Basic Terms
To use PassMan efficiently, you should understand some of the key terms and concepts.
Credential
- Data that provides access to a particular user account and can be used to log in to a system and access particular data to what we have permission to see.
- Types: password, SSH-key, PIN code.
- User account that provides access to services and data of an IT system.
- The user account can be custom or shared. Shared user accounts are usually used when administering IT systems.
Target
- Indicates a computer that connects to the network and provides users different services.
- User/password datasets or SSH key for Linux/Unix systems belonging to a Target (host).
- You can give a structure of Targets named groups.
On a specific Target CAN NOT be Accounts with the same name
Logical clustering units.
A given folder may have several subfolders.
In a given folder you CANNOT have Targets with the same name.
Vault (secure password storage)
- The data needed to use the systems are stored here encrypted.
- The top level element of the tree panel on the left side of the screen is named Vault by default but it can be renamed and it can even represent the name of the organization.
- Request for Credentials to connect/log in to a specific target.
- After a CheckOut the credentials are automatically changed by the system using the settings saved in the AutoReset function.
- Checks the status of the Credentials.
- PassMan verifies whether it can login to the associated Target (host) on behalf of the specified Account.
- If the connection between the Target and the Account is maintained and the credentials are appropriate than the status of the Account will be InSync.
- If something is wrong, then the status will be set according to this table.
- An access list that contains the names of users or groups that can access an item and the access levels as well.
- By setting a permission, you can specify who can have access to a given element and with what level of access.
- Change or update an existing credential.
- There are two ways to change a credential
- Change in the PassMan system as well on the Target.
- Change only in PassMan (update). If credential was changed directly on Target without PassMan, then PassMan credential is different from Target credential, so PassMan can't log in Target.