There may be situations where your organization would like to work collaboratively with one or more clients in order to share passwords with them and have them share passwords with you, using their own client log-in (see our Sites offering). In order to accomplish this, there is a few steps that must be completed:
- Enable Client Login ability for the client of your choice using the edit client tool.
- "Force Organization Credential Types" - Forces the client to use the credentials list from the organization.
- A new sub-section under Users will appear, called "Site Users".
- In this subsection you can start adding users for individuals at your client's organization to gain access to the system.
- An Administrator is needed to properly activate the client portal, so one of the added users will need this permission level.
- This user will receive an email to go through the activation process, similar to any user of your organization, during which they will select their own Organization Key for the client organization.
- By default, your client will not see the passwords you have stored for them and you will not see any passwords they enter. This allows both sides to store passwords, without defaulting access to everyone.
- Once the Organization Key has successfully been selected, "Share" icons will become available in the tool section of the list of passwords. (The Share icons will not be available until the Organization Key is successfully set up.)
- To share a password select the sharing icon from the tool section next to that password, or select multiple passwords and use the "Share Passwords" entry on the "With All Selected" drop-down menu at the top of the page.
- This will bring up Share options to be configured including: read-only vs. read/write access, sharing to individual users or client wide, and whether or not they can view the change log history. This process applies to the client side as well.
- To un-share a password click the Share icon again, deselecting it.
- Un-sharing a password does not prevent the other side from knowing what it was. It is best practice to change any password after it is un-shared to prevent it being compromised.
- Keep in mind folders cannot be shared down only the passwords them self can be shared.
- Client users have two default permission levels: Administrator and User
- Administrators have full access at the client level. They can change client level settings, create and manage other client users, and run the various audit reports.
- Users are regular, everyday users looking to access passwords.
- The folder structures for the MSP and each client organization are completely independent of each other. (Folders created in on will not appear in the other.)
- Adding or moving a password to a folder as an MSP will not move the password on the client organization, and vice versa.
Password Sharing FAQ
- Q. What happens if a Site Administrator Disables a password created and shared by an MSP
- A. A password shared from the MSP to the Site cannot be disabled by the Site Administrator however the Site Administrator can Disable Sharing on that password so it can only be seen on the MSP Side.
- Q. If a password has been shared from MSP to Site, or Site to MSP and you stop sharing the password, what happens?
- A. If the password ever stops being shared, it will only remain on the side that the password was created.