April 30, 2020
Password
SSO

Securing Shared Web Passwords with Idaptive

John Wu headshot
John Wu Senior Solutions Engineer

Sharing passwords should be avoided when possible. But if you have to use a shared web password, secure the password with Idaptive to reduce the risk of unauthorized access, enforce role-based access, and track who used the account and when.

shared password

Using shared web passwords should be avoided because it can result in a regulatory compliance violation, the inability to track who had logged in, or damages from unauthorized access. But using shared passwords is sometimes the only choice, such as the company social media accounts or default admin account for a web application. Idaptive can help address these security risks by enabling authorized users to log into the shared account without the user ever knowing what the password is. This article will go through the steps on how to secure your shared web passwords with Idaptive.

post it

Prerequisite: The Idaptive Browser Extension must be installed on the end user’s browser. https://docs.idaptive.com/Content/Applications/BrowserExtension/BrowserExtension-install.htm

 

Adding your shared web account into Idaptive

  1. Log into the Idaptive Admin Portal and add a web app for the website that you want to secure.
image 2

For more details, watch these free videos on how to add a web app:

Adding catalog apps https://academy.idaptive.com/series/the-applications-series/adding-catalog-apps

If your website is not in the app catalog, use the following video to add your website into Idaptive: https://academy.idaptive.com/series/the-applications-series/adding-apps-with-the-idaptive-browser-extension-for-firefox

 

  1. Configure role-based access control by assigning the appropriate users or group that is allowed to use the shared credentials. In the app configuration go to Permissions and click Add to select users and groups.
image 3

For more details watch this video: https://academy.idaptive.com/assign-applications-to-users

  1. Go to Account Mapping, then select All users share one name and enter the shared credentials. Make sure you change and enter a new password, if other users already knew the password before. This will force users to go through the Idaptive User Portal.
image 4
  1. Click Save.

Your shared password is now available to the assigned users through the Idaptive User Portal. When the users click on the web app icon it will sign the user into the website without the user ever having to know what the password is.

 

Tracking the usage of shared accounts

  1. Go to Reports > Builtin Reports > Applications and click on App Launches.
  2. Choose the time range and the web application you want to audit, then click OK.
image 5
  1. A report will list the dates and times and the name of the user who access the shared account within the selected report range.
image 6

 

Summary

Sharing passwords should be avoided when possible. But if you have to use a shared web password, secure the password with Idaptive to reduce the risk of unauthorized access, enforce role-based access, and track who used the account and when.