This short video demonstrates secure fields in Xton Identity Vault’s records and the process of unlocking these fields by any user with the appropriate permissions. The video also shows the audit log’s “unlock” and “lock” events.
Secure fields in a record view are not visible by default. Moreover, the information stored in these fields does not even come from server to the client browser even in an encrypted form. If a user has permissions to see the information in a secret field (for example, a password in a Windows account record) the user needs to “unlock” the secret field. Unlock operation calls the server to transfer the information from the secret field to the client browser and it displays it to this user. In addition to that the unlock operation makes a record in an audit log (and sends a notification to subscribers) for administrators or auditors to see.
If a user does not have permissions to see secret fields in a record the unlock operation is not available. In this case the password (or a certificate) never gets transferred through the network to a client computer. Note that this user may still have permissions to connect to a remote computer described by this record even without the capability to see the secret password.