Product Ideas Portal

Got an idea for a new feature? Maybe a tweak to make something work even better? Wish there was an integration with another product to make you even more productive? You've come to the right place.

The Product Ideas Portal lets you submit whatever product feedback you have, good, bad, ugly, and anywhere between.

Want to stay anonymous? Don't worry, no email address or name fields are shared on the public portal. You can create an account which lets you vote on other people's ideas and receive updates when your idea's status changes.

To learn more about how an idea becomes a feature, check out this infographic.

26 Vote

Approval of Password Safe Access Request thru Email

We would like to raise an enhancement where the approvers can approve password safe request thru email without requiring them to login to the Web Console. This is for emergency cases that the approvers have no access to the Web Console when they are out of the site and there are no available VPN to connect to the company network. This will also ease the process for the approvers since they can have more mobility for approving numbers of requests.

  • Guest
  • Sep 17 2019
  • Unlikely to implement
  • Attach files
  • Guest commented
    5 Apr 10:23am

    Hi Brian, it is fair that email approval is not secure, but the UI of BI-PasswordSafe portal in a mobile device is not useable at all. It would be a perfect alternative to the email approval if this UI is made usable in a mobile device which can then be used by approvers to grant approvals when they are outside and can't get to their laptop.

  • Guest commented
    30 Sep, 2020 06:12am

    I've just learnt that the approval process/mechanism via PRA is exactly what I suggested, clicking on the approver email doesn't force a login to the portal and can easily be approved remotely/on a mobile device.

  • Guest commented
    6 Sep, 2020 11:36pm

    I'm not sure moving your PWS env into a DMZ is the best solution either, increasing the security risk to try and solve a different problem.
    You would have to assume that most companies that have deployed a solution like PWS would have suitable MDM solutions for their mobile devices. Access to email away from their registered devices would probably be restricted/protected by MFA, so the blanket statement that "email is not a secure environment" is probably not entirely true for corporate email.
    Having a pool of approvers is fine for larger companies but not always applicable for SMB customers.

  • Guest commented
    4 Sep, 2020 12:40pm

    That's not a valid assumption, Brian. I can get email on my mobile phone, but I can't connect to my corporate VPN on my phone.

    One option, highly dependent on the security rules of your organization, would be to put a PBPS system in your DMZ (using MFA for all authentication, of course). Then the email links would point to that system and it would reachable anywhere that your users are. You firewall policy would govern if any proxied sessions are allowed through that node (as well as the agent configuration).

  • Admin
    Brian Chappell commented
    4 Sep, 2020 09:49am

    Email is not a secure environment and provides only limited assurance that the source of the email is the indicated source. If the user is able to send an email into the organisation, it would indicate that there are available comms routes which should also allow for VPN and other connectivity methods that would ensure the user is properly authenticated to the solution. I'd also always recommend that the pool of approvers is sufficiently large to ensure that approvers are available whenever requests are raised. Users who are likely to need emergency access could do so through an ISA account managed through PWS to keep it safe when not in use. We will continue to evaluate this request frequently.