Personal Vault

Let us remember your secrets so you don’t have to!

PAM automatically provisions a Personal Vault for each user who logins into PAM. These Personal Vaults provide a secure area where users can store their own secrets, connections, logins, keys or any other records they wish.

By default, these areas give each user full ownership of their own vault and its content, while no other non-Administrative users are granted access.

However, any folders and records created in a Personal Vault can be shared with others users if the Vault owner chooses, creating a shared secret area.

 

PAM System Administrator may decide to limit the permission users have within their Personal Vault.

The default Owner permission allows the user to have full control over the content of their Personal Vault including the option to share; however, they may decide to limit this to the Manager role.

The Manager role allows the user to create, edit and delete content within their vault but removes their ability to share this content with others, restricts access to reporting and more.

 

PAM-Personal-Vault

Benefits

Personal Vaults provide the following benefits:

  • Creates better organization as users do not have to store their personal secrets in PAM’s default Records List (i.e. root folder).
  • Provides a secure area where a user may store and have full control over their own assets like logins, keys and connections.
  • Works with the PAM Browser Extension to provide an automated login experience to websites.
  • Allows a user to share records from their vault with others, creating a shared secret space.
  • System Administrators, Auditors and users with Global Permissions still maintain some access to Personal Vaults to ensure corporate compliance and regulations.

Personal Vault Role

If you wish to change the Role that is granted to the user when their Personal Vault is provisioned (Record Control: Owner is the default), use the following procedure:

  1. Login to PAM as a System Administrator.
  2. Navigate to Administration > Settings > Parameters > Personal Vault Role.
  3. Select the desired role: Owner or Manager.
  4. Click the Save button.

Please note that this role change will only be applicable to newly provisioned Personal Vaults. All existing Personal Vaults will retain their current permission.

Personal Vault Recording

Sessions created from within a user’s Personal Vault permit the user to decide to record their session or not by providing both Connect and Connect and Record options.

PAM System Administrators may override this behavior to force all sessions created from within any Personal Vaults to be done so with video and/or event recording enabled.

To enforce event recording for all sessions from any Personal Vaults:

  1. Login to PAM as a System Administrator.
  2. Navigate to Administration > Settings > Parameters > Personal Vault Event Recording.
  3. Select the option Default or Enforced.
    • Default defers recording to the user’s permission or selection while Enforced enforces recording.
  4. Click the Save button.

To enforce video recording for all sessions from any Personal Vaults:

  1. Navigate to Administration > Settings > Parameters > Personal Vault Session Recording.
  2. Select the option Default or Enforced.
    • Default defers recording to the user’s permission or selection while Enforced enforces recording.
  3. Click the Save button.

Disabling

If you wish to not enable the use of Personal Vaults for users, then they can be disabled using the following procedure:

  1. Login to PAM as a System Administrator.
  2. Navigate to Administration > Settings > Parameters > Personal Vault.
  3. Select the Disabled option for the dropdown menu and then click the Save button.