How to request credentials to an app

With Bitium, IT admins are provided the tools to manage all of the passwords set by their employees across all apps in their organization. Access to employee passwords is a powerful tool for admins as it gives them the means to reset passwords, while also alleviating the burden of employee off-boarding.

Bitium considers “Managed Passwords” to be any password for which an end-user or admin gives explicit permission to their password. This permission is granted when the password owner checks the box to “allow admin access to the password” upon configuring their application.

Managed Passwords give admins full discretion as to what they can do with those passwords, such as set a policy in Bitium around which admins in the organization can view the passwords for those applications.

By default, Bitium does not require that users share their passwords with admins. For a specific application, users have the ability to “opt-out” of the option to give admins access to their password. This means that users can click to uncheck the box for sharing access to their password with admins.

As a result, not all applications may become “Managed” as some users may elect to opt out of allowing access to their passwords. This means that if a policy were applied to these applications, admins would still be unable to view the password because they were not granted permission by the end-user or admin configuring the app.

Although end-users or admins may have chosen to “opt-out” of sharing access to their passwords with admins initially when configuring their applications, admins still have the ability to retroactively request access to the password.

To request credentials to an app:

  1. Manage “your organization”

  2. Click “Manage Apps”

    ../../_images/addapp8.png

    Manage Apps

  3. Search for the app

  4. Click “Credentials & Policies” tab

    ../../_images/request3.png

    Credentials & Policies

  5. In the “Credentials” section, search for the set of credentials you are looking for. The credentials will be listed as “Unmanaged.” Click “Request Credentials.”

    ../../_images/request4.png

    Unmanaged credential

  6. The end-user (or admin) will receive an email message as well as a notification on their user dashboard, noting that admin [name] requested access to their credentials.

    ../../_images/request5.png

    Credential request email

  7. The recipient will either click the link in the email, or click the message to grant the admin permission to the password.

  8. Once the permissions are granted, the credential set for this particular account will be change to “Managed.”