Passportal Help

FAQs

What is an Organization Key?

The Organization Key is organization-wide and is the encryption key for your stored passwords. We do not store or cache the Organization Key anywhere in our system, so it is vital that at least one member of your organization has stored this and is able to give it to users that forget. To reset the Organization Key means all passwords will become irretrievable and will need to be reset. The Organization Key is designed to ensure that there is a separate and additional level of security that protects your organization from unauthorized access to any data at Passportal.

Does Passportal need to sign a BAA for your HIPAA compliant MSP?

The Health Insurance Portability and Accountability Act is a legislation that provides data privacy and security provisions for safeguarding electronic Protected Health Information (ePHl). ePHl is patient health information which is computer based. The data stored within Passportal includes system configuration notes, URLs, and login credentials to various systems and applications - some of which may be systems or applications which store or manage ePHl. While the login credentials stored in Passportal may be those which grant access to systems containing ePHl, the login or password data itself is not considered ePHl. This results in the first reason why there is no need for Passportal to sign a BAA.

The access information to ePHl which includes URLs or remote server addresses and login credentials that are able to be accessed, known, or otherwise used by any individuals or organizations would inherently require those individuals or organizations to sign a BAA in agreement to cooperate in safeguarding the ePHl they have access to. With this in mind, Passportal's data encryption technology which leverages hundreds of rounds of AES-256 encryption via 6 unique SHA-256 Hash keys used on a random algorithmic basis for each login credential stored, guarantees that no member of the Passportal organization can ever access, see, or know the decrypted format of that data. One of the 6 keys used in the encryption technology briefly described is never generated, stored, or known by Passportal. This unknown encryption key is the Organization Key your company chooses upon registering an account with Passportal. The involvement of the Organization Key in our encryption technology makes it impossible for members of the Passportal team to completely decrypt any password data within our platform. This results in a secondary reason why there is no need for Passportal to sign a BAA.

In conclusion, since there is no ePHl data stored within Passportal and no employee, contractor, consultant, or representative of Passportal can access the login credentials stored within Passportal, the company is precluded from any requirement to sign a BAA to meet and maintain yours and your clients' HIPAA compliance.

Passportal's Security, Data, and Privacy Policies

You can find this information here: https://www.passportalmsp.com/privacy-policy

I forget my security questions, how do I reset my password?

Normally users can reset their password via the password reset link found on the main login page. However, if they forget their security questions, they will not be able to complete this process. Instead, you can have an organization admin reset their user account, via the edit user modal found on the user management page. Once reset, they will get an email prompting them to re-select their security questions and password.

Why are my AD user’s passwords not syncing with Passportal?

There could be an issue with the AD agent check to make sure the server was restarted after installation, check to make sure the admin account the service is running on is a member of local admin, administrators and users groups. Check to make sure the client is enabled for windows sync and that “2-way sync is enabled” ensure that they have a single agent pointing to a single client folder, If they have multiple DC or Severs have them follow the KB guide,

Configuring AD Sync in a Single Domain Controller Environment

Configuring AD Sync in a Multi-Domain Controller Environment

Why are my AD user’s passwords not being created or showing in Passportal?

When the AD Agent has been configured, it will start sending end user passwordsto the system as passwords get changed on AD. Our agent does not have the ability to access the encrypted passwords on AD, decrypt them, and then send them to the system.

Check to see if “Auto create users as passwords” is enabled in the edit client screen for the client in question. If it is and “2-way sync” is also enabled then there could be an issue with the AD agent check to make sure the server was restarted after installation, check to make sure the admin account the service is running on is a member of local admin, administrators, and users groups. Check to make sure the client is enabled for windows sync and that “2-way sync is enabled” ensure that they have a single agent pointing to a single client folder, If they have multiple DC or Severs have them follow the KB guide,

Configuring AD Sync in a Single Domain Controller Environment

Configuring AD Sync in a Multi-Domain Controller Environment

Why can’t I share my passwords to the client yet?

The client must have a site administrator and that user must have completed the registration before a share is possible. The user account must also log in at least once, in order to activate the Organization Key on the client.

I just ran the PSA integration and I seem to have some client duplicates?

Chances are you didn’t match existing Passportal clients with what you had in the PSA integration wizard, to fix this issue the easiest method would be just to move the passwords from the non-PSA sync client to the client that is showing PSA sync and then disabled the old non-synced client.

Why do I not have access to certain passwords?

If the user is not an organization admin, then they will need to be assigned to a client directly, or via security groups. Alternatively, the user may request temporary access to the client, which will prompt all admins of the organization on the dashboard and by email of an access request. They may also have access to the client but some folders in the client may be restricted with security groups being assigned to these folders that they are not a member of.

When do I get my QR code to appear after I turn on 2FA?

Google authenticator and Duo QR codes will be shown on the next login the user performs.

Can we just use Blink without the 2-way sync on all of the domain controllers?

Yes, you only need the agent and 2-way sync installed on the main domain controller for blink to function.

How does Passportal rank its password strength?

We use a scale of 1 - 6 to determine the strength of a password. We by default give a password a strength of 1, and each match of the following criteria adding an additional point to the password strength score:

* Longer than 6 characters

* Longer than 12 characters

* Contains both lower and uppercase characters

* Contains at least one number

* Contains at least one special character

Does Passportal need to sign a BAA for your HIPAA compliant MSP?

The Health Insurance Portability and Accountability Act is a legislation that provides data privacy and security provisions for safeguarding electronic Protected Health Information (ePHl). ePHl is patient health information which is computer based.

The data stored within Passportal includes system configuration notes, URLs, and login credentials to various systems and applications - some of which may be systems or applications which store or manage ePHl.

While the login credentials stored in Passportal may be those which grant access to systems containing ePHl, the login or password data itself is not considered ePHl. This results in the first reason why there is no need for Passportal to sign a BAA.

The access information to ePHl which includes URLs or remote server addresses and login credentials that are able to be accessed, known, or otherwise used by any individuals or organizations would inherently require those individuals or organizations to sign a BAA in agreement to cooperate in safeguarding the ePHl they have access to. With this in mind, Passportal's data encryption technology which leverages hundreds of rounds of AES-256 encryption via 6 unique SHA-256 Hash keys used on a random algorithmic basis for each login credential stored, guarantees that no member of the Passportal organization can ever access, see, or know the decrypted format of that data. One of the 6 keys used in the encryption technology briefly described is never generated, stored, or known by Passportal. This unknown encryption key is the Organization Key your company chooses upon registering an account with Passportal. The involvement of the Organization Key in our encryption technology makes it impossible for members of the Passportal team to completely decrypt any password data within our platform. This results in a secondary reason why there is no need for Passportal to sign a BAA.

In conclusion, since there is no ePHl data stored within Passportal and no employee, contractor, consultant, or representative of Passportal can access the login credentials stored within Passportal, the company is precluded from any requirement to sign a BAA to meet and maintain yours and your clients' HIPAA compliance.

What characters are support by Passportal?

Passportal supports a wide number of characters, however you may be interested in additional characters and want to ensure they are supported.

Our current list of supported characters are the ASCII Printable Characters, and the Extended ASCII Characters. These characters can be found in https://www.ascii-code.com/