Central Password management is very important. Even for small teams.
Not every one should have access to all the passwords.
But if they do, you should know – when, who and which passwords were accessed.
If you are bound by standards such as FIPS, FISMA, PCI DSS, HIPPA or similar, you have to manage log and manage access to IT resources.
Password managers used to be expensive, but in 2013, things have changed. Compared to Secret Server or Team Password Manager, Pleasant Password server is the only one which has support for KeePass. Slightly modified KeePass is actually bundled with the product.
Pleasant Password Server review
I found Pleasant Password Server by coincidence, I was so impressed that I decided to write a review.
Pleasant Password Server is a web application. I installed it on Windows 2008R2 server, but it can be installed on Windows XP SP3 with .NET 4.0. Installation is quick and soon after you can log in.
Interface is simple and easy to use. On the left side you log in, on the right side you see recent news regarding new releases and above you have an option to download client – Pleasant have modified Keepass to synchronise with their server.
Based on passwords you use, you can create Groups and create passwords for those groups. If you use Oracle databases, you may have one for production, and one for development. Most likely user access is limited to only a couple of admins on production and several on a development database. In group Oracle you place passwords you use.
You would also create group servers for keeping the passwords of all the servers you have.
When you add new password you are presented with new entry dialogue, where you can enter, Title, Username, Password, Url and Notes.
KeePass was modified so that it synchronises with the Pleasant Password Server. Groups and passwords are both refreshed as soon as you make a change. You can extend KeePass functionalty with plugins but not all may work. You can use auto fill plugin for Firefox to automatically populate credentials on a website or you can use plugin for Remote Desktop Manager to automatically populate credentials for remote desktop session.
Users can be imported from AD, they keep their username and their password. And when they change their windows password, they will use new password for Pleasant password server login. You can limit access to passwords for users, you can define who can Move Entries/ Subfolders, View Subfolders, View Entry Names, View Entry content. Permissions can be tweaked for every user, and you can really limit access like you want.
Pleasant Password Server has great logging system. You see all the events, from who created user X, to who accessed password Y. You can also export log to CSV file.
In addition to KeePass for Windows, Pleasant Password Server also has an application for IOS. When you are in the server room configuring routers, you can check on the Phone which password is the right one 🙂
There is one feature that I left for the end, it’s called Proxy mode. In Proxy mode, clients use Pleasant Password Server as a Proxy, when they visit websites Pleasant Proxy Server fills credentials on their behalf. In that case users don’t have to know passwords at all.
Pleasant Password Server is available in 3 editions (For 2 users and 20 entries, Pleasant Password Server is free).
- Enterprise (AD /LDAP integration, Read only setting for limited access assignment, Customisable access levels roles or users)
- Enterprise + Proxy
Pleasant Password server is one of the cheapest password servers, but it does not lack in functionality. Unlike alternatives it features great proxy password pass through functionality. Pleasant is a Canadian based company. If you are concerned about privacy, you should know that privacy is very respected in Canada.