Click Studios

Active Directory Authentication Options

Passwordstate offers 19 robust authentication options, with 18 supporting Active Directory with either manual logins or Single Sign-On, enabling flexibility and security:
  • Single Sign-On (SSO)
  • Manual AD Authentication
  • Manual AD with Multi-Factor Authentication (e.g., Google Authenticator, RSA SecurID, Duo Push)
  • Email-based Temporary PIN Codes
  • One-Time Passwords and more

Single Sign-On (SSO) serves as the default authentication mode, allowing seamless access without manual credential entry. Alternatively, manual AD options prompt users for domain credentials, and can be configured for MFA for enhanced security.

LDAP and Kerberos Support

Passwordstate supports both LDAP and LDAP over SSL (LDAPS), as well as Kerberos for secure communication with Active Directory. Configuration options are available per domain, including support for:

  • Non-trusted domains
  • Workgroup environments (non-domain member setups)

This flexibility ensures compatibility with diverse enterprise network architectures.

Permissions and Role-Based Access Control (RBAC)

Passwordstate leverages Active Directory Security Groups to simplify permission management, enabling:
  • Granular control with Read, Modify, or Admin rights
  • Role-based menus and feature visibility

Security groups streamline the application of RBAC policies. For example, importing security groups for roles such as "System Administrators" or "Database Administrators" automatically grants appropriate permissions. Changes in group membership can be synchronized in near real time, ensuring accurate access control.

User Account Synchronization

Passwordstate dynamically synchronizes user account statuses with Active Directory. Key capabilities include::
  • Automatic deactivation of accounts disabled in AD
  • Purge disabled accounts in Passwordstate based on disabled period
  • Scheduled synchronization for security groups and user accounts (5-minute intervals to daily updates)

These features ensure alignment with enterprise access policies and prevent unauthorized access.

Automated Password Resets in Active Directory

Passwordstate allows secure storage of AD account credentials and supports password resets directly within Active Directory. Features include:

  • On-demand or scheduled resets for AD accounts
  • Automated updates for network resources using the reset credentials, including Windows Services, IIS Application Pools, and Scheduled Tasks

This functionality ensures password policies are consistently enforced across your infrastructure.

Active Directory Account Management

The Active Directory Actions feature empowers Help Desk teams to manage AD accounts efficiently. Key actions include:

  • Unlocking accounts
  • Forcing password changes at the next logon
  • Disabling or enabling accounts

These capabilities enhance IT support efficiency while maintaining robust security protocols.

Tailored for Enterprise Efficiency

Passwordstate’s Active Directory integration is designed to meet the complex needs of large organizations. By combining advanced authentication options, seamless synchronization, and role-based controls, Passwordstate provides a scalable and secure solution for enterprise password management.