Fllfw(e3aH%dysC4(cB`4{_5A%mpS{;dO3+Stpy6d|U5XjhN zywX_GqX5?TWVycyZpLF`7k+nGNZrWy&nY@utFa&`PQAMVPUhz2Of74nic-Ven5o=!@iZKR)wX>>U~^Rmf*V^BTnjX5K!^XZe7{6B>u4@FI+ zan=@KdSl$2J?CBB$}u1~)*+@eG!O#b9l@s|m{-)|<0M3)4FbJJ*$d0M#`E$$tu5^T zW@8EW4qr=5H%iskJ=HO$$-q^q7heKhQ9UT0H0?)Z1zY=vmzQGZs)gEgbPh%@QQBpe z6;bOSHs&QKT5Dca7pf2m=#3}mclscdC)$1->JtZ}xkh$@>j5No_5+#kLXV-kq`;V? zmC^e9Aza}ry^I+VWr9w;<~Gs|Rto;O9ORCk(xO5cB_sI-xQN98u&Oo(NRbj{Sgj9K zEGMpTO?&-lKRiG!33^qdz-p^eu;v7@~_1gEl(gg|KFbT3Jmo8Q@L5+ z!VM^j9Y~h`5URV<9bb?8f3X*Ds#Wo*xFYR9!&V9Z9QduFDtw_7_QI%wi7o9H|Ive= zs_Sf8=JxmNfRup%HSOQ}ka{Zxy4+Jk4;zEkaWAq=cu8=xfDR1wqdx4QY{^SDJGorn zsKr`OAIc7bR`Kqiij4J8*1b}g1p_mY3wyD>nrRa5pP3A3>J*N`XJHFB50CaQyIU*L zccd{I7B?rfIXCljzaEDND!Yv#^>z~HsV7K|}p4Z10Cs zWP8S|uy{$RkG1}0_sB1YHM8OZawd6 zRovS8erfKd)}I);zo5wn@UsHpuCh%9g4K;GZ2PthG#KP>-{#!$Wtv4Eku$PQWm?;6 zXn@H!2S*evp6*tja=L&g?_()v{c(n$r{EPzCrmSFVf{B+S(j0OZi)(SCRiJh7kIU` zXk12X7i+h*m+h_{r&cQS8^70eVhW-jZa;g$JXZU&Q%n9(>Qa^@Z5}CYJ15#BxNUe!H@vE`RRz&yw0=w@mUFCk*y5sA;*C9yg3txg))!ajiE zvhoyTh`)eV&D6uP>l#M$?U4%wO9mRxgPI#j-<8EeX^ltF$ep46(0$7&{r7LRx7ld3 zJnP_0E!gt60~KHjb88m6=ew;_o0heP#Iy6@N*`MZu0CqI6CiKKpM-vjV<+eQDyLBa z;;a0NMH|eA2-{JH>FFe?D2^u5cgY3$BUuNUj5_zrEL$oi+lVSlTJxU=e05~*FSAs~ zNKC>y9>H7NeGyyX=h9bbKa}|eyDv-WDxTO(7Otrsd7 ztD29Vwy^cy(beU(s+ErP?xiL+Pnx1Ty9bqkyZ${8T(q_ElSMU99DHRh`RYZ>n<_!l z^{8T#Ykl+&>y3ZFO=5H~dO<|GHXV!8x3jq2h?JBL(9rLrCx?11NdZBpn4le<8z|sV$v<%_6aZrfY z^V7zkG>$T&b+>_LrXC)vz;{uEFE=op9@lnXVH5F#>GNwo%{&XZ_|QcHx%_*z2h%np z(<9{;LDn)m)z-^-Pp$3R>O!len8~VKn$?1+i>j|zULtGY=swG#38Me%G^!sFvQ1DJ z=P{uSbw%RS_Y9)Nc96!2OBE?GK;<(# zj}GVto=fk8P}^>cEu*3ir3u(x;E{H9YIST2#FX$q=1>gjD&TPv60jkLe&Z9$HCm+= zO~TOeksiM)a0d6$1cfy2Qv&BmI-rXjG#E%MEQ-qiUpsL$eG@MOFu$wG79Q1~>XD_9 zp9U&0guH*_jU_Rlea?sU9A=5>Me0)nsXZUB4&XKY7G~xSrWCT+C#b5ckz}GXlM0(-S zq?y-&Pa%MB!A%XE)5s}^y>o%YMWqQCV%SqcfgDbNw^GaONd|%ZdSekB0u5*=tg5f| zs_^Z;IifFd7-*9iY!r#A%fx6adVM_e>kF5aUMnvb)p~`WejPx1oQjv-y)kXx!Dmfl z^z}RHdU+6|&d+W-)@UG8@@44_`WCx?V%Ap3cGK-=6J@m4IQ$adt0UozCAC-xKv$D8 z#oxnstVYFAXKlC=>lox}Sw8k<75dU60XuV(xPkvx(}`_Gc^B_?D!9@tvg^g|yfhk8 zK1~?fwc%21CM3p>ImIi#6P*U*DFLhc{4KAdgusw!2q4xqz5bIFryq{JQ@jD>ZGRFM zPls08z8GPkeg>z@F7H%|v&PP9+*OGCm$*wmIx<`oQlH)s2-XGR>Xi|y4{s(`(tMuu zllUO8{J4~}-Ep@aprGa zD#|uGI5Rf*JGqGFiy*w9u^H>zSg%#Y)xC%OX5{X8fJlTlefx68e0%Z@$Z4IAg z32>291vT>qsKX%;8S?eMrC!Ak!Nqs`8L^|u=;7bFZm5h=E7w}V zz7ymMQAS-{uy1&;&6HCsr#MRL@uU!w6;~(-Jtt01;3q2f#L%+yqg)h%HI5DA(j&+c z{7sw3_i%<=j)|Eze@3B-gw@L7iIaTwI4lk_JLr{&V_Un3(nu{q&XDIkA$V7Im-D6bX@axQvj25W~g+84fL?hLCy{ z*B)IZom|>qy!KNPwgoz-17S#_psq_IJ1=!vKlMUJ>Qe~SspdS|J3`Kka{Cf5e?K!k zz^g%~Za1d0?>_-EEFpNvkSTWVpb512*O~SqzMSGh(vKtMC9LDn_*6lSgffAv;!xaM zwv!-bo!?8q(Xz$JuCl>7V*Cy!CYmpRr54xReT_&2O(`{e8MZGB@O8MUZ8IkDk)&l- zBg+4Z)A-7(R||id*A&h-Z{2<))&0Fwihzy9DeCx30+a79E_Rl#M;BfI=IdnURJdf~ zfr{^Tz80@A;w5$IY0Gm*$+ZvWF(wgdObe5Qx~s~1Tlh#K(AAzZcCFfV9$0{SL^z|K z%r+@44Km}Nt#apc>NVjnaTR(YxXyIh-#cqwWnTiOgp=Yh33^s;K8P+|Ugoe~hQYt> zPedKs+F;tFH|+RWG3EIGF8`N?>pbBdY!(Gj6Q2*?e$(H2Bw!bi8W?MVX645U!|}j1 zK7)ewoP{^rh1k@NA8RurY$u$I0;+LgHZUC;9Ce<-^)+ zB?-%YGcY!_@&J@{?A!!&GcmWG@FPm3gBncg~*1X>+13rShIx4D=bW@W!UVs%A=DT1rp{v(_ zuhvc&70_-{W9U8txg7=B#-w13M1{b!qdzuXZH!V&`?9h{q+71OW0L-uwq_72R1>79 zbe;nw2}MmyOaht5k8WD%!jI9sK@%WudXNjo`^C2V{yiRGRd%;N$@%0eA@D^!*GQ%MjfNkJug>}2Fgy}7%l)VKkfay^1pJ-1*Rf>*I;5kDkhbTUhrg`QHs|1nWLFSMW!~oL6N!w!Ctlv? zcI~mRfvim9Ck&9yB|m{g`MP26$GyVjr*aBJ@ukWG|?P^|6FZUAU`_jqel$M zGkI;v^U|#;*?~E;a;tx{-+U-9%H45~QSF~jCLU8iGI(L}qfZ#w7;Qg?+iq5vaL=}M zTawVW(Hf=Qew09x2*!fvWjQsb(!+@h>oVhXg^7(nR7`gFilUpn~;J zu)~0;zozE6XyZVpm-`IMo~>B-!aPb5S#052?DJVi#+>xI?k`L^>1iI~NWOE0lSy&m zin~AHduhXSA!orC69tvRYF~(2UE}16a?Kmg2VQJFebaOQK*VzegN?SXD}&*giCeMG z?0LILOs=|y=#V|4lOoBzIP*qSh-@Pa>EIt0jsFv~u{WlI&=TF$4V6jipuB3b`ET&D zPzW&U0z3s8SVto&Hs-L^)=(A5FSdoJ3_S7U+-KXRrK=K28$Jm4!yuS!TRrdNZi$0z zMt;Lsa`ERlxC86=wegT$o6jEz@hFpKUcB?x_4ugk(eC{DofFUtj{DaYecNkRBTP-i zQj8 z13Q+w2A)SuuEc#_U9T{*UFh^H*$>Q&>I!4_e|JILQuUjhkTssjd6r(is$Xy9;Jw5< zCrEo1SWWxyKAHCmy(gbXPOamyx6af30ThCaHkp$vL8N&i08J^G2LS^G{w4NoVeSrS zSMdKGvZjJDb{-G1+{*!0PRKEOvuopCou8_2<(h~`rQ=HAUvLr6gUD0I4Jiv&mWfa8 zd_mUarH%rL|Lr@x^!vrS0FQR{Q!@of|A&90{&bH0b{LiVI#u6Stop%q(3HZI@2)A#z5(SWFAuJ(@LSTe=hEn@w2vJWj>^k(?+^NIlde!A1X?xb+g7+8-pK zfIJ&$<|0vL`Dasdh9sGftW$iNW?=y(PEJ@nR0<~mngI~guP{J%5fn56EWZyazhrH9 zpUtt==ocsV$?U6NnC_(+U|Y_$SlWTE!+Fdzf^RFwYi$$V>DtJ^BA7=gqkNf600Aal#{i z;MS$K?jbDQv{7^p1R0G|dhKhz5g?2x zutIT$f4+$eaX>9JjE4=97+%q&;m?|tNj_jpL6 ze}M<6Qa^@9-aegq^)~kutO#2Mv8OgLG*#Tnyv+|Anp1h7B&r%KwB0UEOfAf>cP6J2 z=3qw$jYj%i8YLIqFO>AYaq8zv^!}LH>uq1+tDzuc*&g~ZZ67Ix8W~M5@*;Ak8ueLv zNAt|y<$zfrN`n<~odjnR(USMovh$qlL`@8*t0e(9=gssQt$Gq z+U7YGs@>0-*GF$gBed;ZPlcDT{Kp&i2!(ZS_0<3k`#;|0a!&jNG=7Gc$$M#EeE|B4 z`vT`UqmRDY63hjNJR!NrjUA0~ww9%Aw&pJO;k%t)(U|n`%5L@l>M@M3SJjLW1{)hr zcp)W7wECiu1jA^Fx(lr-dw&N1ZF;jgG$U{4=cLn-$fkP$;N`026#ZT9(|eJq(CUN;_y#a6*84K<40t^?k z8qM6j*K0!#=P6g=bc_z~p2a)Q7`RgieY?ut3NOZ38OOW!_2@JV4jmaR5zZ+0lzJAH zfMdWwbGV0Lum-fvc4tzRjU_*aU;som-Ff%!V5arB@X1XS?Fs(7)~!LuO7^VFU(PGN zV3eJTl&yaBI*zDC$oIimuL~|b2d5%;E4#lh$TI8B0|BNnzrG%J*&dqG5g^H^naNG9 zzb3e$0~e{E;^Y_Wl%a(4W7Pg1!PDmO z5m!^k`c6X4Va=uHK(t%|(haldhQe>SJTS?hMujGM5`Ln*!TS?8iN=jQFE^1s)~UOeQY_Gx8Hujjl8HIX^&~%(I?hvCCaQCIJ<<#)AOU(YA4^5kfbRH<%!K zpyGeUwEKt%Jc;fAp47GApZEY3yJLNR)1!boYPVDW2}sbjliy^svSE-z*|i=?meggw zGbeXvELRI@y6nZx5&<;tX5-bX5ObKTBZ(BDB4LGLct!|6A^u?FKK?u|zALs02K~~= z>{3Lx6v3$I0f_0}>&+d5cU@6ua2Pt>U;he54}%Rg?(DP=d>|j9S5TQKf8S%Dl$lAh zT15;ZDG2iC;NZgV#FzB;`P@u5e4BbBC+MInt@ZE?OiHR9{JgV8&$;TmWy7N4CQXq? zbVy>RI7_<#bmRj$g1N4b{=FC^qNssz49<|#V|?3%k%#VDx+ke2La~knxOd`9+WG45pSb-e04xdB zW&=@apv1iu^$CcK7zUIzY+ zq)V}dnG*Wazt=0nL6iWX0YELUJY+`xg6<+TNKNqJSZnz$f5t_2w#M@iSb=Tyufeoo z(jOj?e4vxT2FXV}xV*E4Lph~P;8AOltjW*i$NlE#XSB{9hV|J^F`c8M>4qQ&+dwN4 zwX(LsgtV*m4ZRCqn1S-xI9lth%)R_spr_*W6rcuTFV$`Ugr^=+miFTlh;(vKC zL_d^=DefLTvrzjX%XB>NNnj<6Y_m>4V9| z(R2T`Hp0qQH3c<8NnXTHC159EtnZwZ=3{2els< zzKl7QzG?gh26``-W~oph;*5-IKFfv?X!pU-Cno#?kTQ|HGe5SxRo|B#T$rBlzWxoZP?B`ee>tMndb)5(V=V1$I`tzv0Vl@BVFIWO`f_2Dx9o z=Iz>-ks(W(&YE=B+HQnV+&_PU;*po~zC-~pLF+>^-BdkdA%CZ*fYiWDzcW3JV_OKG! zo)6TUMFG@VF#0#ZjIDd#P!wvTQrG9aI(PQTVPa-PwhapjgGFQSDh|Y`N_A^=d05H6 z)}NCAxiesY)AGC|00FJ^=?B0Zmm9(l2TBa%i<&`}n3@f*SdIN}NjGl_<(RCG&~e2% z#f<_M1l6rVe}v+lnCCHoM`UoWwu2BhI^8VXA5kus{K1B z*y)Vt$Vm|c>~uTv=VDS^72!_zPZiE)HEm-$JCN%T;;T|aA-H~P$qn%OUL#PubIG3< zH8!Ei6ukhVD{IL&!1aOJBwSXO#l5CEgBCa9*kk}Yp!+U(UvU7lATmsTFQFU)Q3=5O zFCA$u;B9yM8@#avRv#o^Ue6s*DV9|^{i3#8xwHh`YzsMpVOCs~G?~JAMM~uCl!@c2 z@2FpH;wV{y|Ft>iCI(~ZGreEM4WE#lxSbQLv3A`pKi<~z8rv=G-v}UW30V{Ns66dH zscg@1d5H!IQz8SvYx8F``qI~KZ|EazJ(SWIDO0CDF^A)lzWx&o8FOOHw6BG+|HA5U z92h7*=@iScuE$G20qLQa`zZN63gq z{ZA)?WI$JHWW+yUxM^e>DB6$vUv{53_8iZzXR=U1WKaVrD88QfJ#>nht`*#apME{h zJLGZd>Q=kH_?ryaQz3`uduJcF%+D)}FHVW8{?m8T7Y7FO-LpE$p62aD>|Fppgc*pa zZQ$xGU5`E^#v@PqZ3qQt^Hqtif#e!Jv`0Nvc^?183nT;lalMh23|hw1&&{8~UMlar z$TdN2HzEPTmE`O#B68sR)JM~Q845*?slS`y6#k~Rn}uSV;#5x|L- z{%8uGRK-t4Fl8@Tu1|M>YdO_x(;_KtS3qyGM+OTl4*ltCw67 zkdk>69-#d*UJOkfr-%pVv(!@kGJHB*X&;!c+P!8DWs0`XZ|l?}?65G^=~@BjQp<=t^K-qC1eOIr7B3zDIx=L4(<+9i zT;2P?GL+ zZ9R!5$cRGvk;Ezvw=GL|ahFcbm=#+O8=?C7I0Xp?wd*9v`l7E+o##sb8i;QZB9URg9Mw+T0`7a3qAv@W0Ee^$KG^=FC}v_(FuH<@ z0~}t?%2q2W1wnr;1OZLI1KMG*9ZPI+T-=k-%Q3D~(0EX!@2SD%Huc~)-`=-vJ-jWE zPfDEr594DiqyaIR=&OqYZEiz2Yy9UpK20Z<__xrDv!~C17%#6>Ky5vL40n$dQZp@e z3agQPcFb+ZtmD8V=ZNFLe|TQE5#7hlzVwi_6ak;~^!}_-|LWHF7C(Nd#9moBviZzz zS(@J&U)#++9vNz?u5Db?+!Ro}!5$`D|#?dgeZ-W}sL zYB+DNmu8aJv>u{gVzS^jpO&x8`VVfx)-NS#34WJATp<&YjHBId?3%H0EMDU;MFRc40YtmjQOD+|bx z(yiS$qy(wfK+*5A-ua#8_qh-?&i|{sv;KB6g4J(-)h#YN9T^^v1d-WB-+1AtssZ65&j;H9&+M|x zJ=c$fo8=R^Vw7dL^vlAgUwZ_UAuBO=_~ut2NyohkN4;3jR~$*xrMcV~SkL01*({WJ z8|P?z6=RiXU3Mu|+#O8}Ik^A*41g3K4dE}c)a~MIae(RanH*A*+~Lv(IHO#5 zgSORsWtqC)jJ&LOjLuGeYyOe&7VV*R<>uqEonSyD2q6NLfo$@={W61p9+Z7df>M_Y zKFNPSqp!fQS8R5mZ>f7;Jatr!h1JEELbYSdSV|k_@oa7N3Z^PiJda#xiQF?ksU`IA zlcbk$T&J48&jiraa*5t6VwXB#t`5dFnGclONQLVf4AD=$cVF9^bVjywlo9F0^Vy!1 zo2!g46W2SV_f4F)kJsVz6FVESAG-5=1_ch5Xw$T7&?{S%#t{OLB z!trjjS6D%R-l-VYi2)4T8Ydl%$f9%271iX!nP)Xz+#_8~_ew}8BXJxf6;zqiG%?Ch z54Oo))YScvtS(FZKByprRMz0DfyqR$1Z&g&Bn9+n+iRg{y(>_w{NEN>y5H~0kV@Ug*!_>z9d>&7| z6$jWoax#d}D8}92=_r@AdUP*ns2UpR>P}T^|DN!2Y{{rp$1eim2CtR&wHX>~8jOBc zm6nyx)aYvdtND|j{2 z;SoS}Z>W$9fHZVHHfr}s0qs+bSCqdFYnEFHRn3T<%E-&QU>A#wqy%hWZKrq{F=I5M zzMJbR0Nn=%UjXZloU9`GR&tqFkMqOt!RqKkTjwXtECJ`ynNtH8Vc-;g|DK>nhaeAu zdf`scr|>;%*dyaoMCa`r2X&@4DD9EVV#%hn6vV#~TW5(&IIOIkJMiA(jCX~_|G@rn zi2Tzhnmagn>ab-&v3Z+C#2)<-h&P6FD4nK6$^aj4P-r zRb%5W2<^{sG*c}|W(tW>pPSnE?3M=aqoFfxPSkd)`64={ocOFoN9;@nFnxcmwD~ z=z$r5bK&oJO!VuuuUoErL{}==FOkE1O<~})<+rovG~Xn8eAb60F2-e{;}2668j6MS zQZAy|IiB(In!9|@_&5At1GzWOLH*4VMg`EoG_y2bK7Zd9R4@V&YZenVt@T{Ne7LR8 zDDh!Ti!j~bIzgTvH^iR#9J;qf0Pz*kaj?4-1zcx}rd!%i*6uZ;%&=|hwF{))TRrC* z5h@KcF^!U&fuT!jH|v}eT5{~YU3B}{{-m{i$nh37ugdWxy`$+Onu7fJI{B7<5gkz; zO~M%-=Vw{?o!xwU&r{K6L@AW-bNhwOmCIx(*-k=!q*?fWeD+BF0hA|aNM8_xG~TvjMV8*yRQy$Q@z5_wJmvC}Ci*$fd9u@xN55d`WzsR9 zM}`6HM8(WL5WA;4|wMt>U47q9}PDd zPplu@$Q0&+3INyq=a6F>CEb;*mDiKqvl@CMhrMs9YNp$%j$Q24@+xm+Kv0^WwpL?C z^pArT#U};%lgNheyT4(XX7J0Av-;=PT9a-j(>#Bg5UI3QY{4C6A9tPo&#b^@{>KiH z#+s+*sM^#2>DbAybf-Nv<+auR&dGX5A?3}kZwSIv;HooPm6`YPs;@V>%O#$`G*P3{ z>^3$1_4+sJGTTIk2Du9f?lniWUnKGgoULig5_$7s(qXrWY+LklEW~Em`>y z6=B)3{qqwrKj+h-VyutBM(i8Cg-x*gh4}LjR=TpY$0$@P&K%FA zZhB5Yvna%6hOnp$(?fe+S``e}$wwb9&6k6J>Bk7j$y|ww%AS;1%e>CV4dECccP-3Y zK&7r|v{JATAz)EQcOYF%MQX`A(lx$JD4#S4gx8iZ##TI+%;3GTFUiNwR28&xC7)kI zVF7!ISxbT_BX9;fsYQ|ULAw?RmQ|&Vah&48#E33iApx5`?=Z|ze*Tkt6Cx>*QysQV z5akvHFl4i;gamER zTW5bC0jk&UxOAlC-4`h!y^10!)75!ZQ7@#mow$R`GI_^lX}1PozD-J)uH`yf_r*K% zwbpB+^bADT&W}}TX-Tnvw%0M?_IFFV3zI8u+0&^dwqQYWSjWijidnMCKhlcz9Acz{ z3i&D4#5_qO6)U^AB9GS2PbC>L^+fG`jB=h2^H;LuzaQLCn&^f#VCorQ<2I77=t{`x zlidA@T{jY|Mu)Dd{zAMaKc^lM+?K6C`0mvD{iYa?YQBscSl!(|9w5aYRc3U4`jhmU zoyj$G3LOf$B`kvrAMen4_xk(t!nt7c>RSCXa*I}X^%FHEBYQ34XXdtLhhdXSV%d_g zbSP^GW#koYb8k#L>NS}T-B+F`O1B+e%_E>)(e_wZ5X?x+3zb#gfjRkz;vOzmd(wZ1 z{vlD+m|E9qwU1B}eDjDHS$0p;rB9p-6RLZj#GH@SrE;0;R4UJ3G+Znos*>&jpPu`g@|Ntle@Em7>-Or zHV|}=i}w#eISp`Yj1R0H++)a=QX$^!Eq_)ea&5vRfI&heR(vy=46!MiZ4ujB{u4bPUDLsXdEKVg%v7rS4#Uw?t8qND>=HuyLJs9~5x*QI2mrCNLOx%cH$y>j!Y zvGXroqzwd-(Ot;p??`F|N$uhqfLn62N78*x_iSVPgKc=g`3*@U)#so{x86+uO^}DY zJsHF?=?CIr*HCYHNxsT?37tR4;Tr+4tX6r`vW%L#LNS1u|F0jD@9+*^+-46{o!9VN zw8v&L5mxlM7gK+-^Z}eN6X8e66NEUuH;#i@EpVGiK*0^O`emgiD=AVc$CF(#l_bws z230Lx*qfi7WyoygTd=o54&9Fb(B6T2_wo?49vU zVO&+OVsb{{&y1c;VC=O2DsBJ9d3~7Tm*u9lvGl$zZc7831o0CcQGt~XB4DyBIr0>O zQJy6!MMnI!5xt|DP6;8byPs$$XKIqf(uHX5mMOXIx*uIU-I9K|Z*0XR@5F*YC^wOsYO{HjKomlJh2=bG>td9C)P1y1Y z)s82{C8&m83T@t0u$#-Q4NnfM^D1Lu&Fa%=Evs(4P%RALBQ1GY69)^dg%E2O z?QHcPiT)&g0-f?YQo=)_;O_ZibEdO%>_v(xP4rP}XqEydtHo5O>|W^vwW=~%Z)K$O zYGuweO$RH)>!l`8lbQdDpbZpqf7zpIB-zNqk+lu$ib=#m0M? zeMj5|{O=sYgDq*J(kt@43ul|s#syIBhsAg2k+&=d)&P-Aes1!Nw^Q#%VIYqBJaDu7 z%ymwQpj=SQUm*E_GD&WcI;V_8J}mdQ9d*3Q7K(wk4ySUA=GS3zQAU4;G=C6Sf4rPd z7oSgRMm`*Hl#x%9Hg=N+cJpFF2!gZT44SPhd6eb<|LpKAFjQ) zmj0xw#KIFnV4HGT<)>Znd^W=KEPvE^!K1{s+`JJcxqh<9H)Q;Av-0fz!`@;^9wwfb z_&iZME-x z;XvEXXl>l1`&2;S41H(XbOd$zwZpvS-!BhB$g<2gER}MTM;woBUlxp0Pk#J$4)$qj zjFMeFq)&7_{>T_aCY(xrj_e;n?%>%6vSVK8nUC-3`9)tHd^bBoR+W=vy!<}Sj?T5L zJZBUyk81qAFI>heo9V~GFtcgI$qu-Y?hWO&T@};E{W!V_0VoWL+9-8C1?rZI=S{A_ zTTJ`oF%xurNU`cZWt&tIy3Nav>;QR%1Ie%ojVvM?aytPA}^Ji*4J)DnUTp{`a?UKN9Y@I4x{f z&UzvO1odc@G-(lE?FO9~HEGY>@#uT?HcN#x#{81$j>31iMqI+hhG=HF<8KAN9U|&c zlk6&$(+P$EQ?7l;iJtfork$;^++UbcP_SwwzOj&3(22#4dau@mDNg)yw;L?YvMPMM zq)LAy2+qnyL41n&=RWMM+#lnq5g&*4<#I>!55&d9qF%isY}g$=Io@UVoQeSqqWy5? z_R-D!SV=t%xqX&;FIy!oG(=&CJaMv9v;{2cerhdk7r1|`gp7h7J_#<<5YLAv3PP&OeqGULfo>?LZa_CNTmxvuq8U zo}NB3GC}}PUL-$NKQ=bjouN#)L?F@09WE7zP+t9ICPYRy>a*Da7gB0hhu>)9ui5%d zxCBQDpPBX~_-5V4ubX8<&T58+R}fDk4-XFf7R&tF3Y2nnxaIa5sMu8whDVQvk$hzi zqqSPOB`&j_1f*sWk4^HdXEz$A_r$Jjori#7#SvP zGx)DFp!NX3WjDC<>t?~;_+HelmHuK&EFNE-Wo1}uTQTK#UcT_L?QG|J_Yu$8?;-m> zsgvdRZ)g|v*$o=6^t1sYP}abU82FLd57JW8($e0&llDE>0!V4s;9wOs06A^>5(mFN zRmjyT;vqv=SXcnDF$PN@NP?V|c3u6dm79aXSp5Y&BcL^>l|2!23kwG$yS46%U&{DK zxa99?(zZBhq)K0kZUJ24h}Ys5v=jv*{3Cl@E6_4$HuteUGs0N86Q3J#^NWiYl$_u< z(CCuF!tT`)5Sz{MuRlnc&b=hQvp0bCJBt9lXJg(E9TmFt>h95P&%L#AV4PAQNOFReC>wkGS^zE@`yaXXh&(DV2JF?*!4}A1f&bBB z-O*s(D{6y&{^s&8UwGqM0plp=IhP(HyAczulZRXNKRHCaZZ&gT9eLkj;ZS$9bN@yU z4ks!hQ4UDX&d$!`z z%a6Vod;_-Rv?MbG{x?Zd%$I#scx}zm(sI_BAqak^uf07IgW(B8MVsk^N*(>{`+c$A7mEG^>B^dmHwmbfp!8Z_ z^bGetWoKIgTJ!i*bKlUTI$-ggY@@Ii#aQXh_Kav*uk};Mc-i!a&$btEkE+&dym#-i z#*i6Y-d!2K65Uc&Ri&iqBNr74x}N;_moV@!zkK-;rub2Z`%-ZCz(A5lHp5H}vPeFC zZIb!qao;wXtp7r8Hnn^a&!KQHs$HZ**s_!7%b=^j|4EZo_QByH2M32ypKrAC50KAV z1J!ZqClj}{wm%;rD^kvEI)z{az z@z;TQk87P;8Lsm7_C~=VBKa(nEdb~0;IO(_P$w%SL_-;(ovUMGv$%lE19)sPR@VDq z%c{l69@xDJ2?@+cbIOyGlm3Tg{)dIpzP1Db;CPe~-`Unv7gK$A^btSJgv5u@+TPxWFs8M>hgn%! z0Ivo8cX1I$m=zBsqWnC)yecayJnilCGcryiYEO<4TxySuiw76_-ONhse*x&A8p3`jn`zHN#t zVoUvnlNGb6!s^A@*&Kj${aeEIUIQg9`k(?Si=LxqF>`j_Xyr&F4iL5J1(+nGr1KBd z?Y`~C5Gr^T7}ppiOuwXqaR3c-Tk20=JV;jv+1SUY%6Nx2O~8kWnxFOZ5J1g?r!-(v zSPqoaCjyVT-`EbG4Sh{06q+i-GwgXFXO|3iO*&3B6Yz+& z_QO)D^V$z&aDV?+`X0K8$(#XVMWoFpd8gA59`EDtUw5(vkXpotyu8H(LwlB>Dd!6C zs3T4-SL1)r&s)`bu7OJcQs27AyUFqk92)Ve*ZoxwjjG&urDahx%@T2~Ltt7za`rB6 zKY#wbw^y%6BqTT(__VUe>(TD+?x?T7fPUN6)z#j9A3Da&&2hFk-Ev*aL`R>@$oGe#vmTdumJ-P{hGPK=&Lg3L=Z^|{K>p6kG3PX|m&2n!37rjvc& zg&P3H&>*dtjJgGGXx!5{{UJ3mOUylnh~gky1WF)uIg6*1d~y11gxjuOZ(dPh+=8yg$J z)FG&&Te7pVW@cs(Pkela3M^68?{&DRC89XP!IQ6(@sP@cP3?StYZa)P;Bo-o3I2=l zdpm;;tE;P)aT{Qch|14m$6md9weEp$kvm?$Sx_y{RdbCBb&a~e#HuHPzqTBt@gb*~ zegaD62bQiMqT7n_!>fMo*i@O|rw}=neEWv8{sy75C06#(R_guEglP50!9+0`h7A8mx4imm+*$n~^bFv)VJ9gI6!UAzSVfr3B5GFwku93Ey(IC)9 z;2)B+!anZ7Mel7-Hav0k@aU)d5XLwFS>L5pnci7n@-aXIDMtvQ#ATyiNSh7HB^0RTR zpYj)7TwJoOg5_DTo4`b8jmgo=gVD~iI=IdKav%OS#E?wzqhMwSy1F0`$+!N( zk?LVGf8OVxyUNP`YcH66rr4MVV03~G%DQofI-v?SAp=5x-NVO;m>B@#**&rByzbp2!((GlAg3X)Onp8;HpM{FVXnhT z%co!cM4)^~$=lu3)Re*h=fZ#JaX^3`wQux@EDw$zyM58q*4^$kbO2|u?3_3!9rPN~ zFA$(ph`@%i7TKM`-rioDB6IBK4ungu?h>NLAU;8Y6cxAM@9_bxz1jl86}MOkKisEF zz?Oo(1NFOlJopMCfZ7?-F&nxDu1uIjva+^bSXr?kgu!oGN|%ogcm3BRP{?oAZzd%` zU)qd5ZvL_U2F`m&IBh?YxuGDBrU=MP?Lw0hd@=W`p$4(Myj;X1E-nsqS`m@0xHSBa z(q+gxW1@W&V?TlWAA&GB={_V07Ee9e)c9*eK(YG!JqGQ{ws&@nH;X(8Aw-&LCVq_q z5qJ&Kt;Nb?u*#6rQL+5_{d=SSG*x-N_fo%Lqrh1b60S^w%d7DgXPKJo&VWt26%Z0=7$Fc_Km|^2xHiGKVcezoVk|_#(SG`C!6XiVlq%1xHyTH z@;zKGOUaUyl-wu$=15JI!52yj3Ui?(0JH<0T}jiz((*!>;)4g+xw$zAy})8gGu4%v zXT(QEMs96wA=fH6!vXRi{_)S^HrQN99bM6A=q6BK^clua{lNoB7;+$@Me;Gr`jpqy z)a2%J#oUW;n}+-gg5GGqtqgcUQRDgTu^QTFLbr{COD#_DMF@`}B>Ne|MksdxFF#0- z2^jTWThA(xQ7w~@9$Et9`RC7{kb+`x);HqP<5vdDup%7~IYIa!4imHOckEyT@Gu6m zc+g}%BViBOe+5#b&s8N>N=iyTy(?MNh5(<3Xqn&x!E1v740;U)`xfmvqWTy%WkU9+ znhEy|Ont}~ynP&=5F}+fM9|*aS~a_8+;J~N4nGb+dMZYVC&@FA_U0BA7DBl5vuLQl zA8fW8Bz(4FRj!MA>OGe)U)C!y9`5QwAjTab077mCvIN10etV6~#~aWL;(JK^Z(FfL z_{$N8(FN(heDUI1u{&4zgr$BAy9#ZSa|OiU(4K<1mZ;u!xVgC*VnE2z5w`^{-p}q? zov-!{=p$qeH1~V(-O+x;2vU})Nq9IAF|)P_;@V)i=K`t26lI|u#GV`r)QAcn-`9l~1Qo}iCq%b7X;m||z_h}^ zgAX>3Qe@p7^{?X$S36vON{~78U_lK+ykN2(0v$}~BaFU&I;lU@IPpQLL2UP^(?UNSQiNBft&gd1ySfB#jSfEf{BF0gVFo*pAk>vQs7;U ztKFOaM^m4wwO~p21U$4Jwd(u{^C;$Y!*(4VH3EUSj#he%HhYRTmojxWhc|?ffRHG! zpa8F+n2w;Jl&GYXpx{jb0Vx3iO@->f|8{_#gP9e~5&W+QTw@}Zg#$SM>le^gcIGbV ar*@A2`!Vih*T>-)go=`eV!r&7!2btG8Lct^ literal 0 HcmV?d00001 From a1c418bd78f0fdb4b1b9a70f3c344c1732d8c09d Mon Sep 17 00:00:00 2001 From: Sascha Martens Date: Fri, 17 Oct 2025 12:29:50 +0200 Subject: [PATCH 2/4] Added old versions to sidebar, changed all internal links to v9.3 (in 9.3) --- .../clientmodule/applications/applications.md | 6 +- .../applications/configuration_of_saml.md | 4 +- .../example_applications.md | 6 +- .../saml_application_for_dropbox.md | 2 +- .../saml_application_for_postman.md | 2 +- .../sap_gui_logon_-_sso_application.md | 4 +- .../learning_the_applications.md | 2 +- .../rdp_and_ssh_applications.md | 2 +- .../recording_a_session.md | 2 +- .../discoveryservice/configuration_1.md | 6 +- .../discoveryservice/logbook_1.md | 4 +- .../advancedview/clientmodule/documents.md | 2 +- .../advancedview/clientmodule/forms/forms.md | 8 +-- .../advancedview/clientmodule/logbook.md | 4 +- .../clientmodule/notifications.md | 8 +-- .../end-to-end_encryption.md | 2 +- .../activedirectorylink/masterkey_mode.md | 10 ++-- .../directoryservices/directory_services.md | 4 +- .../organisationalstructure/first_factor.md | 2 +- .../user_passwords_logging_in.md | 2 +- .../multifactor_authentication.md | 4 +- .../otp_(one-time-password).md | 4 +- .../yubicoyubikey.md | 2 +- .../organisational_structure.md | 14 ++--- .../permissions_for_organisational.md | 6 +- .../clientmodule/passwordreset/heartbeat.md | 8 +-- .../passwordreset/user-defined_scripts.md | 2 +- .../clientmodule/passwords/recycle_bin.md | 2 +- .../advancedview/clientmodule/roles.md | 8 +-- .../advancedview/mainmenufc/account.md | 6 +- .../advancedview/mainmenufc/export/export.md | 6 +- .../mainmenufc/export/export_wizard.md | 6 +- .../export/html_webviewer_export.md | 4 +- .../advancedview/mainmenufc/extras/extras.md | 14 ++--- .../mainmenufc/extras/image_manager.md | 2 +- .../mainmenufc/extras/password_generator.md | 2 +- .../mainmenufc/extras/password_rules.md | 6 +- .../advancedview/mainmenufc/extras/reports.md | 6 +- .../mainmenufc/extras/seal_templates.md | 2 +- .../extras/systemtasks/emergency_webviewer.md | 6 +- .../mainmenufc/extras/tag_manager.md | 2 +- .../advancedview/mainmenufc/import.md | 2 +- .../advancedview/mainmenufc/main_menu_fc.md | 16 +++--- .../mainmenufc/userrights/user_rights.md | 12 ++-- .../mainmenufc/usersettings/user_settings.md | 10 ++-- .../dashboard_and_widgets.md | 4 +- .../dashboardandwidgets/keyboard_shortcuts.md | 2 +- .../filter/advanced_filter_settings.md | 4 +- .../operationandsetup/filter/display_mode.md | 4 +- .../operationandsetup/filter/filter.md | 6 +- .../operationandsetup/list_view.md | 6 +- .../operationandsetup/operation_and_setup.md | 56 +++++++++---------- .../operationandsetup/reading_pane.md | 10 ++-- .../advancedview/operationandsetup/ribbon.md | 6 +- .../advancedview/operationandsetup/search.md | 4 +- .../inheritance_from_organizational.md | 4 +- .../manual_setting_of_permissions.md | 12 ++-- .../multiple_editing_of_permissions.md | 2 +- .../right_templates.md | 4 +- .../permission_concept_and_protective.md | 10 ++-- .../predefiningrights/predefining_rights.md | 18 +++--- .../working_with_predefined_rights.md | 8 +-- .../protectivemechanisms/password_masking.md | 6 +- .../protective_mechanisms.md | 10 ++-- .../seals/release_mechanism.md | 4 +- .../protectivemechanisms/seals/seals.md | 14 ++--- .../temporary_permissions.md | 2 +- .../protectivemechanisms/visibility.md | 4 +- .../autofilladdon/autofill_add-on.md | 4 +- .../9.3/configuration/basicview/basic_view.md | 4 +- .../to_do_for_administration.md | 2 +- .../9.3/configuration/basicview/view.md | 2 +- .../browseraddons/applications_add-on.md | 2 +- .../mobiledevices/settings_mobileapp.md | 2 +- .../installation_of_the_app.md | 6 +- .../setupmobiledevice/setup_mobile_device.md | 12 ++-- .../mobiledevices/synchronization.md | 4 +- .../offlineclient/offline_client.md | 10 ++-- .../offlineclient/setup_and_sync.md | 6 +- .../servermanger/certificates/certificates.md | 10 ++-- .../certificates/database_certificates.md | 2 +- .../discovery_service_certificates.md | 2 +- .../certificates/master_key_certificates.md | 2 +- .../password_reset_certificates.md | 4 +- .../ssl_connection_certificates.md | 4 +- .../databaseproperties/database_properties.md | 6 +- .../servermanger/databaseproperties/syslog.md | 2 +- .../backupsettings/backup_management.md | 4 +- .../disaster_recovery_scenarios.md | 6 +- .../servermanger/mainmenu/main_menu.md | 10 ++-- .../databasesettings/database_settings.md | 6 +- .../managingdatabases/managing_databases.md | 2 +- .../operation_and_setup_admin_client.md | 2 +- .../servermanger/server_manger.md | 2 +- .../servermanger/setup_wizard.md | 12 ++-- ...authorization_and_protection_mechanisms.md | 4 +- .../functionalscope/functional_scope.md | 18 +++--- .../organisational_structure.md | 6 +- .../operation/filter_or_structure_area.md | 2 +- .../webapplication/operation/header.md | 2 +- .../webapplication/operation/list_view.md | 2 +- .../webapplication/operation/menu.md | 4 +- .../operation/navigationbar/settings_wc.md | 6 +- .../webapplication/operation/operation.md | 14 ++--- .../operation/reading_pane_webclient.md | 2 +- .../webapplication/web_application.md | 4 +- .../9.3/enduser/createnewentry.md | 2 +- .../installation_server_manager.md | 4 +- .../installation_browser_add-on.md | 8 +-- .../installationclient/installation_client.md | 2 +- .../installation_web_application.md | 2 +- .../versionhistory/version_history.md | 20 +++---- .../maintenance/eccmigration/ecc_migration.md | 4 +- .../ecc_migration_administrator_manual.md | 2 +- .../9.3/maintenance/moving_the_server.md | 14 ++--- docs/passwordsecure/9.3/maintenance/update.md | 10 ++-- sidebars/passwordsecure/9.3.js | 16 ++++++ 117 files changed, 364 insertions(+), 348 deletions(-) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md index 485317c25f..8465dc9cdd 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md @@ -18,7 +18,7 @@ automatic logon to almost any kind of software. ![applications module](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_1-en.webp) - Automatic logins to websites are covered by the - [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md). + [Autofill Add-on](/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md). ## The four types of applications @@ -29,14 +29,14 @@ applications. In terms of how they are handled, **RDP and SSH** applications can be covered together. Both types of application can be (optionally) "embedded" in Netwrix Password Secure. The relevant session then -opens in its own tab in the [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). +opens in its own tab in the [Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md). All other forms of automatic logins are summarized in the **SSO applications** and **web applications** categories. How exactly these logins are created and used is covered in the next section and in the web applications chapter. They include all forms of Windows login masks and also applications for websites. In contrast to RDP and SSH applications, they cannot be started embedded in Netwrix Password Secure but are instead opened as usual in their own window. These SSO applications need to be defined in advance. In Netwrix Password Secure, this is also described as -[Learning the applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). In contrast, +[Learning the applications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). In contrast, RDP and SSH can be both completely defined and also started within Netwrix Password Secure. ## RDP and SSH diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md index 3f5a4f9827..d51394d09a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md @@ -56,6 +56,6 @@ After verification, the **SAML application** can be started from the Basic view application** with a password. NOTE: Setup and configuration instructions for -[SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) and -[SAML application for Postman](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md)can be +[SAML Application for Dropbox](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) and +[SAML application for Postman](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md)can be found in the corresponding chapters. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md index a9c13b2a3c..7a05d47abd 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md @@ -8,6 +8,6 @@ sidebar_position: 40 In this section you'll find examples for applications. -- [SAP GUI logon - SSO Application](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md) -- [SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) -- [SAML application for Postman](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md) +- [SAP GUI logon - SSO Application](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md) +- [SAML Application for Dropbox](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) +- [SAML application for Postman](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md index 2ea15ebed2..a986570952 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md @@ -9,7 +9,7 @@ sidebar_position: 20 ## SAML Configuration Example for Dropbox This chapter explains how to configure the SAML application for **Dropbox**. It is assumed that -[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been +[Configuration of SAML](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been activated in the Server Manager. - Log in as administrator at the **Dropbox** diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md index 5d4d167343..15d012694e 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md @@ -9,7 +9,7 @@ sidebar_position: 30 ## SAML configuration example for Postman This chapter explains how to configure the SAML application for **Postman**. It is assumed that -[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been +[Configuration of SAML](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been activated in the Server Manager. - First, you register with Postman. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md index 47fd2f3abf..f145ce0241 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md @@ -9,11 +9,11 @@ sidebar_position: 10 ## Fundamental information Logging into SAP can be achieved via the usage of -[Start Parameter](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). The +[Start Parameter](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). The prerequisite here is for the login process to be carried out via the "SAPshortcut". All available parameters are listed in the [SAP-Wiki](https://wiki.scn.sap.com/wiki/display/NWTech/SAPshortcut). -Form Firstly, a [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) should be created with the required fields. This +Form Firstly, a [Forms](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md) should be created with the required fields. This could look like this: ![SAP form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_1-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md index 7aa901d064..9acaa59f9e 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md @@ -72,7 +72,7 @@ storage location for all users, it can then also be accessed by all other users. ## Linking records with applications -In the [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md), the newly created application can now be directly +In the [Passwords](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md), the newly created application can now be directly linked. To do this, mark the record to be linked and open the "Connect application" menu in the "Start" tab via the ribbon. This will open a list of all the available applications. It is now possible here to link to the previously created application "VMware". diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md index f01360b811..b90b6ac47a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md @@ -44,6 +44,6 @@ NOTE: The file extension may first have to be enabled via the settings. ## Keyboard shortcuts Netwrix Password Secure supports various -[Keyboard shortcuts](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md). For +[Keyboard shortcuts](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md). For example transferring user name and password to the corresponding application. However, it should be noted that this only works if the application is opened directly from Netwrix Password Secure diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md index 4f09a9ef6c..1813418aab 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md @@ -74,4 +74,4 @@ When are indicators set? If desired, recordings can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section -[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md)s. +[Managing databases](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md)s. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md index c6e931c71f..47befb4adc 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md @@ -10,7 +10,7 @@ sidebar_position: 20 When this module is opened in Netwrix Password Secure, **there are no entries displayed in the Discovery Service** module at the beginning. The entries need to be generated using a -[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). +[System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ![discovery service entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-1-en.webp) @@ -23,7 +23,7 @@ NOTE: The information can be grouped together using the column editor. ## Network Scan -A **Discovery Service Task** is used to add a new [Discovery Service](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md) and +A **Discovery Service Task** is used to add a new [Discovery Service](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md) and is then correspondingly configured for a **Network Scan**. Depending on the configuration of the **Network Scan**, the following types are discovered: @@ -97,7 +97,7 @@ information. is then automatically taken over and executed by the accessible servers on the list. The list is searched from top to bottom to find an accessible server. 3. **Tags**: The use of tags is described in more detail in the section - [Tag manager](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md). A special tag can be + [Tag manager](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md). A special tag can be entered here for the **Discovery Service Task**. After the **Discovery Service Task** has been configured, a connection test is performed when the diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md index 53d0c046fe..4b3f96ed0d 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md @@ -10,7 +10,7 @@ The logbook in the footer of the **Discovery Service Task** is extremely helpful **Discovery Service Task**. Information about the progress of the **Discovery Service Task** is displayed here. The data is displayed both in the **footer** and also in the **logbook module** (although in more detail here). To display the footer, the user requires the **user right**: Global -settings in the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) in the category: +settings in the [User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md) in the category: "Footer area" - "Show logbook in the footer area (activated)" ## Show in footer @@ -34,7 +34,7 @@ If an error occurs during the execution of the **Discovery Service Task**, this ## Display in the logbook In general, the **logbook module** displays more detailed information about the **Discovery Service -Task**. The [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) can be used to select which data +Task**. The [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md) can be used to select which data is displayed. The same **events** as for the footer for the **Discovery Service Task** are also used here. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md index c50d9318aa..e16062b535 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md @@ -54,7 +54,7 @@ The heart of each document management system is the ability to capture and archi documents or files. All versions of a document can be compared with each other and historical versions can be restored if necessary. Netwrix Password Secure provides this functionality via the history in the ribbon, as well as in the footer area for ​​the detailed view of a document. This can -be used in the same way as the [History](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md). The interplay between the +be used in the same way as the [History](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md). The interplay between the document-specific event logbook and the history provides a complete list of all information that is relevant to the handling of sensitive data. Version management can be used to restore any historical versions of a document. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md index 6be41ee81e..e151e9c718 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md @@ -35,8 +35,8 @@ individual requirements. ![forms](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_2-em.webp) The associated preview for the form selected in -[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) appears in the -[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). Both the field name and also +[List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) appears in the +[Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md). Both the field name and also the field type are visible. ## Creating new forms @@ -54,7 +54,7 @@ relevant buttons in the ribbon. The following field settings thus appear for the field type "Password": "Mandatory field, reveal only with reason, check only generated passwords and password policy". These can now be defined as desired. (**Note**: It is possible to select -[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) within the field settings; +[Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) within the field settings; they are defined as part of the options in the main menu) **CAUTION:** If a form has been created, it can then be selected for use when creating new records. @@ -100,7 +100,7 @@ the RDP session. ![updated form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_7-en.webp) NOTE: The **forms module** is based on the -[Web Application](/docs/passwordsecure/9.2/configuration/webapplication/web_application.md) module of the same name. Both modules +[Web Application](/docs/passwordsecure/9.3/configuration/webapplication/web_application.md) module of the same name. Both modules have a different scope and design but are almost identical to use. ## Standard form diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md index 782b6417cf..d6dfecac31 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md @@ -49,10 +49,10 @@ completed in a traceable and audit-proof manner to prevent falsification. NOTE: If desired, the logbook can be automatically cleaned up. This option can be configured on the Server Manager. Further information can be found in the section -[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md). +[Managing databases](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md). ## Transferring to a Syslog server The logbook can also be completely transferred to a -[Syslog](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md) server. Further information on this +[Syslog](/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md) server. Further information on this subject can be found in the section Syslog. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md index e94b60a5c2..a19c8e7946 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md @@ -14,7 +14,7 @@ for the currently registered Netwrix Password Secure user. It is not possible to notification for another user. Each user can and should define himself which passwords, which triggers as well as changes are important and informative for him. The configuration of visibility is explained in a similar way to the other modules in one place -[Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) +[Visibility](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) ![Notifications modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) @@ -62,9 +62,9 @@ that a notification is really only triggered for relevant events. As well as manually configurable notifications, there are other triggers in Netwrix Password Secure which will result in notifications. -- [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md): Requests +- [Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md): Requests to release sealed records are handled via the notification system -- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)s: If reports are automatically +- [System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)s: If reports are automatically created via the system tasks, these are also made available in the form of a notification. If this type of notification is selected, it can be directly opened via the corresponding button that appears on the ribbon. @@ -75,4 +75,4 @@ which will result in notifications. If desired, notifications can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section -[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md). +[Managing databases](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md index eee5b94bd3..46b707af1d 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md @@ -8,7 +8,7 @@ sidebar_position: 10 ## Maximum encryption -[Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption currently offers +[Active Directory link](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption currently offers **maximum security**. Only users, organisational units and roles are imported. The permissions and the hierarchical relationship between the individual objects needs to be separately configured in Netwrix Password Secure. The advantage offered by end-to-end encryption is that Active Directory is diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md index 08a0d7f4c0..605f4b622b 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md @@ -8,7 +8,7 @@ sidebar_position: 20 ## Maximum convenience -In contrast to [End-to-end encryption](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md), which places the main focus on +In contrast to [End-to-end encryption](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md), which places the main focus on security, Masterkey mode provides the maximum level of convenience. It not only imports users, organisational units and roles but also their links and affiliations. It can be synchronized to update the information and affiliations. **In this scenario, Active Directory is used as a leading @@ -79,10 +79,10 @@ connection is not possible, deactivate SecureSocketsLayer and try again. **CAUTION:** The master key is added in form of a certificate. It is **essential to back up** the generated certificate! If the database is being moved to another server, the certificate also needs to be transferred! Further information can be found in the section -[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md). +[Certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md). NOTE: You can now use the option to integrate a RADIUS server. Read more in -[RADIUS authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). +[RADIUS authentication](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). ## Import @@ -183,7 +183,7 @@ roles already exist in Netwrix Password Secure or have also been imported. Users who are imported using this mode can log in with the domain password. Please note that no domain needs to be specified when logging in. Of course, the login process can also be supplemented with -[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). +[Multifactor Authentication](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). NOTE: Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server is accessible, the users in the domain authenticate themselves via Kerberos using their domain @@ -232,7 +232,7 @@ the synchronization runs in the background. A hint indicates that the process ha ### Synchronization via system tasks The synchronization can also be carried out automatically. This is made possible via the -[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). +[System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ### Deleting or removing users diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md index bad86ef5f7..4b48867a6c 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md @@ -11,6 +11,6 @@ Password Secure. Choose your preferred integration method: -- [Microsoft Entra ID connection](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md) +- [Microsoft Entra ID connection](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md) -- [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +- [Active Directory link](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md index 7499981f35..97fa927875 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md @@ -44,7 +44,7 @@ In addition, the smartcard certificate must of course also be valid on the serve ## Requirement For Fido2 it is mandatory that -SMTP ([Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md)) is configured. +SMTP ([Advanced settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/advanced_settings.md)) is configured. In addition, an e-mail address must be stored for the AD users. Furthermore, the URL of the Web Application must be stored in the Server Manager: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md index c45176f6a7..67a274545d 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md @@ -60,7 +60,7 @@ automatically deactivated after the user has successfully logged in and changed ### Security of passwords To guarantee that passwords are sufficiently strong, it is recommended that corresponding -[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) are created. It is +[Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) are created. It is especially important to ensure here that user names are excluded. The password rule then still needs to be defined as a user password rule. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md index 8ddd2d8284..e5eaca1d41 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md @@ -35,7 +35,7 @@ important that these rights exist before Multifactor Authentication is set up. ## Configuration of multifactor authentication -In the [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) module, you select the user and +In the [Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) module, you select the user and the interface "Multifactor authentication" in the ribbon. ![TOTP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_3-en.webp) @@ -76,7 +76,7 @@ Now just select the desired certificate from the list to confirm the process. ## Yubico One Time Password The configuration of multifactor authentication using Yubico One Time Password is described -in[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). +in[Multifactor Authentication](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). ## Delete Multifactor Authentication (MFA) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md index 7be3d97af0..b675535af4 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md @@ -36,7 +36,7 @@ As soon as the secret has been deposited and the password saved, the setup is co 1. Set up OTP 2. Create - [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) + [HTML WebViewer export](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) 3. Open the created HTML WebViewer How to use the HTML WebViewer can be read in the chapter with the same name. @@ -47,7 +47,7 @@ NOTE: The special feature of the Emergency WebViewer is that the stored OTP secr displayed. In order to use the One-Time-Password in the -[EmergencyWebViewer](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md) +[EmergencyWebViewer](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md) you have to proceed as follows: 1. Set up OTP diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md index 79b26a6621..e9dbc85a30 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md @@ -51,7 +51,7 @@ this endpoint. ## Configuring multifactor authentication for users Multifactor authentication can be configured in the Netwrix Password Secure client. It can be done -by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) +by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md) menu. In order to configure the Yubikey, simply select **Yubico OTP**. ![setup second factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_6-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md index 02c0ed46de..5b197a5b0f 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md @@ -37,28 +37,28 @@ remaining actions have already be explained for the password module. - **New organisational unit/user**: New organisational units or new users can be added via the ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right mouse button. Due to its complexity, there is a separate section for this function: - [User management](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md) + [User management](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md) - **Drag & Drop**: If this option has been activated, it is possible to move users or organisational units in list view via drag & drop - **Permissions**: The configuration of permissions within the organisational structure is important both for the administration of the structure and also as the basis for the permissions in accordance with - [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md). + [Inheritance from organisational structures](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md). The benefits of - [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) are + [Predefining rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) are explained in a separate section. - **Settings**: The settings can be configured for both users and also organisational units. More - information on [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md)… + information on [User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md)… - **Active Directory**: The connection to Active Directory is explained in a dedicated section - [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) + [Active Directory link](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) - **Microsoft Entra ID**: The connection to Microsoft Entra ID is explained in a dedicated section - **Multi Factor authentication**: Additional security during login is provided through positive authentication based on another factor. More on this subject… - **Reset password**: Administrators can reset the passwords with which users log in to Netwrix Password Secure to a defined value. Naturally, this is only possible if the connection to Active Directory is configured - via[End-to-end encryption](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the - alternative [Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the + via[End-to-end encryption](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the + alternative [Masterkey mode](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the authentication is linked to the correct entry of the AD password. NOTE: To reset a user password, membership for the user is a prerequisite. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md index 1a93abebea..ff72a34ad7 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md @@ -13,13 +13,13 @@ organisational structures. In addition, there are **two mechanisms** that direct permissions for organisational structures. 1. **Limiting visibility**: It was already explained in the section on - [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) + [Visibility](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) that selectively withholding information is a very effective - [Protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md). + [Protective mechanisms](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md). Configuration of the visibility is carried out directly when issuing permissions to organisational structures. 2. **Inheriting permissions for records**: - [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md) + [Inheritance from organisational structures](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md) is defined as a system standard. This means that there is no difference between the permissions for an organisational structure and the permissions for data that is stored in these organisational structures. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md index a78d1678c9..bad456d35f 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md @@ -35,7 +35,7 @@ The testing process using the heartbeat can be executed via various methods. The heartbeat is always carried out before the first resetting process using a Password Reset. After the script has run, the testing process is carried out again. Further information on this process -can also be found in the section [Rollback](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md). +can also be found in the section [Rollback](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md). ### Manual testing @@ -45,8 +45,8 @@ data**. The currently marked password is always tested. ### Automatic testing via the password settings It is also possible to configure the heartbeat to run cyclically. It can be configured either via -the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) or directly in the -[Password settings](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md). +the [User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md) or directly in the +[Password settings](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md). ## Results of the tests @@ -55,7 +55,7 @@ The results of the test can be viewed in the **passwords module**. ![result heartbeat](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/heartbeat/heartbeat_1-en.webp) The date when it was last executed can be seen at the top of the -[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). The success of the testing +[Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md). The success of the testing process is indicated alongside using a coloured icon. Further information can be displayed by moving the mouse over the icon. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md index 2a3c58fa5a..7726d669ff 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md @@ -8,7 +8,7 @@ sidebar_position: 40 ## Individual solutions using your own scripts -If your requirements cannot be met using the [Scripts](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible +If your requirements cannot be met using the [Scripts](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible to create your own Powershell scripts. These scripts need to meet certain requirements to be used in Netwrix Password Secure. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md index 9e3a039c62..66989e5558 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md @@ -23,4 +23,4 @@ You will then be asked if you actually want to perform this action. ## Managing the Recycle Bin The management of the recycle bin can be found in chapter -[Bin](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/trash.md). +[Bin](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/trash.md). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md index 49929697c6..903b67f780 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md @@ -42,14 +42,14 @@ between users and authorizations of any kind. ## Creating and granting permissions for new roles If you are in the **roles module**, the process for creating new roles is the same as for -[Creating new passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md). Roles can be created via the +[Creating new passwords](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md). Roles can be created via the ribbon and also via the context menu that is accessed using the right mouse button. ![creating new role](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_3-en.webp) ## Planning phase -Just like the [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md), +Just like the [Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md), you should also familiarize yourself with the intended role concepts. The mapping of structures present in a company is the starting point for the success of Netwrix Password Secure. You should design the roles in Netwrix Password Secure only once a detailed design has been drawn up, and all @@ -69,11 +69,11 @@ NOTE: This architecture makes nesting of roles obsolete. As well as being able to view the **members** in the permissions dialogue, a list of all members for a role is already made available in the -[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). All of the other users with +[Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md). All of the other users with permissions but without membership of the role are not taken into account. ![role overview](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_4-en.webp) NOTE: The roles module is based on the -[Roles module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md) of the Web +[Roles module](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md) of the Web Application. Both modules have a different scope and design but are almost identical to use. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md index b4f38d29cf..cbd4dd26ae 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md @@ -9,7 +9,7 @@ sidebar_position: 20 ## What is an account? Users can configure all user-specific information in their account. It should be noted that if the -[Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md) +[Masterkey mode](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md) process is used, user data will always be taken from Active Directory – editing this information in Netwrix Password Secure is thus not possible. @@ -19,7 +19,7 @@ Netwrix Password Secure is thus not possible. All of the information in the contact and address sections can be defined under “Edit profile”. Some areas of the profile overlap with the **management of users.** This information is explained in -[Managing users](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md). +[Managing users](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md). NOTE: No changes can be made to users that were imported from AD using Master Key mode. In this case, all information will be imported from AD. @@ -51,7 +51,7 @@ terminated. Multifactor authentication provides additional protection through a second login authentication using a hardware token. The configuration is carried out via the ribbon in the “Security” section. See also in -[Multifactor authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md) +[Multifactor authentication](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md) ![installation_with_parameters_124](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/installation_with_parameters_124.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md index f3eb6de3bb..4b64cbaac9 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md @@ -9,14 +9,14 @@ sidebar_position: 80 ## What is an export? An export is used for extracting the data saved in the MSSQL database. Both selective (manual) and -automated [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) can extract information from +automated [System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) can extract information from Netwrix Password Secure in this manner. **CAUTION:** Please note that extracting passwords is always associated with a weakening of the security concept. The informative value of the logbook will suffer when data is exported because the revision of this data will no longer be logged. This aspect needs to be taken into account particularly in conjunction with the Netwrix Password Secure -[Export wizard](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result is not separately secured +[Export wizard](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result is not separately secured by a password. The export function is accessed via the Main menu/Export. There are two fundamental types of export @@ -25,7 +25,7 @@ subcategories. ![installation_with_parameters_63](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_63.webp) -The [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) creates a HTML file +The [HTML WebViewer export](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) creates a HTML file protected by a password. In contrast, the export wizard creates an open and unprotected .csv file. ## Requirements diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md index bd0b2731a5..3da7f42246 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md @@ -20,7 +20,7 @@ remaining three wizards function in the same way. ## What is the password export wizard? This wizard allows records to be exported in standard.csv format. In contrast to the -[HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md), the resulting file is +[HTML WebViewer export](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md), the resulting file is not protected by a password. It goes without saying that this feature must be used carefully. ## Starting the password export wizard @@ -31,8 +31,8 @@ The export wizard can be accessed in a variety of different ways: for which the registered user has the required permissions. If the user is an administrator with permissions for all records, the export will include all passwords in the database. - **Starting via the ribbon:** The export can also be started via the - [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) in the - [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md) module. + [Ribbon](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md) in the + [Passwords](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md) module. ![Export ribbon](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_75-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md index 1b647773b8..1c56da98c4 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md @@ -10,7 +10,7 @@ sidebar_position: 10 The **WebViewer** is an option inNetwrix Password Secure for exporting passwords in an encrypted **HTML file**. The records are selected using the -[Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) function. The passwords for which the user +[Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md) function. The passwords for which the user has the corresponding permissions are exported. They are displayed in a current browse that has **JavaScript activated**. @@ -18,7 +18,7 @@ has the corresponding permissions are exported. They are displayed in a current - Naturally, the HTML WebViewer file is **encrypted** - The export of the file is protected using a corresponding - [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) + [User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md) - The user requires the **export right** for the passwords ## Required rights diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md index 8a61adb4c0..9f19ee94e9 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md @@ -14,10 +14,10 @@ work-saving features that in total simplify the process of working with Netwrix ![installation_with_parameters_77_517x414](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/installation_with_parameters_77_517x414.webp) -- [Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) -- [Password generator](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md) -- [Reports](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md) -- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) -- [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) -- [Tag manager](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md) -- [Image management](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md) +- [Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) +- [Password generator](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md) +- [Reports](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md) +- [System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) +- [Seal templates](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md) +- [Tag manager](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md) +- [Image management](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md index b177af37e5..9489f1950e 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md @@ -44,7 +44,7 @@ NOTE: If there are several deposited, always use the first one. 2. Manual filing -In the main menu in [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md) you can find the image management. Here, you have the +In the main menu in [Extras](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md) you can find the image management. Here, you have the possibility to store icons and logos manually. ![Image management](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_107-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md index a3ad8828e5..6388c732b4 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md @@ -52,7 +52,7 @@ separated and whether to use LeetSpeak. Password rule -Already defined[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) can be utilised for the +Already defined[Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) can be utilised for the automatic generation of new passwords ## Multigenerator diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md index a13e0f3ff4..0af1b5fa65 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md @@ -31,8 +31,8 @@ a separate tab in the currently active module. ![installation_with_parameters_98](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_98.webp) In this screenshot, a total of 3 password rules are shown. As the rule “Very secure password” has -been selected in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the -[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) on the right displays the +been selected in [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md), the +[Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md) on the right displays the configuration for this rule: - **General:** The Password length of 25 is the minimum number of characters that a password needs @@ -52,7 +52,7 @@ configuration for this rule: Once password rules have been defined, they can be productively used in two different ways: -- Use within the [Password generator](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md) +- Use within the [Password generator](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md) - Default for the password field in a form: When a password field is defined in a form, one of the defined password rules can be set as the diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md index 11695c9f73..e2ba5eac4d 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md @@ -10,12 +10,12 @@ sidebar_position: 30 Comprehensive reporting is an important component of the ongoing monitoring of processes in Netwrix Password Secure. Similar to selectively configurable -[Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md), reports also contain +[Notifications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md), reports also contain information that can be selectively defined. The difference is mainly the trigger. Notifications are linked to an event, which acts as the trigger for the notification. In contrast, reports enable tabular lists of freely definable actions to be produced at any selected time – the trigger is thus the creation of a report. This process can also be automated via -[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). +[System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ![reports](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_78-en.webp) @@ -29,7 +29,7 @@ contents are always the same. The filter on the left has no relevance in relation to reports. Although reports can also be “tagged” in theory, filtering has no effect on the reports. In -[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), there are currently three +[List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md), there are currently three configured report requests shown. #### Creating a report request diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md index dc3111ef56..d2755fbdfc 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md @@ -9,7 +9,7 @@ sidebar_position: 50 ## What are the seal templates? The configuration of -[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) must be +[Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) must be well-thought-out and error-free. It is absolutely essential to save the once-invested effort in the form of seal templates. The automation of ever-recurring tasks will, in this context, extremely speed up the timing of the work. Once defined, templates can be attached to data records in a few diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md index eaf537bab3..d267ef7c4b 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md @@ -9,7 +9,7 @@ sidebar_position: 10 ## What is an Emergency WebViewer export? Safeguarding data is essential and this should be carried out using -[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md). +[Backup management](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md). However, a backup is not sufficient in some cases e.g. if a backup cannot be directly restored due to a hardware problem. In these cases, **Netwrix Password Secure** offers the backup feature **Emergency WebViewer Export**. @@ -21,7 +21,7 @@ the core system of the backup mechanism. ## Creation of the file and key The **Emergency WebViewer Export** is created in Netwrix Password Secure as a -**[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task can be used to guarantee a regular backup of +**[System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task can be used to guarantee a regular backup of the records (passwords) by entering an interval. When setting up the system task, the user thus defines the cycle at which the **Emergency WebViewer.html file** is created on the Server Manager. The existing file is overwritten in each case by the latest version at the defined interval. The @@ -36,7 +36,7 @@ a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location! • Naturally, the HTML WebViewer file is encrypted • The export of the file is protected using a corresponding -[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) +[User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md) • The file can only be encrypted using the **PrivateKey.prvkey** file diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md index 5453fe4a64..421a9d28a8 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md @@ -10,7 +10,7 @@ sidebar_position: 60 All existing tags can be viewed, edited and deleted directly in the tag manager. This can be achieved via the filter, within the “Edit mode” of a data set as well as via the main menu under the -group [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md). +group [Extras](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md). ![how to open the tag manager](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/installation_with_parameters_103-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md index 6af89d4ad8..37b0c314de 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md @@ -17,7 +17,7 @@ Both variants can be set up in the import wizard, which is started via the Main ## Requirements Whether the user is permitted to import data is controlled by the corresponding -[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md). +[User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md). ![installation_with_parameters_58](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_58.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md index 7b0702b5b0..769c9c539f 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md @@ -13,11 +13,11 @@ This makes it easy to access the settings at any time and in any module. ![Main menu](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/installation_with_parameters_56-en.webp) -- [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md) -- [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) -- [General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md) -- [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) -- [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) -- [Administration](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md) -- [Import](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md) -- [Export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md) +- [Extras](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md) +- [Account](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md) +- [General settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md) +- [User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md) +- [User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md) +- [Administration](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md) +- [Import](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md) +- [Export](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md index 2561e4a79e..d59b1a129b 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md @@ -9,7 +9,7 @@ sidebar_position: 50 ## What are user rights? In the user rights, access to functionalities is configured. Amongst tother things, this category -includes both the visibility of individual [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md), as +includes both the visibility of individual [Client Module](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md), as well as the use of the import, export or management of rights templates functions. A complete listing is directly visible in the user rights. @@ -17,7 +17,7 @@ listing is directly visible in the user rights. Managing all user rights exclusively at the level of the user would be a time intensive process and thus require a disproportionate amount of care and maintenance. In the same way as with the -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md), +[Authorization and protection mechanisms](/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md), an approach can be used in which several users are grouped together. Nevertheless, it must still be possible to additionally address the specific requirements of individual users. Some functionalities, on the other hand, should be available to all users. In order to do this, Netwrix @@ -29,10 +29,10 @@ When it comes to user rights, the focus is always on the user. The user can rece one of the following three ways: 1. The **personal user right** only applies to a specific user. This is always configured via - the[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). + the[Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). **User rights to role**s apply to all members of a role and are specified in the -[Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) +[Roles](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md) 1. The **global user right** applies to all users of a database without exception. You can configure it in the client settings. @@ -52,7 +52,7 @@ rights can be removed. ## Configuring the security level The **security level** is an essential element that is also specified in the user rights. This is -the basis for the configuration of the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). +the basis for the configuration of the [User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md). ![installation_with_parameters_113](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_113.webp) @@ -60,7 +60,7 @@ the basis for the configuration of the [User settings](/docs/passwordsecure/9.2/ Due to the large number of possible configurations, the search function helps you to quickly find the desired configuration. This process is based as usual on the List -[Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md). +[Search](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md). ![installation_with_parameters_114](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_114.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md index 7cb5307c11..d03c2ec1a9 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md @@ -16,7 +16,7 @@ can thus be linked to the presence of the required security level. ## Managing user settings -You can configure user settings similarly to [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md). Here too, +You can configure user settings similarly to [User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md). Here too, there are a total of three possibilities with which a user can define his settings or be configured from another location. For the sake of easy manageability, it is again a good idea to configure the users not individually, but to provide several equal users with settings. @@ -45,9 +45,9 @@ If you leave the personal settings on the outside, there are two ways to inherit 1. Global inheritance 2. Inheritance on the basis of membership in organisational units (OU) -Global settings are configured as usual in the [Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md). The organisational +Global settings are configured as usual in the [Main menu](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md). The organisational units are inherited via the -[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). +[Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). All users who are assigned to an organisational unit inherit all user settings for this OU. In the present case, the users “Jones” and “Moore” inherit all settings from the “IT” organisational unit: @@ -55,7 +55,7 @@ present case, the users “Jones” and “Moore” inherit all settings from th The “Settings” button in the ribbon allows you to see the settings for both organisational units and users. The many setting options can be restricted by the known -[Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) mechanisms. +[Search](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md) mechanisms. ![installation_with_parameters_118](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_118.webp) @@ -74,6 +74,6 @@ combine similar options and thus make them available to the users. ![user settings](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_119-en.webp) -The [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) define who has the required permissions to change +The [User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md) define who has the required permissions to change which security levels. As with all rights, this is achieved either through global inheritance, the role, or as a right granted directly to the user. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md index 4b2456a7ff..81c8cfbada 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md @@ -14,12 +14,12 @@ customizable info area, which visually prepares important events or facts ![Dashboard](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_50-en.webp) -Dashboards are available in almost all [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md)s. A +Dashboards are available in almost all [Client Module](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md)s. A separate dashboard can be set for each individual module. **Widgets** correspond to the individual modules of the dashboard. There are various widgets, which can be individually defined and can be configured separately. In the above example, three widgets are enabled and provide information about current notifications, password quality, and user activity. The **maximum number of possible -widgets** is managed in the[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). +widgets** is managed in the[User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md). NOTE: You can close the dashboard using the button in the tab. You can open it again via **View** > **Show dashboard** in the ribbon. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md index d451dd06fa..9037fb3379 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md @@ -10,7 +10,7 @@ sidebar_position: 10 Some actions can be executed very efficiently using keyboard shortcuts. These are configured in the section of the same name within the **global -[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md)** +[User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md)** The following keyboard shortcuts are available: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md index e695bd900d..4775c589b8 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md @@ -9,7 +9,7 @@ sidebar_position: 20 ## Linking filters The two options for linking the filter criteria are very easy to explain using the example of -[Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md). The following options are available: +[Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md). The following options are available: 1. Logical “Or operator” @@ -38,7 +38,7 @@ for this example. ## Filter tab in the ribbon -The filter management can also be found in the [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). Here, it is +The filter management can also be found in the [Ribbon](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md). Here, it is possible e.g. to expand the currently configured filter criteria, save the filter, or simply clear all currently applied filters. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md index c59065536f..f8a301c2dc 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md @@ -8,7 +8,7 @@ sidebar_position: 10 ## What display modes exist? -In addition to the already described [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), it is possible to switch to structure +In addition to the already described [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md), it is possible to switch to structure view. This alternative view enables you to filter solely on the basis of the organisational structure. Although this type of filtering is also possible in standard filter view, you are able to directly see the complete organisational structure in structure view. @@ -24,7 +24,7 @@ choice for users who want to work in a highly structural-based manner. ## Relevant options -There are three relevant [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) +There are three relevant [User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md) associated with the display mode: ![installation_with_parameters_16](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_16.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md index 0020bfd37e..c66d4e1ae4 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md @@ -30,11 +30,11 @@ The filter is an indispensable working tool because of the possibility to restri according to individual requirements. Consequently, all users can use the filter. It is, of course, possible to place restrictions for filter criteria. This means that the filter criteria available to individual employees can be restricted by means of -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md). -For example, an employee can only filter for the [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) password +[Authorization and protection mechanisms](/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md). +For example, an employee can only filter for the [Forms](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md) password if he has the read permission for that form. -**CAUTION:** There are no permissions for [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md). This means that any employee can +**CAUTION:** There are no permissions for [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md). This means that any employee can use any tags. The display order in the filter is determined by the frequency of use. This process is not critical to security, since tags do not grant any permissions. They are merely a supportive measure for filtering. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md index 341779a1f7..70040b8c79 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md @@ -48,7 +48,7 @@ the detailed list view, similar to the procedure in Microsoft Outlook. All form ## Favourites Regularly used records can be marked as favourites. This process is carried out directly in the -[Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). A record marked as a favourite is indicated with a star in list view. +[Ribbon](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md). A record marked as a favourite is indicated with a star in list view. ![Favourite](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_29-en.webp) @@ -60,7 +60,7 @@ You can filter for favourites directly in the list view. For this purpose, simpl #### Othersymbols Every record displayed in list view has multiple icons on the right. These give feedback in colour -about both the password quality and the [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) used. Mouseover tooltips provide +about both the password quality and the [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md) used. Mouseover tooltips provide more precise details. ![installation_with_parameters_31](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_31.webp) @@ -88,4 +88,4 @@ separate tab, the list view is completely hidden NOTE: Working with data records depends of course on the type of the data record. Whether passwords, documents or organisational structures: The handling is partly very different. For more information, please refer to the respective sections on the individual -[Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md) +[Client Module](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md index 507921edcd..e62783a4ef 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md @@ -17,19 +17,19 @@ operating concept ensures efficient work and a minimum of training time. ![Dashboard](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation-and-setup-2-en.webp) -1. [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) +1. [Ribbon](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md) -2. [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) +2. [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md) -3. [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) +3. [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) -4. [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) +4. [Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md) -5. [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) +5. [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md) -6. [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) +6. [Search](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md) -7. [Dashboard and widgets    ](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md) +7. [Dashboard and widgets    ](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md) ## TABs @@ -67,31 +67,31 @@ information. ![installation_with_parameters_4](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/installation_with_parameters_4.webp) -- [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) -- [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) -- [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) -- [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) -- [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) -- [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) -- [Dashboard and widgets](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md) -- [Shortcut key](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md) +- [Ribbon](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md) +- [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md) +- [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) +- [Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md) +- [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md) +- [Search](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md) +- [Dashboard and widgets](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md) +- [Shortcut key](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md) ## Orientation It is possible to change the alignment of the following objects: -- [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) -- [Applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md) -- [Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md) -- [Reports](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md) -- [Documents](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md) -- [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) -- [Logbook](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md) -- [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) -- [Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) -- [Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) -- [Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) -- [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) -- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) +- [Active Directory link](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +- [Applications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md) +- [Notifications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md) +- [Reports](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md) +- [Documents](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md) +- [Forms](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md) +- [Logbook](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md) +- [Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +- [Password Reset](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md) +- [Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) +- [Roles](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md) +- [Seal templates](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md) +- [System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) - Forwarding Rules - Profil picture in the reading pane diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md index d9c546f3f2..27c4e3d631 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md @@ -11,7 +11,7 @@ sidebar_position: 40 The reading pane on the right side of the client always corresponds to the detailed view of the selected record in the list view and can be completely deactivated via the ribbon. In addition, you can configure here the arrangement of the reading pane – either on the right, or underneath the -[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md). +[List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md). ![Reading area](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_34-en.webp) @@ -26,10 +26,10 @@ The reading pane is divided into two areas: 1. Details area -Depending on which record you have selected in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the -corresponding fields are displayed here. In the header, the assigned [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md), as +Depending on which record you have selected in [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md), the +corresponding fields are displayed here. In the header, the assigned [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md), as well as the -[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +[Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) are displayed. **CAUTION:** It should be noted that the details area cannot be used for editing records! Although @@ -49,7 +49,7 @@ the quick view (space bar). Double clicking always opens a separate tab, the qui a modal window Visibility of the individual tabs within the footer section is secured via separate -[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md): +[User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md): ![installation_with_parameters_37](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_37.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md index 9eae4ce17f..1575524ec3 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md @@ -28,7 +28,7 @@ This ensures that the context menu can be kept lean. ## Access to the client main menu (backstage) The button at the top left of the ribbon provides access to the -[Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md): +[Main menu](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md): ![installation_with_parameters_7](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_7.webp) @@ -36,14 +36,14 @@ The button at the top left of the ribbon provides access to the There are tabs in the header area of the ribbon that summarize all available operations. By default, module-independent **Start, View, and Filter** is available. If the footer of the -[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) is opened (1), further tabs will be visible in the +[Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md) is opened (1), further tabs will be visible in the ribbon (2). These contain, according to the selection made in the footer, other possible actions. ![Ribbon Tabs](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_8-en.webp) #### Content tabs -Double-clicking on an object in the [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) opens a new tab with its +Double-clicking on an object in the [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) opens a new tab with its detailed view. Depending on which form field you have selected, the corresponding content tab opens in the ribbon. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md index 1e5e47d033..c408931d9d 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md @@ -18,7 +18,7 @@ currently open. This is a full-text search that scans all fields and tags except ![quick search](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_41-en.webp) -The fast search is closely linked to the [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), because search queries are +The fast search is closely linked to the [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md), because search queries are converted directly into one or several content filters. You can also separate search terms using spaces, for example, **Cook Daniel**. Note that this search creates two separate content filters, which are logically linked with “and” +. This means that both words must occur in the data record. @@ -38,7 +38,7 @@ swiss. The notation, which must be entered in the quick search, is: Delphi -swis 2. List search -With the list search in the header of the [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the results of the +With the list search in the header of the [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md), the results of the filter can be searched further. This type of search is available in almost every list. Scans only the currently filtered results. Password fields are not searched. The search is live, so the result is further refined with every additional character that is entered. Automatic “highlighting” takes diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md index 7d79a74def..95441490b0 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md @@ -11,7 +11,7 @@ sidebar_position: 10 The aim of organisational structures is to reflect the hierarchies and dependencies amongst employees that exist in a company. Permissions are granted to these structures as usual via the ribbon. Further information on this subject can be found in the section -[Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md). +[Permissions for organisational structures](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md). As a specific authorization concept is generally already used within organisational structures, this is also used as the basis for further permissions. This form of inheritance is technically equivalent to granting permissions based on **affiliations to a folder**. When creating a new @@ -83,7 +83,7 @@ The permissions for the “storage location” are simply used when creating new apply here: The value “organisational unit” must be selected in the settings for the inheritance of permissions -There must be no [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) for the +There must be no [Predefining rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) for the affected organisational structure This process is illustrated in the following diagram: ![process for inheritance of permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-7-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md index b08296717b..60a54252ea 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md @@ -9,7 +9,7 @@ sidebar_position: 10 ## What is the manual setting of permissions for records? In contrast to the -[Automated setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md), the +[Automated setting of permissions](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md), the manual approach does not utilize any automatic processes. This method of setting permissions is thus carried out separately for every record – this process is not as recommended for newly created data. If you want to work effectively in the long term, the automatic setting of permissions should be @@ -20,7 +20,7 @@ records. In the previous section, it was clarified that permissions are granted either directly to the user or to several users grouped in a role. With this knowledge, the permissions can be set manually. In -the [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md), there are three different ways to access +the [Passwords](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md), there are three different ways to access the permissions in the list view: 1. Icon in the ribbon @@ -34,14 +34,14 @@ or public. In case of personal data records, the user that is logged on is the o permissions! The author is created with all permissions for the record. As described in the -[Permission concept and protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md), you can now +[Permission concept and protective mechanisms](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md), you can now add roles and users. 'Right click - Add' inside the userlist or use the ribbon "User and roles" to add a user. The filter helps you to quickly find those users who should be granted permissions for the record in just a few steps. ![add user and role](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-2-en.webp) -The search [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md)opens in a separate tab and can be +The search [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md)opens in a separate tab and can be configured as usual. ![seach filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-3-en.webp) @@ -55,7 +55,7 @@ By default, all added users or roles receive only the “Read” permission on t permission at the beginning is sufficient to view the fields of the data record and to use the password. "Write" permission allows you to edit a data record. **The permission “Authorize” is necessary to authorize other users to the record**. This is also a requirement for -the[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). +the[Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). ![setting all permissions example](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-4-en.webp) @@ -77,7 +77,7 @@ the risk significantly. Of course, the correct configuration of these templates The “add" permission holds a special position in the authorization concept. This permission controls whether a user/role is permitted e.g. to create a new record within an organisational structure. Consequently, this permission can only be set in the -[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). +[Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). ## The owner permission diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md index 2d019fd069..0a39ed6221 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md @@ -10,7 +10,7 @@ sidebar_position: 20 As part of the manual modification of permissions, it is also possible to edit multiple records at the same time. Various mechanisms can be used to select the records to be edited. You are able to -select the records in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) or you can use +select the records in [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) or you can use the filter as part of the multiple editing function. Both scenarios are described below. ### User permissions for batch processing diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md index 8e12f145c5..8f8ccc8392 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md @@ -18,5 +18,5 @@ differentiated from other templates if you have a large number of right template Nevertheless, the use of right templates merely reduces the amount of work and still envisages the manual setting of permissions. Automatic process for the issuing of permissions also exist in Netwrix Password Secure and will be covered in the section -[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) and also under -"[Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md)". +[Predefining rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) and also under +"[Inheritance from organisational structures](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md)". diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md index ad2e840a53..2297a44571 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md @@ -9,14 +9,14 @@ sidebar_position: 40 ## What is the permission concept? With Netwrix Password Secure version 9 we provide the right solution to all conceivable demands -placed on it with regards to permission management. [Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) are a +placed on it with regards to permission management. [Roles](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md) are a great way to efficiently manage multiple users without losing the overview. We've created multiple methods to manually or automatically manage your permissions. More information can be seen in the chapter -[Multiple editing of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md) +[Multiple editing of permissions](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md) Alongside the definition of manual and automatic setting of permissions, the (optional) setting of -[Protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md) forms +[Protective mechanisms](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md) forms part of the authorization concept. The protective mechanisms are thus downstream of the permissions. The interrelationships between all of these elements are illustrated in the following diagram. @@ -117,8 +117,8 @@ As a member of a role, it must have at least the “read” right for the role! Similar to the previous section Permission concept and protective mechanisms for roles, the configuration of a role will be illustrated using two users. The configuration is performed in the -[Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md). By double-clicking on the role “IT-Consultants” in the -[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), you can open their detailed view. +[Roles](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md). By double-clicking on the role “IT-Consultants” in the +[List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md), you can open their detailed view. ![roles list view](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_5-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md index bbbd269e2b..699c7782ce 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md @@ -8,7 +8,7 @@ sidebar_position: 30 ## What are predefined rights? -[Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md) +[Permissions for organisational structures](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md) can be carried out separately for every record. Although this method enables you to very closely control every intended permission structure, it is not really efficient. On the one hand, there is too much configuration work involved, while on the other hand, there is a danger that people who @@ -16,18 +16,18 @@ should also receive permissions to access data are forgotten. In addition, many even have the right to set permissions. “Predefining rights” is a suitable method to simplify the permissions and reduce error rates by using automated processes. This page covers the configuration of predefined rights, please also refer to the sections -[Working with predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md) +[Working with predefined rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md) and their -[Scope of validity for predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md). +[Scope of validity for predefined rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md). ## Organisational structures as a basis -[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +[Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) can be very useful in many areas in Netwrix Password Secure. In this example, they provide the basic framework for the automated granting of rights. In the broadest sense, these organisational structures should always be entered in accordance with existing departments in a company. The following example specifically focuses on an IT department. The following 3 hierarchies -([Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md)) have been defined within this IT department: +([Roles](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md)) have been defined within this IT department: - **IT employee** - **IT manager** @@ -37,7 +37,7 @@ following example specifically focuses on an IT department. The following 3 hier In general, a senior employee is granted more extensive rights than those granted to a trainee. This hierarchy and the associated permission structure can be predefined. In the -O[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +O[Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) module, we now select those OUs (departments) for which rights should be predefined and select \*predefine rights” in the ribbon. @@ -54,7 +54,7 @@ mouse click). This was already completed in the example. The role **IT employee* permission", the **IT manager** also has the "write permission" and the capability of managing permissions. **Administrators** possess all available permissions. Configuration of the permission structures is explained in -[Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md). +[Manual setting of permissions](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md). ![example permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-3-en.webp) @@ -75,10 +75,10 @@ records. In the same way that permissions are defined within right templates, it is also possible to automatically set **tags**. Their configuration is carried out in the same way as issuing -[Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) for records. +[Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md) for records. ![tags for predefining rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-5-en.webp) This process ensures that a special tag is automatically issued when using a certain template group. Example cases can be found in the -[Working with predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md). +[Working with predefined rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md index 42eb68168d..0fc0f1becd 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md @@ -8,7 +8,7 @@ sidebar_position: 10 ## Using predefined rights when creating passwords -After you have configured [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md), you can then use them to +After you have configured [Predefining rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md), you can then use them to create new records. Proceed here as follows: - Select the password module @@ -33,7 +33,7 @@ granted for the roles “IT management” and also “Administrators”. **The u When using rights templates, the permissions to be granted can be very quickly classified via a **color table**. The actual permissions can also be viewed as usual via the -[Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). The following color key is used with the +[Ribbon](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md). The following color key is used with the associated permissions: | **Color** | **Permission** | @@ -52,9 +52,9 @@ management”. ## Conclusion -The [Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md) enables +The [Manual setting of permissions](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md) enables the configuration of rights for both existing and also new records. The option of -[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) represents a very efficient alternative. Instead of +[Predefining rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) represents a very efficient alternative. Instead of having to separately grant permissions for every record, a “preset” is defined once for each organisational structure. Once this has been done, it is sufficient in future to merely select the organisational structure when creating a record. The permissions are then set automatically. This diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md index 18cc6d0dfa..31cb339a38 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md @@ -24,7 +24,7 @@ The following option is required to apply password masking. ### Required permissions -In the same way as for the [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) configuration, the **authorize permission** +In the same way as for the [Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) configuration, the **authorize permission** for the record is required to apply or remove the masking. Users who have the **authorize permission** for a record can continue to use the record without limitations after applying password masking. Password masking only applies to users without the "can apply password masking" right. @@ -40,8 +40,8 @@ permission, but not the permission **authorize**. ### Password masking via form field permissions As an alternative, you can also apply password masking via the -[Form field permissions](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md). In the -[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) of a record, there is a separate +[Form field permissions](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md). In the +[List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) of a record, there is a separate button in the ribbon for that purpose. Ensure that the password field is highlighted. ![form field permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md index 908b0a48c9..b3faa425c3 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md @@ -15,16 +15,16 @@ certain information only available to selected employees. Nevertheless, it is st have protective mechanisms above and beyond the authorization concept in order to handle complex requirements. -- [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) is not separately configured but is instead directly +- [Visibility](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) is not separately configured but is instead directly controlled via the authorization concept (read permission). Nevertheless, it represents an important component within the existing protective mechanisms and is why a separate section has been dedicated to this subject. -- By configuring [Temporary permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md), it is +- By configuring [Temporary permissions](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md), it is possible to grant users or roles temporary access to data. -- [Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md) enables access to the system without +- [Password masking](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md) enables access to the system without having to reveal the passwords of users. The value of the password remains constantly hidden. - To link the release of highly sensitive access data to a double-check principle, it is possible to - use [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a + use [Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a release is possible down to a granular level and is always adaptable to individual requirements. The following diagram shows a summary of how the existing protective mechanisms are integrated into @@ -33,7 +33,7 @@ the authorization concept. ![protective mechanism diagram](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/protective_mechanisms-en.webp) In the interplay of the -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md), +[Authorization and protection mechanisms](/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md), almost all conceivable scenarios can be depicted. It is worth mentioning again that the authorization concept is already a very effective tool, with limited visibility of passwords and data records. This concept is present everywhere in Netwrix Password Secure, and will be explained diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md index c8a3dbcf17..674cdd9552 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md @@ -41,12 +41,12 @@ displayed to the users with the required permissions to issue the release. All user with the required permissions to issue the release will be notified that the user has requested the seal. This can be viewed via the module -[Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md), as well as in the Seal +[Notifications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md), as well as in the Seal overview. ## 2. Granting a release -The [Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) can be opened via the seal symbol in the +The [Seal overview](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) can be opened via the seal symbol in the ribbon directly from the mentioned notification. It is indicated by the corresponding icon that there is a need for action. All relevant data for a release are illustrated within the seal overview. The reason given in the release is also evident. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md index 8e9f6f2cf9..e39c9c212c 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md @@ -9,7 +9,7 @@ sidebar_position: 40 ## What are seals? Passwords are selectively made available to the different user groups by means of the -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md). +[Authorization and protection mechanisms](/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md). Nevertheless, there are many scenarios in which the ability to view and use a record should be linked to a release issued in advance. In this context, the seal is an effective protective mechanism. This multi-eye principle protects passwords by securing them with granular release @@ -59,7 +59,7 @@ the configuration of the seal. All objects that are sealed are displayed at the beginning. Depending on the data record, this can be one object, or several. It is also possible to use existing -[Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md). Optionally, you can +[Seal templates](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md). Optionally, you can enter a reason for each seal. #### 2. Multi-eye principle @@ -131,7 +131,7 @@ the breaking of a seal by a user, other users may still break it. #### 4. Saving the seal Before closing the wizard, it is possible to save the configuration for later use in the form of a -template. [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) can be +template. [Seal templates](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md) can be optionally provided with a description for the purpose of overview. ![save seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_9-en.webp) @@ -141,9 +141,9 @@ optionally provided with a description for the purpose of overview. The permissions already present on the data set form the basis for any complex seal configurations. It is freely definable which users have to go through a release mechanism before accessing the password. The roles, which may be granted, are freely definable. An always accessible -[Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) allows all authorized persons to view the current -state of the seals. The section on the[Release mechanism](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) +[Seal overview](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) allows all authorized persons to view the current +state of the seals. The section on the[Release mechanism](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) describes in detail the individual steps, from the initial release request to the final release. -- [Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) -- [Release mechanism](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) +- [Seal overview](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) +- [Release mechanism](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md index b5dac7e936..8c1ab52484 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md @@ -15,7 +15,7 @@ for a limited time, such as interns or trainees. ## Configuration When configuring the -[Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md), you can +[Manual setting of permissions](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md), you can specify a temporary release for each role. The start date as well as the end date is selected here. You can start the configuration using the **Extras** area in the ribbon. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md index c2263fb00e..b224f8dbc1 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md @@ -8,11 +8,11 @@ sidebar_position: 10 ## Visibility of data -The use of a [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) is generally the gateway to +The use of a [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md) is generally the gateway to displaying existing records. Nevertheless, this aspect of the visibility of the records is closely interwoven with the existing permissions structure. Naturally, a user can always only see those records for which they have at least a read Permission. This doctrine should always be taken into -consideration when handling records. [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) are not +consideration when handling records. [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md) are not subject to any permissions and can thus always be used as filter criteria. Nevertheless, the delivered results will only contain those records for which the user themselves actually has permissions. A good example here is the tag “personal record”. Every user can mark their own record diff --git a/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md b/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md index 2d54efaa6d..4fa7aecf05 100644 --- a/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md +++ b/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md @@ -11,9 +11,9 @@ sidebar_position: 60 The Autofill Add-on is responsible for the automatic entry of login data in applications. This enables logins without knowledge of the password, which can be a particularly valuable tool in combination with -[Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). +[Password masking](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). The -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md) +[Authorization and protection mechanisms](/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md) is used to define which users should receive access. However, the password remains hidden because it is entered by Netwrix Password Secure. diff --git a/docs/passwordsecure/9.3/configuration/basicview/basic_view.md b/docs/passwordsecure/9.3/configuration/basicview/basic_view.md index c116cadd9f..bca147482d 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/basic_view.md +++ b/docs/passwordsecure/9.3/configuration/basicview/basic_view.md @@ -22,10 +22,10 @@ ideal tool for the daily handling of passwords. You don’t need any special permission to use the Basic view. However, the handling of the Basic views can be set via rights and settings. Read more in chapter -[To do for Administration](/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md). +[To do for Administration](/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md). #### Installation The Basic view is installed directly with the Web Application, so you don’t need any special installation. For further information, visit the -chapter[Installation Client](/docs/passwordsecure/9.2/installation/installationclient/installation_client.md) +chapter[Installation Client](/docs/passwordsecure/9.3/installation/installationclient/installation_client.md) diff --git a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md index 37e8a2929a..b5253b7db6 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md +++ b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md @@ -54,7 +54,7 @@ FullClient. By clicking on the application, the end user can easily generate sec able to use the application, the user needs at least the authorization to **read**. Further information on this topic can be found in the chapter -[Applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md). +[Applications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md). ![installation_with_parameters_155](/images/passwordsecure/9.2/configuration/basic_view/administration/installation_with_parameters_155.webp) diff --git a/docs/passwordsecure/9.3/configuration/basicview/view.md b/docs/passwordsecure/9.3/configuration/basicview/view.md index 767a5adf8d..8c8b27209d 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/view.md +++ b/docs/passwordsecure/9.3/configuration/basicview/view.md @@ -60,5 +60,5 @@ Please point this out to your in-house administrator if this is not the case for Usually, the setup of logos/icons in the i**mage management** is done by the in-house administration. You can learn more about this in the FullClient -[Image management](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md) +[Image management](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md) documentation. diff --git a/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md b/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md index 3a25c23cf1..0bc1f16d00 100644 --- a/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md +++ b/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md @@ -44,7 +44,7 @@ are used to enter information into the fields. It thus assigns fields in the rec associated fields on the website. This mapping process only needs to be configured once. The applications is responsible for entering data in the fields on the website from then on. In the following example, the data entry process is carried out from the client. Naturally, this is also -possible via [Browser Add-ons](/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. +possible via [Browser Add-ons](/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. ![installation_with_parameters_143](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_143.webp) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md b/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md index 3434337653..5bcbe95af7 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md @@ -52,7 +52,7 @@ Synchronize now Starts the synchronization. This can also be started outside the settings at any time by simply swiping down. More information can also be found in the chapter -[Synchronization](/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md). +[Synchronization](/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md). Fix sync errors diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md index 8ca97ed796..802549b9a1 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md @@ -23,12 +23,12 @@ The **Netwrix Password Secure Apps** can be installed on the following systems: **Web Application**: Since the app connects via the Web Application, it is mandatory to have it installed. The documentation of the Web Application installation can be seen in the chapter -[Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) +[Installation Web Application](/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md) **Port**: The connection is made via https port 443, which must be enabled on the server side. -[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md)**:** The users need the +[User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md)**:** The users need the right **Can synchronize with mobile devices.** -[Database properties](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md): It must +[Database properties](/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md): It must be ensured that the Enable mobile synchronization option is set. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md index 23b7acbd93..ee79e122dc 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md @@ -9,16 +9,16 @@ sidebar_position: 20 ## Requirements Netwrix Password Secure Mobile Apps automatically synchronize with an existing Netwrix Password -Secure database. The [Web Application](/docs/passwordsecure/9.2/configuration/webapplication/web_application.md) is used as the +Secure database. The [Web Application](/docs/passwordsecure/9.3/configuration/webapplication/web_application.md) is used as the interface for this. This must therefore be installed. In addition, the database must be enabled for -use with mobile devices on the [Server Manager](/docs/passwordsecure/9.2/configuration/servermanger/server_manger.md). +use with mobile devices on the [Server Manager](/docs/passwordsecure/9.3/configuration/servermanger/server_manger.md). #### Setup and configuration The setup and initial configuration of the **Netwrix Password Secure App** is explained in the following chapters: -- [Installation of the App / Requirements](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md) -- [Linking the database](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md) -- [Biometric login](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/biometric_login.md) -- [Setting up autofill](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md) +- [Installation of the App / Requirements](/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md) +- [Linking the database](/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md) +- [Biometric login](/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/biometric_login.md) +- [Setting up autofill](/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md b/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md index 4fd773198b..9fde565ded 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md @@ -13,7 +13,7 @@ automatically synchronized in the background. Synchronization logic First of all, it is important to note how the synchronization has been configured in the -[Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md). A prerequisite for successful synchronization is that +[Settings](/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md). A prerequisite for successful synchronization is that the configured connection is available. This is done via https port 443, which must be enabled on the server side. Once the prerequisites have been met, there are the following triggers for synchronization: @@ -37,4 +37,4 @@ on both devices. Settings for synchronization -The configuration is described in the chapter [Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md) +The configuration is described in the chapter [Settings](/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md) diff --git a/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md b/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md index c84bc3ada2..2506a5bbb2 100644 --- a/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md +++ b/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md @@ -10,7 +10,7 @@ sidebar_position: 90 The Offline Add-on enables you to work without an active connection to the Netwrix Password Secure server. If the corresponding setting has been configured -([Setup and sync](/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md)), the local copy of the server database will be +([Setup and sync](/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md)), the local copy of the server database will be automatically synchronized according to freely definable cycles. This ensures that you can always use a (relatively) up-to-date version of the database offline. @@ -31,22 +31,22 @@ together with the creation of the offline database. #### Operation Operation of the Offline Add-on is generally based on the -[Operation and setup](/docs/passwordsecure/9.2/configuration/servermanger/operation_and_setup_admin_client.md). +[Operation and setup](/docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md). Since the Offline Add-on only has a limited range of functions, the following must be taken into account with regards to its operation: - There is no dashboard - Only the password module is available - The filter is not available. Records are found using the - [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) + [Search](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md) - The automatic login data entry can be performed via the - [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md), independently of the Offline Add-on + [Autofill Add-on](/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md), independently of the Offline Add-on ![Offline Client](/images/passwordsecure/9.2/configuration/offlineclient/installation_with_parameters_264-en.webp) #### What data is synchronised? -[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) +[Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) enhance the security concept in Netwrix Password Secure to include a double-check principle that can be defined in fine detail. This means that releases for protected information are linked to the positive authentication of one or more users. Naturally, it is not possible to issue these releases diff --git a/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md b/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md index b6952b8eff..49b488296d 100644 --- a/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md +++ b/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md @@ -22,8 +22,8 @@ initially created. ![Properties](/images/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_265-en.webp) You will find further information on this subject in the -sections:[ Creating databases](/docs/passwordsecure/9.2/configuration/servermanger/creating_databases.md) and -[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md) +sections:[ Creating databases](/docs/passwordsecure/9.3/configuration/servermanger/creating_databases.md) and +[Managing databases](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md) User rights @@ -51,7 +51,7 @@ possible to use several offline databases with an Offline Add-on. In order to keep the data always consistent, the offline database must be synchronized regularly. Synchronization is automatically performed by the client in the background. The interval can be freely configured in the -[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). The synchronization is +[User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md). The synchronization is completed every 30 minutes by default. When creating and editing records, it is also possible to synchronize outside of the synchronization cycle so that the changes are directly available offline. In addition, the synchronization can also be started manually in Backstage via “Account”. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md index b1f309272b..13df4862f7 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md @@ -14,11 +14,11 @@ that they are carefully backed up. The individual certificates are described in the following sections: -- [SSL connection certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/ssl_connection_certificates.md) -- [Database certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/database_certificates.md) -- [Master Key certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/master_key_certificates.md) -- [Discovery service certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/discovery_service_certificates.md)s -- [Password Reset certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/password_reset_certificates.md) +- [SSL connection certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md) +- [Database certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md) +- [Master Key certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md) +- [Discovery service certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md)s +- [Password Reset certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md) ## Calling up the certificate manager diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md index 2ff1335128..88941c3314 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/database_certificates.md @@ -29,5 +29,5 @@ is also transferred! #### Exporting and importing the certificate -The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) explains how to back up the certificate and link it +The section [Certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md) explains how to back up the certificate and link it again. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md index 2893c1015f..8e6f9c197a 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/discovery_service_certificates.md @@ -22,5 +22,5 @@ service certificate is also transferred!** #### Exporting and importing the certificate -The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md)explains how to back up the certificate and link it +The section [Certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md)explains how to back up the certificate and link it again. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md index 60718982c5..6022c03417 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/master_key_certificates.md @@ -9,7 +9,7 @@ sidebar_position: 30 #### What is a Master Key certificate? If Active Directory is accessed via -[Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), +[Masterkey mode](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), a certificate will be created. This has the name Active Directory: Domain: diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md index 3da923a725..2634f3be7a 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/password_reset_certificates.md @@ -8,7 +8,7 @@ sidebar_position: 50 ## What is a Netwrix Password Secure certificate? -If a [Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) is created, +If a [Password Reset](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md) is created, a corresponding certificate is created. This ensures that the passwords are transferred in encrypted form. @@ -24,5 +24,5 @@ Reset certificate is also transferred! #### Exporting and importing the certificate -The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md)explains how to back up the certificate and link it +The section [Certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md)explains how to back up the certificate and link it again. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md b/docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md index 913e0db69e..82669ab9b8 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/certificates/ssl_connection_certificates.md @@ -45,7 +45,7 @@ NOTE: All information (including the IP address) are stored as DNS name. #### Using the Netwrix Password Secure certificate The name of the PSR certificate is **PSR8Server**. This can be done via the -[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md) in the AdminConsole. The +[Basic configuration](/docs/passwordsecure/9.3/configuration/servermanger/basic_configuration.md) in the AdminConsole. The certificate is saved locally under: Local computer -> own certificates -> certificates @@ -87,7 +87,7 @@ NOTE: The user logged in to the operating system requires rights to create certi #### Using your own certificate If a CA already exists, you can also use your own certificate. You can specify this within the -[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md). Please note that a server +[Basic configuration](/docs/passwordsecure/9.3/configuration/servermanger/basic_configuration.md). Please note that a server certificate for SSL encryption is used here. The CA must be configured so that all clients trust the certificate. It is necessary to adhere to the certification path. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md index 3a1bb58f3c..5691a639db 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md @@ -15,9 +15,9 @@ database is required. The following options can be edited: -- [General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md) -- [Syslog](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md) -- [Database firewall](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_firewall.md) +- [General settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md) +- [Syslog](/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md) +- [Database firewall](/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_firewall.md) General Settings diff --git a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md index 38d474602d..cdef69d3b5 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/syslog.md @@ -7,7 +7,7 @@ sidebar_position: 20 # Syslog If desired, the server logs and also the -**[Logbook](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md)** can be transferred to a Syslog +**[Logbook](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md)** can be transferred to a Syslog server. Double clicking on a database allows you to access its settings. The corresponding menu items can be found there. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md index 5373a6bb33..38781c1b96 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md @@ -29,7 +29,7 @@ created once a week. Creating a backup schedule You can create a new schedule via the ribbon. This is facilitated by a wizard. All the information -entered under [Backup settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md) will be used by default. +entered under [Backup settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_settings.md) will be used by default. A profile name is entered first. The desired databases are also selected. You also need to specify the directory for the backups. @@ -51,7 +51,7 @@ with a corresponding name and password. In addition, you can enter here whether the required certificates should be saved using a backup task. Further information can be found in the section -[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md). +[Certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md). ![installation_with_parameters_259](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_259.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md index cecd1d6234..3205a682fe 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md @@ -22,7 +22,7 @@ Creating backups It is of course essential in the event of a disaster that you can access a backup that is as up-to-date as possible. Therefore, it is necessary to regularly create -[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md). +[Backup management](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md). Who is responsible in the event of a disaster? @@ -44,10 +44,10 @@ Furthermore, it must be ensured that the responsible user has access to these pa times. The following options are possible: - Store the passwords in the company safe -- Create corresponding [Offline Add-on](/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md) +- Create corresponding [Offline Add-on](/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md) - Periodically create a HTML WebViewer file with automatic delivery via a system task including e-mail forwarding which can be configured in - [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) + [Account](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md) #### Disaster scenarios diff --git a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/main_menu.md b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/main_menu.md index 3226dfa20b..7612421e77 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/main_menu.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/main_menu.md @@ -9,10 +9,10 @@ sidebar_position: 90 ## What is the main menu? The operation and structure of the Main menu/Backstage menu is the same for the -[Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md) on the client. This area can be used +[Main menu](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md) on the client. This area can be used independently of the currently selected module. -- [General settings](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/general_settings_admin_client.md) -- [Backup settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md) -- [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md) -- [Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) +- [General settings](/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/general_settings_admin_client.md) +- [Backup settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_settings.md) +- [License settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/license_settings.md) +- [Advanced settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/advanced_settings.md) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/database_settings.md b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/database_settings.md index 2828ad39dc..a70d518117 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/database_settings.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/database_settings.md @@ -16,9 +16,9 @@ open. You can now make the following settings: - Authentication -- [Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md) -- [Session timeout     ](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md) -- [HSM connection via PKCS # 11](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md) +- [Multifactor Authentication](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md) +- [Session timeout     ](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md) +- [HSM connection via PKCS # 11](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md) - Automatic cleanup - SAML configuration - Deletion of users diff --git a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md index a95cfae9f0..59344efe61 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/managing_databases.md @@ -27,7 +27,7 @@ required service, specify the respective access data. You must also configure va this case, you can specify on the client which methods will be used by the individual users. Further information on this subject can be found in the -section[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). +section[Multifactor Authentication](/docs/passwordsecure/9.3/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). PKCS#11 diff --git a/docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md b/docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md index 8e37b45aba..4fc2f23079 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/operation_and_setup_admin_client.md @@ -11,7 +11,7 @@ sidebar_position: 80 The structure of the Server Manager is based to a high degree on the structure of the actual client. The control elements such as the ribbon and the info and detail areas can be derived from the section dealing with the -client([Operation and Setup](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md)). +client([Operation and Setup](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md)). NOTE: An initial password is required for the first login on Server Manager. The password is “admin”. This password should be changed directly after login and carefully documented. diff --git a/docs/passwordsecure/9.3/configuration/servermanger/server_manger.md b/docs/passwordsecure/9.3/configuration/servermanger/server_manger.md index 5e109a9826..b2c1407f2c 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/server_manger.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/server_manger.md @@ -12,7 +12,7 @@ The Server Manager takes care of the central administration of the databases as configuration of the backup profiles. In addition, it provides the very important interface to the Netwrix Password Secure license server. Furthermore, it is used for the administration of globally defined settings, as well as the configuration of profiles for sending emails. -[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md) +[Installation Server Manager](/docs/passwordsecure/9.3/installation/installation_server_manager.md) ![Admin Client](/images/passwordsecure/9.2/configuration/server_manager/installation_with_parameters_187-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md b/docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md index db720c7097..b405fb24cc 100644 --- a/docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md +++ b/docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md @@ -16,7 +16,7 @@ individual points can also be changed later on. Separate sections are available The first step is to define the authentication password for the Server Manager. The initial password is “admin”. A new password needs to be entered during startup – this new password should be securely and properly documented. It can be subsequently changed in the -[General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md). +[General settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md). ![setup-wizard-ac-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-en.webp) @@ -25,7 +25,7 @@ NOTE: The initial password is “admin”. #### License settings The second step is to complete the configuration for successively connecting to the licence server. -This step can also be carried out later “in the [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md) +This step can also be carried out later “in the [License settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/license_settings.md) ![setup-wizard-ac-2-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-2-en.webp) @@ -39,7 +39,7 @@ the corresponding button. #### Database server The configuration of the database server is also part of the -[Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) and can also be edited there later on. +[Advanced settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/advanced_settings.md) and can also be edited there later on. ![setup-wizard-ac-3-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-3-en.webp) @@ -53,7 +53,7 @@ The “Advanced” button allows you to specify a **Connection String.** #### SMTP server The last step is to configure the SMTP server via which all emails are sent. This is also part of -the [Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) should it be necessary to make changes +the [Advanced settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/advanced_settings.md) should it be necessary to make changes later on. ![setup-wizard-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-4-en.webp) @@ -70,5 +70,5 @@ module that need to be confirmed. **CAUTION:** It is recommended that you only confirm the security notes when the corresponding point has actually been carried out. It is absolutely essential to ensure that regular -[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md) are created -and the [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) are backed up. +[Backup management](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md) are created +and the [Certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md) are backed up. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md b/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md index 4def61d070..9c1d8d169a 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md @@ -23,7 +23,7 @@ Password masking The password masking follows the familiar logic of the client. Due to this function, reference should be made to the chapter of -[Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). +[Password masking](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). There are marginal differences in the operation. The privacy protection is fixed or edited via a button in the extended menu.. @@ -40,7 +40,7 @@ Seal The seals also correspond in function to the known logic of the client. In the chapter seal further explanations can be found. The -[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) +[Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) are configured in the extended menu via a button. ![installation_with_parameters_185](/images/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/installation_with_parameters_185.webp) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md index c05b876c01..9e3b2794bb 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md @@ -17,12 +17,12 @@ described in their own subsections. #### Functions in the individual modules -- [Password module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md) -- [Tag system](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md) -- [Organisational structure module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md) -- [Roles module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md) -- [Forms module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md) -- [Notifications](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/notifications.md) -- [Logbook](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md) -- [Application](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md) -- [Documents](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md) +- [Password module](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md) +- [Tag system](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md) +- [Organisational structure module](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md) +- [Roles module](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md) +- [Forms module](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md) +- [Notifications](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/notifications.md) +- [Logbook](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md) +- [Application](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md) +- [Documents](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md index 63e7052b7c..ab685e1169 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md @@ -24,7 +24,7 @@ name. Both modules have a different scope and design but are almost identical to ## AD connection in the Web Application The Active Directory connection in the Web Application works similiar to the Client. In the chapter -[Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +[Active Directory link](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) you can find further information. ![Organisational structure WebClient](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_160-en.webp) @@ -40,7 +40,7 @@ The Web Application offers the following functions: You can reach the Radius server, if the import is in the Masterkey mode. The Radius server will be provided in the Active Directory profile and will therefore deliver the possible authentication methods in future. You will find further informations in the -[RADIUS authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md) +[RADIUS authentication](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md) chapter. ![installation_with_parameters_161](/images/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_161.webp) @@ -48,7 +48,7 @@ chapter. ###### Predefining rights To **predefine rights** in the Web Application, the procedure is the same as in the Client. -[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md)) +[Predefining rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md)) Go to the module organisational structure to choose the organisation unit for which the rights shall be predefined. Then choose **Predefine rights** in the menu bar. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md index e582734d02..0a91f33e27 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md @@ -14,7 +14,7 @@ purpose, the following buttons are available on the navigation bar 1. Filter The filter on the Web Application is based on the -[Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md). Therefore, only those +[Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md). Therefore, only those characteristics specific to the Web Application will be described here. Using the filter diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md index fe41a907eb..38e8066e14 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md @@ -41,4 +41,4 @@ clicking on it. The user who is currently logged in can be seen under account. You can log out by clicking on the account. It is also possible to call up the settings in -[Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md). +[Account](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md). diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md index e33ac8612d..1420236c23 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md @@ -11,7 +11,7 @@ sidebar_position: 50 The central element of the navigation in the Web Application is list view, which clearly presents the filtered elements. As list view in the Web Application provides the same functions as list view in the client, we refer you at this point to the -[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) section. +[List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) section. ![installation_with_parameters_176](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/list_view/installation_with_parameters_176.webp) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md index 1140cc9506..b01fd05742 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md @@ -84,10 +84,10 @@ advanced menu contains all functions. All of the additional functions can be found here. These functions correspond to the main client and will be described in the next section: -[Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md) +[Passwords](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md) 7. Password Reset The functions of the -[Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) can be found +[Password Reset](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md) can be found here. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md index 4b8b839771..c12b4acbc8 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Settings -The settings are called up via the [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are +The settings are called up via the [Navigation bar](/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are available: #### Language @@ -55,8 +55,8 @@ The following options can be managed via this menu item: - User settings The management of these settings is based on the client. Further information can be found under -global [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) and -[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) +global [User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md) and +[User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md) The following settings are not available on the Web Application: diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md index e9eab3a3da..ced8d40187 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md @@ -55,31 +55,31 @@ The Web Application is split into a number of sections that are described below. ![Operation](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/installation_with_parameters_168-en.webp) -1. [Header](/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md) +1. [Header](/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md) The header provides access to some essential functions. -2. [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md) +2. [Navigation bar](/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md) It is possible to switch between module and filter view on the navigation bar. -3. [Filter or structure area](/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md) +3. [Filter or structure area](/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md) As is also the case on the client, it is possible to select between filter and structure. -4. [Menu](/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md) +4. [Menu](/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md) The ribbon on the client has been replaced by a menu bar on the Web Application. -5. [List view](/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md) +5. [List view](/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md) The records currently selected using the filter can be viewed in list view. -6. [Reading pane](/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md) +6. [Reading pane](/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md) The reading pane shows you details about the relevantly selected element. -7. [Footer](/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md) +7. [Footer](/docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md) Various information about the record is displayed in the footer. For example, logbook entries or the history. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md index 3363bf7979..2afabe6ccc 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md @@ -10,7 +10,7 @@ sidebar_position: 60 As with the list view, the reading pane on the Web Application is almost identical to that on the client. Therefore, we also refer you here to the corresponding -[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) section. +[Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md) section. ![reading_pane](/images/passwordsecure/9.2/configuration/web_applicaiton/operation/reading_pane/reading_pane.webp) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/web_application.md b/docs/passwordsecure/9.3/configuration/webapplication/web_application.md index 853d714743..388c0fcc04 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/web_application.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/web_application.md @@ -13,7 +13,7 @@ Secure version** **8.3.0. The completely newly developed \*Web Application** wil for the constant enhancement of the functional scope. The desired objective is to also provide the full functional scope of the client in the Web Application. The **Web Application** will thus be constantly enhanced. All of the currently available functions can be viewed in the -[Functional scope](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/functional_scope.md) section. +[Functional scope](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md) section. ![WebClient](/images/passwordsecure/9.2/configuration/web_applicaiton/installation_with_parameters_159.webp) @@ -25,4 +25,4 @@ responsive design, it can also be used on all mobile devices such as tablets and The **Web Application** is based both optically and also in its operation on the Netwrix Password Secure client. As usual, users can only access the data for which they also have permissions. The installation is described in the section -[Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) +[Installation Web Application](/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md) diff --git a/docs/passwordsecure/9.3/enduser/createnewentry.md b/docs/passwordsecure/9.3/enduser/createnewentry.md index b1555eb7aa..0773246a8e 100644 --- a/docs/passwordsecure/9.3/enduser/createnewentry.md +++ b/docs/passwordsecure/9.3/enduser/createnewentry.md @@ -39,7 +39,7 @@ Step 3 – Let`s fill out the website form in this example. (high number). The password generator will open. NOTE: To learn more about the generating of passwords, see the -[Clean up Your Passwords](/docs/passwordsecure/9.2/enduser/cleanuppasswords.md) topic for additional information. +[Clean up Your Passwords](/docs/passwordsecure/9.3/enduser/cleanuppasswords.md) topic for additional information. ![password](/images/passwordsecure/9.2/enduser/password.webp) diff --git a/docs/passwordsecure/9.3/installation/installation_server_manager.md b/docs/passwordsecure/9.3/installation/installation_server_manager.md index 6b75d3b922..0a90111f77 100644 --- a/docs/passwordsecure/9.3/installation/installation_server_manager.md +++ b/docs/passwordsecure/9.3/installation/installation_server_manager.md @@ -9,7 +9,7 @@ sidebar_position: 20 ## Guide The MSI installation files and the associated -[Application server](/docs/passwordsecure/9.2/installation/requirements/application_server.md) can be found in the corresponding +[Application server](/docs/passwordsecure/9.3/installation/requirements/application_server.md) can be found in the corresponding sections. The following step-by-step guide will accompany you through the wizards. ![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-1-en.webp) @@ -21,7 +21,7 @@ First you are required to read and accept the license terms. These can also be p The next step is to define the location. The suggested location can be retained. If you want to use Netwrix Password Secure as an identity provider -[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) +[Configuration of SAML](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) must be selected. Otherwise, it will not be installed. ![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-3-en.webp) diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/installation_browser_add-on.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/installation_browser_add-on.md index 4da7a236b8..7cdf1f2a39 100644 --- a/docs/passwordsecure/9.3/installation/installationbrowseraddon/installation_browser_add-on.md +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/installation_browser_add-on.md @@ -8,7 +8,7 @@ sidebar_position: 50 Following browser extensions can be installed:  -- [Google Chrome](/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md) -- [Microsoft Edge](/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md) -- [Mozilla Firefox](/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md) -- [Safari](/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md) +- [Google Chrome](/docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md) +- [Microsoft Edge](/docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md) +- [Mozilla Firefox](/docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md) +- [Safari](/docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md) diff --git a/docs/passwordsecure/9.3/installation/installationclient/installation_client.md b/docs/passwordsecure/9.3/installation/installationclient/installation_client.md index 97b53020d8..f732f49d5b 100644 --- a/docs/passwordsecure/9.3/installation/installationclient/installation_client.md +++ b/docs/passwordsecure/9.3/installation/installationclient/installation_client.md @@ -9,7 +9,7 @@ sidebar_position: 30 ## Guide The MSI installation files and the associated -[Client configuration](/docs/passwordsecure/9.2/installation/requirements/client_configuration.md) can be found in the corresponding +[Client configuration](/docs/passwordsecure/9.3/installation/requirements/client_configuration.md) can be found in the corresponding sections. The following step-by-step guide will accompany you through the wizards. ![installation wizard page 1](/images/passwordsecure/9.2/installation/installation_client/installation-client-1-en.webp) diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md b/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md index 3b05c8d6b9..2d9627ce52 100644 --- a/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md @@ -13,7 +13,7 @@ relevant for further updates. ### System requirements -Please ensured that all [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md) requirements have been met. +Please ensured that all [Webserver](/docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md) requirements have been met. ### SSL certificate diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_history.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_history.md index 4c51cf7b85..cc25f5b553 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_history.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_history.md @@ -9,22 +9,22 @@ sidebar_position: 30 The previously released versions and the corresponding changelogs can be found in the following sections. -- [Version 9.2.1.32530](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md) +- [Version 9.2.1.32530](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md) -- [Version 9.2.0.32454](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.0.32454.md) +- [Version 9.2.0.32454](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.0.32454.md) -- [Version 9.1.3.31365](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md) +- [Version 9.1.3.31365](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md) -- [Version 9.1.2.31276](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md) +- [Version 9.1.2.31276](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md) -- [Version 9.1.1.31138](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.1.31138.md) +- [Version 9.1.1.31138](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.1.31138.md) -- [Version 9.1.0.30996](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md) +- [Version 9.1.0.30996](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md) -- [Version 9.0.3.30606](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.3.30606.md) +- [Version 9.0.3.30606](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.3.30606.md) -- [Version 9.0.2.30602](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.2.30602.md) +- [Version 9.0.2.30602](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.2.30602.md) -- [Version 9.0.1.30479](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md) +- [Version 9.0.1.30479](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md) -- [Version 9.0.0.30423](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.0.30423.md) +- [Version 9.0.0.30423](/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.0.30423.md) diff --git a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration.md b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration.md index a153677b72..d4f65959ee 100644 --- a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration.md +++ b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration.md @@ -9,5 +9,5 @@ sidebar_position: 30 For a better overview the ECC migration is organized in two sections. One for the administrators and one for the end user: -- [Admin Manual](/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md) -- [User Manual](/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md) +- [Admin Manual](/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md) +- [User Manual](/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md) diff --git a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md index 00a890cd92..5776412424 100644 --- a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md +++ b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md @@ -11,7 +11,7 @@ sidebar_position: 10 Before you execute the migration, you must ensure that the following preparations have been made: - Installation of the latest Netwrix Password Secure-Server, Native Client and Web Client -- Check in the [Database properties](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md) if the **offline +- Check in the [Database properties](/docs/passwordsecure/9.3/configuration/servermanger/databaseproperties/database_properties.md) if the **offline access** and the **mobile synchronization** are allowed If that should be the case, **contact your users and make sure that they have to synchronize the Offline Add-on and the mobile app**. diff --git a/docs/passwordsecure/9.3/maintenance/moving_the_server.md b/docs/passwordsecure/9.3/maintenance/moving_the_server.md index e9a3b9d153..afd82dfd11 100644 --- a/docs/passwordsecure/9.3/maintenance/moving_the_server.md +++ b/docs/passwordsecure/9.3/maintenance/moving_the_server.md @@ -14,26 +14,26 @@ It is necessary to make some preparations so that the move can be completed with If the SQL server and the application server are on the same machine, the SQL server should be installed on the new machine first. It is necessary to observe the -[MSSQL Server](/docs/passwordsecure/9.2/installation/requirements/mssql_server.md) for this process. +[MSSQL Server](/docs/passwordsecure/9.3/installation/requirements/mssql_server.md) for this process. #### 2. Installing the server The Netwrix Password Secure application server is installed next (see -[Application server](/docs/passwordsecure/9.2/installation/requirements/application_server.md)). The installation itself +[Application server](/docs/passwordsecure/9.3/installation/requirements/application_server.md)). The installation itself is described under -[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md). +[Installation Server Manager](/docs/passwordsecure/9.3/installation/installation_server_manager.md). #### 3. Basic configuration After the server has been installed, the -[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md) is +[Basic configuration](/docs/passwordsecure/9.3/configuration/servermanger/basic_configuration.md) is completed. A new configuration database will be created on the SQL server as a result. If you want to retain the old SQL server, it is necessary to give the configuration database a new name. #### 4. Deactivating the old server The license first needs to be deactivated before it can be activated on the new server (see options -under [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md). Now stop +under [License settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/license_settings.md). Now stop the server so that nothing more can be changed in the database. ## Backing up the data @@ -57,7 +57,7 @@ selected in the following window. #### 3. Backing up the server certificate It is essential that the all available -[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) are backed up. +[Certificates](/docs/passwordsecure/9.3/configuration/servermanger/certificates/certificates.md) are backed up. Depending on the installation, a different number of certificates are required here. ## Configuring the new server @@ -85,7 +85,7 @@ Manager. #### 2. Setting up the server After the backup has been installed on the new database, you can be start the Server Manager and run -the setup wizard. The [Setup wizard](/docs/passwordsecure/9.2/configuration/servermanger/setup_wizard.md) is +the setup wizard. The [Setup wizard](/docs/passwordsecure/9.3/configuration/servermanger/setup_wizard.md) is used for (amongst other things) reactivating the license. It is now possible to enter all of the desired configurations for the server. diff --git a/docs/passwordsecure/9.3/maintenance/update.md b/docs/passwordsecure/9.3/maintenance/update.md index dc4d636070..efe6cf1c21 100644 --- a/docs/passwordsecure/9.3/maintenance/update.md +++ b/docs/passwordsecure/9.3/maintenance/update.md @@ -37,12 +37,12 @@ still active. If the software maintenance package has expired, you are only perm versions that were released during the term of the software maintenance package. Therefore, you should check whether the software maintenance package is still active before an update. This can be easily checked on the Server Manager under -[License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md). +[License settings](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/license_settings.md). ### Creating a backup An update always involves making a profound change to the existing software. A corresponding -[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md) +[Backup management](/docs/passwordsecure/9.3/configuration/servermanger/mainmenu/backupsettings/backup_management.md) should thus be created directly before the update to ensure that no data is lost if a serious problem arises. @@ -77,7 +77,7 @@ to be restarted. It is thus recommended that the Netwrix Password Secure service the update. Further information on the installation wizard can be found in the section -[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md). +[Installation Server Manager](/docs/passwordsecure/9.3/installation/installation_server_manager.md). ### Patch level update for the databases @@ -96,7 +96,7 @@ be carried out using the installation parameters. ### Updating the Web Application The application server must firstly be updated. A new Web Application -([Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) +([Installation Web Application](/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md) is then created according to the instructions for the web server being used. The document directory on the web server should now be completely emptied. The Web Application is then unzipped and copied to the document directory on the corresponding web server. @@ -107,5 +107,5 @@ been installed and it must be deleted without fail after a successful update. NOTE: If the Web Application is used, the module: `proxy_wstunnel` must be installed when using Apache. With IIS the `WebSocket Protocol` becomes necessary. Further information can be found in the -chapter [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 +chapter [Webserver](/docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 or newer. diff --git a/sidebars/passwordsecure/9.3.js b/sidebars/passwordsecure/9.3.js index f4e8941a40..5407b95644 100644 --- a/sidebars/passwordsecure/9.3.js +++ b/sidebars/passwordsecure/9.3.js @@ -4,5 +4,21 @@ module.exports = { type: 'autogenerated', dirName: '.', }, + { + type: 'category', + items: [ + { + type: 'link', + href: '../9_1', + label: '9.1' + }, + { + type: 'link', + href: '../9_2', + label: '9.2' + } + ], + label: 'Older versions' + }, ], }; From e6b497f89eaf22eafdecb45705c09d7cc4eb60a2 Mon Sep 17 00:00:00 2001 From: Sascha Martens Date: Fri, 17 Oct 2025 12:33:11 +0200 Subject: [PATCH 3/4] Removed all documentation for SAML applications. --- .../applications/configuration_of_saml.md | 61 ------------------- .../example_applications.md | 2 - .../saml_application_for_dropbox.md | 39 ------------ .../saml_application_for_postman.md | 42 ------------- 4 files changed, 144 deletions(-) delete mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md delete mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md delete mode 100644 docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md deleted file mode 100644 index d51394d09a..0000000000 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: "Configuration of SAML" -description: "Configuration of SAML" -sidebar_position: 30 ---- - -# Configuration of SAML - -## What is SAML? - -The Security Assertion Markup Language (SAML) is an XML framework for exchanging authentication and -authorization information. It provides functions to describe and transmit security-related -information. This means that you can use one set of credentials to log in to many different -websites. It is much easier to manage one login per user than separate logins for email, Customer -Relationship Management (CRM) software, Active Directory, and more. - -## Preconditions - -In order for the users to be able to use SAML, "SMTP" must be set up and an e-mail address must be -stored with the corresponding users. In addition, the Web Application is mandatory. Therefore, the -Web Application must already be "set up or installed". - -## Configuration - -In order to create **SAML applications**, SAML must **first** be activated. - -This is implemented in the settings of the database in the Server Manager: - -![activate SAML](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_1-en.webp) - -As soon as the check box is ticked, the next step is to enter the URL of the Web Application. The -SAML configuration screen should then look like this: - -![SAML configuration ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_2-ewn.webp) - -The screen is left open and the configuration is continued at the Advanced view. To do this, log on -to the client as usual and switch to the **Applications** module. Select a **new SAML application** -and fill it with the relevant data from the service provider. - -NOTE: The data of the service provider, which are entered in the Advanced view, can be found at the -respective provider. This differs from provider to provider. - -![new SAML application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_3-en.webp) - -In addition, the data must be stored in the **Server Manager** at the service provider. - -After the successful entry of all data, the last necessary step is the verification of the user. -This is done by clicking on the tile. This gives the user an e-mail with which he can verify -himself. - -![SAML tile in LightClient](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_4-en.webp) - -After verification, the **SAML application** can be started from the Basic view view. - -**CAUTION:** As this is a passwordless authentication, it is not necessary to link the **SAML -application** with a password. - -NOTE: Setup and configuration instructions for -[SAML Application for Dropbox](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) and -[SAML application for Postman](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md)can be -found in the corresponding chapters. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md index 7a05d47abd..80db8b01ba 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md @@ -9,5 +9,3 @@ sidebar_position: 40 In this section you'll find examples for applications. - [SAP GUI logon - SSO Application](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md) -- [SAML Application for Dropbox](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) -- [SAML application for Postman](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md deleted file mode 100644 index a986570952..0000000000 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: "SAML Application for Dropbox" -description: "SAML Application for Dropbox" -sidebar_position: 20 ---- - -# SAML Application for Dropbox - -## SAML Configuration Example for Dropbox - -This chapter explains how to configure the SAML application for **Dropbox**. It is assumed that -[Configuration of SAML](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been -activated in the Server Manager. - -- Log in as administrator at the **Dropbox** -- Open the Admin Console - -![Admin Console](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_1-en.webp)s - -- Open Settings - -![settings dropbox](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_2-en.webp) - -- Single Sign On - -![SSO dropbox](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_3-en.webp) - -- This is where the data SSO URL and the certificate from the Server Manager must be deposited. - -![database settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_4-en.webp) - -- In the Advanced view, a new SAML application must be created in the Applications module. -- Then the target page (login URL) and the XML file must be stored in the application. - -![login with SAML](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_dropbox_5-en.webp) - -The XML file must look like [this](https://cdn.manula.com/user/3511/docs/dropbox.xml). - -- The application can now be executed via the Basic view. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md deleted file mode 100644 index 15d012694e..0000000000 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: "SAML application for Postman" -description: "SAML application for Postman" -sidebar_position: 30 ---- - -# SAML application for Postman - -## SAML configuration example for Postman - -This chapter explains how to configure the SAML application for **Postman**. It is assumed that -[Configuration of SAML](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been -activated in the Server Manager. - -- First, you register with Postman. -- After logging in, click on the avatar and select "**Settings**". - -![settings postman](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_1-en.webp) - -- Then click on **Authentication**. Select a new method in the upper right corner. - -![option authentication postman](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_2-en.webp) - -- Here the Authentication Type must be defined with **SAML 2.0** and any useful Authentication Name. - -![add authentication method](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_3-en.webp) - -Then you come to the actual configuration. - -- Store Provider Details -- **Identity Provider Details** The data from the Server Manager is uploaded as XML or stored - manually. - -![postman identity provider details](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_4-en.webp) - -- **Service Provider Details** The service provider details are now copied to the application in the - Netwrix Password Secure Client. - -![postman service provider details](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_5-en.webp) - -NOTE: Please note that a **Relay State** is required. This value can be created in the **Configure -Identity Provider Details View**. From 40efdabc7797f3da11fa13f3f2a8abf373b7972b Mon Sep 17 00:00:00 2001 From: Sascha Martens Date: Fri, 17 Oct 2025 12:36:27 +0200 Subject: [PATCH 4/4] Adjusted/removed installation parameters. --- .../installationclient/installation_with_parameters.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md b/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md index 0e05de97f5..e933ad2949 100644 --- a/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md +++ b/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md @@ -26,6 +26,3 @@ Run the installation via the command line: **MSI-FILE.msi [PARAMETER]** - **INSTALL_OFFLINE_ADDON=“0”**: Deactivates the installation of the Offline Add-on. In the list of the components to be installed in the setup, a check mark has not been set but this can be set again by the user -- **IGNORE_TS_SERVICES=“1”**: Deactivates the installation of the terminal server services, no - matter on which system the installation is running -- **INSTALL_IDP_SERVICE="1"**