Idea Details

Email notification only when password its view in clear

Last activity 15 days ago
RoMartinAena's profile image
04-05-2018 11:08 AM

If you configure email notifications in password view policy it send notifications when a user view a password in clear and when the user access to a system with this password (PAM inyect the password and the user have no acces to it in clear).

It could be usefull to split this email notification into two diferent configuration in order to able to set diferent acctions on this two cases.

For us view the password in clear is an emergency access (and potencially more risky) and should be alerted. At this moment we recive hundred of notifications and could not identify wich of this events the user access to the password in clear and when only is accessing to the final system without knowing the password.


Comments

12-15-2018 09:54 AM

I have a use case where Customer wants a report for how many times a password is viewed and then who did it and for what account.

 

Currently the only way to get this is to:

1) RUN the PasswordViewRequest report. (This gives all requests whether view or Auto-connect)

2) and then RUN a session log report showing all connection with a detail "PAM-CMN-1420: Auto-login initiated with target account Name : administrator and target account Id : 1023"

3) Subtract the auto-login's from the PasswordViewRequest Count to get a view passwords count (no way to know which password they were trying to view or who it was 

11-16-2018 11:30 AM

For other PVP features like re-authenticate, reason required and change process the "on view" and "on auto-connect" options were separated a while ago. It makes a lot of sense to do that for the email notifications too.