en-US - - English

Functions Overview

PassMan helps your organization to store and share credentials (passwords, SSH keys, PIN codes) safely by an advanced permission management system that covers Accounts (e.g. User1) and Targets (e.g. your website).

When you need to access a credential, simply view it in PassMan (CheckOut).

The system will only provide the credential to you if you have the right to view it (or login with it).

Basic features of PassMan

Keeps a record of:

  • Hosts (Targets).
  • User/Password datasets for Hosts and SSH keys for Linux/Unix systems (Credentials).
  • Target structure (Folders).

Reveal Credential datasets

  • to authorized users

Timed checks for:

  • A given Host (Target) whether it exists,
  • Stored user/credential dataset whether it is correct (is it possible to login to the Host or not).

Automatically updates credentials:

  • It can generate strong passwords (by policy),
  • Automatically updates credentials before they expire.

Reporting:

  • Who signed into which target using the automatic checkout feature?
  • Who logged into PassMan and what did they do?
  • Who, when and with what level of privilege accessed a given Target/Account?
  • What Target did a user accessed in a specific time and with what type of permission?
  • And more...

Access (permission) management:

Data stored in PassMan can be accessed in two ways:

  1. Local users: only exist in PassMan. Once initialization is complete, PassMan will create an initial admin user. This user performs local user management tasks, such as creating and suspending users, etc.
  2. AD users: they access the system based on the AD settings set in Padmin (PassMan's admin interface). AD groups can be used when configuring permissions. An AD user is subject to a group rule if it is a member of that group.

Prmissions are evaluated based on the position of the element in the tree structure. An element inherits rules from its parent: overridable or non-overridable.
There are 2 major types of premissions:

  • Viewing (READ) - an element can be viewed
  • Execution (JOB) - a function can be executed

You may also be interested in these topics:

Permissions in detail

Account Status List