Client Password Manager

Introduction

Go through the important features of Client Password Manager for MSPs in the form of a series of screenshots. Here are a few basics you should know before going on a journey through the product:

What data is considered as an account in Securden?

Any credential or login information that is stored in Password Vault is considered an account.

Which members are considered users in Securden?

Any person (client end user, IT technician, or administrator) who would need access to the product interface is considered a user.

What is the concept of account ownership?

Any user adding an account in Password Vault is considered its owner and will have full rights over managing the account and modifying its details.

This walkthrough will take you through the administrator interface of the product, end users will have a limited view based on the permissions and accounts allotted to them.

The Password Management Scenario for IT Service Providers

IT Service Providers are often tasked with the security of client information and assets. They need to protect all loopholes related to password management so that external attackers cannot find their way to client information through the service provider. Service providers also need to constantly help clients with their IT audits, to ensure compliance with regulatory requirements.

Implementing a password management solution at the service provider side reduces password-related tickets significantly, and helps achieve compliance. Streamlining password management processes will also boost customer trust and end user productivity.

When it comes to tracking and managing client organizations’ access to privileged entities, MSPs typically rely on two common operational models:

1) Fully managed model:

In this setup, the MSP administrator has complete control over client privileged access, including servers, firewalls, antivirus, and endpoint security. Any request from the client’s end including password retrieval, elevated access, and other requests related to privileged access is routed through the MSP organization. A technician or administrator in the MSP assists client users with all the incoming requests.

2) Co-managed/hybrid model:

The Managed Service Provider (MSP) manages most of the client's IT infrastructure while the client organization holds control over a small part of their IT operations. In other words, MSP supplements the internal IT team’s capabilities instead of replacing them. This model allows businesses to maintain internal IT control while leveraging the MSP’s specialized skills, automation, and 24/7 support. Client Password Manager for MSPs ensures complete data segregation, allowing client-side administrator users to view and manage only the data relevant to their own organization.

For fully managed client organizations, Securden lets the MSP administration/technicians maintain, control and govern all privileged access, sessions and audits.

In co-managed setups, Securden allows the MSP to delegate certain administrative rights as required by the client – while ensuring that the client cannot override security controls set by the service provider admin. The clients will also be able to exclusively access their data, assets and resources alone. This approach ensures that there is no risk of data exposure between separate client organizations.

Client Management

Add customers and clients

Securden Password Manager allows MSP admins to manually add the client organizations to be managed using the product interface.

Adding a client means that they would have a password vault exclusive to their passwords and end users. The passwords and data of each client remain segregated ensuring that one client will not be able to gain access to data of another.

Once added, the MSP administrator has complete oversight of all client organizations from a single dashboard. They can switch between clients to view data and passwords pertaining to each client without worrying about the risk of exposure.

MSP technicians can efficiently manage client organizations in Securden by assigning one or more administrators to each organization. These client administrators gain access to their own console, enabling them to manage users and accounts effectively. You can also set a display name, specify a maximum user count, and define client scopes based on their specific requirements.

Import multiple clients at once

Securden Password Manager enables MSPs to effortlessly add multiple clients at once with a single action. Clients can be imported using either a standard CSV file or a .xls file. Each line in the file represents a client, and it is important that all lines have the same number of fields for consistency.

Additionally, you can include client scopes during the import process.

Define client scopes

The client scope is established by assigning specific access permissions tailored to the unique needs of each client organization. If a client organization requires password sharing capabilities alone – the MSP can define a scope with just that.

Permissions can be comprehensively configured by selecting particular features. If permissions need to be changed after a scope has been created, another administrator must approve the modifications.

Assign administrators

You have the ability to add administrative users or user groups from the MSP organization to selected Client organizations. Once the users are added, they will have access to view Clients and perform actions according to the specific roles assigned to them within each Client organization.

Delete clients

If you find that you are no longer providing services to a customer, you have the option to remove them from the dashboard. This offboarding ensures that once they leave – their data and passwords are no longer accessible by any MSP technicians.

Export client data

You can export the client data in the form of CSV, PDF, and .xlsx files or schedule periodic export of password compliance reports to be sent by mail. In the event that your client is no longer availing your services, you can securely export their credentials and share it with them. Then can then be offboarded from the MSP interface.

User Onboarding for Clients and Technicians

Import your users in Password Manager

MSP administrators can add client users into Securden for easy management. This allows them to establish access controls and restrictions for users needing access to privileged accounts and resources.

Flexible user import from AD, Azure, and LDAP

If your organization utilizes a directory service such as Native AD, Azure AD or LDAP, Securden lets you import your users, OUs, and user groups directly from the service.

Onboard users from a CSV/XLSX file

You can easily import users from a .csv or .xlsx format file. You can also assign users the role they will take up when onboarded into the solution.

Add users manually

You can manually add and manage accounts with Securden. Generate secure passwords for the accounts you add using a predefined password policy. To make it easier to classify your accounts, add tags and notes.

Leverage Single-Sign On capabilities (SSO)

Integrate with SAML-compatible federated identity management solutions such as Okta, G Suite, Microsoft ADFS, OneLogin, PingIdenity, Azure AD SSO, and others to offer your customers a unified single sign-on experience.

Set-up multi-factor authentication (MFA)

Configure 2FA to allow users to safely log into Securden using multiple levels of authentication. Integrates easily with industry tools such as RADIUS, YubiKey, Duo, Mail OTP, and others.

Establish role-based access control

After adding the users, you can assign roles to the users based on the job. You can provide granular access to users, where each role has a different level of permission. There are five pre-defined roles from which you can assign, or you can even create a custom role.

Customer Password Management

Centralize customer passwords

MSPs deal with several customers across multi-tenant networks to manage their IT and network infrastructure. Client Password Manager for MSPs provides a centralized repository for securely organizing, managing, and sharing all sensitive customer information, ensuring complete data segregation.

Share passwords without revealing them

Securden allows for the granular sharing of passwords. Your IT team can establish one-click remote connections to remote servers, databases, devices, and applications (RDP, SSH, and SQL connections) without revealing the underlying passwords.

Enforce Just-in-time access with password request-release workflows

Securden allows IT technicians to give time-limited just-in-time access to privileged accounts instead of giving permanent access. Users should raise a privilege access request whenever they need access to an IT asset or an application. Administrators will review the request, and grant time-limited access. It is possible to assign more than one level of approval, and multiple approvers on each level. Once the permitted time period has expired, access will be revoked.

Automate remote password resets

Securden improves security by reducing the chances of unauthorized access through automated password rotation and randomization by ensuring that passwords are changed at periodic intervals with unique and complex passwords.

Define password policies

Securden facilitates automating the password policy enforcement process. It comes with a tool that generates strong passwords based on the policy specified. IT admins can create a password policy specifying the password strength and complexity requirements, periodicity for password resets, and other conditions. Custom policies can be created and assigned to different accounts.

Account Management

Build a central repository of all your passwords and privileged accounts

Client Password Manager for MSPs acts as the centralized repository for all sensitive client information, including passwords, keys, license files, certificates, and more.

It enables you to search for and consolidate all privileged accounts within your organization. By doing so, you gain full visibility over orphaned and hidden accounts, allowing for a comprehensive overview of the organization. Additionally, you can manage and classify accounts, facilitating easier access management.

Add accounts & credentials manually

You can manually add accounts and manage them using Securden. For the accounts you add, generate strong passwords according to a predefined password policy. You can also add tags and notes to your accounts for easier classification.

Organize data as folders for bulk management

Organize accounts, documents, and other sensitive data into folders for better classification and management. Create folders and subfolders in a hierarchical structure so that access permissions can be inherited from the parent folder. Perform essential operations, such as changing passwords in bulk for all accounts within a specific folder.

Compliance and Audits

Achieve compliance

MSPs can help customers with various compliance regulations by providing comprehensive reports on which technicians accessed what customer passwords and what actions they took with them.

Comprehensive auditing & reporting

Audit and track all privileged access activities to get detailed information on all user activities and all privileged account activities to gain security insights. Generate and export reports on demand, or schedule specific reports to be delivered to your inbox.

Drill-down on audit trails

Using searchable text-based trails, identify and collect specific audit actions. Sort data using a text-based or command-based search, then export the drilled-down report to gain more insights.

Intuitive user access and activity reports

Get comprehensive understanding on overall user activities based on different parameters. Gain insights on which users have higher access privileges in Securden.