Product Ideas Portal

Got an idea for a new feature? Maybe a tweak to make something work even better? Wish there was an integration with another product to make you even more productive? You've come to the right place.

The Product Ideas Portal lets you submit whatever product feedback you have, good, bad, ugly, and anywhere between.

Want to stay anonymous? No problem, you can still share your ideas with us. You can also create an account which lets you vote on other people's ideas and receive updates when your idea's status changes.

To learn more about how an idea becomes a feature, check out this infographic.

21 Vote

Approval of Password Safe Access Request thru Email

We would like to raise an enhancement where the approvers can approve password safe request thru email without requiring them to login to the Web Console. This is for emergency cases that the approvers have no access to the Web Console when they are out of the site and there are no available VPN to connect to the company network. This will also ease the process for the approvers since they can have more mobility for approving numbers of requests.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Sep 17 2019
  • Unlikely to implement
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    30 Sep 06:12am

    I've just learnt that the approval process/mechanism via PRA is exactly what I suggested, clicking on the approver email doesn't force a login to the portal and can easily be approved remotely/on a mobile device.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    6 Sep 11:36pm

    I'm not sure moving your PWS env into a DMZ is the best solution either, increasing the security risk to try and solve a different problem.
    You would have to assume that most companies that have deployed a solution like PWS would have suitable MDM solutions for their mobile devices. Access to email away from their registered devices would probably be restricted/protected by MFA, so the blanket statement that "email is not a secure environment" is probably not entirely true for corporate email.
    Having a pool of approvers is fine for larger companies but not always applicable for SMB customers.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    4 Sep 12:40pm

    That's not a valid assumption, Brian. I can get email on my mobile phone, but I can't connect to my corporate VPN on my phone.

    One option, highly dependent on the security rules of your organization, would be to put a PBPS system in your DMZ (using MFA for all authentication, of course). Then the email links would point to that system and it would reachable anywhere that your users are. You firewall policy would govern if any proxied sessions are allowed through that node (as well as the agent configuration).

  • Admin
    Brian Chappell commented
    4 Sep 09:49am

    Email is not a secure environment and provides only limited assurance that the source of the email is the indicated source. If the user is able to send an email into the organisation, it would indicate that there are available comms routes which should also allow for VPN and other connectivity methods that would ensure the user is properly authenticated to the solution. I'd also always recommend that the pool of approvers is sufficiently large to ensure that approvers are available whenever requests are raised. Users who are likely to need emergency access could do so through an ISA account managed through PWS to keep it safe when not in use. We will continue to evaluate this request frequently.