Passwork 6.1 update
In Passwork 6.1 we've introduced new settings that provide more options for user management and enhance your security:
- Restriction of administrators' editing rights
- Selection of authorization methods for individual users
- 2FA reset regardless of authorization password
- Policies for the complexity of authorization and master passwords
- Additional LDAP and SSO settings
In System settings you can now restrict the management of administrators, set password complexity for logging into Passwork, and prohibit saving the master password in your local browser storage.
Who can create and manage administrators Owners can restrict organization administrators from managing other administrators — they won't be able to create new administrators, deactivate, edit, or reset the passwords of other administrators. Only an organization owner can perform these actions if restricted.
Policies for authorization and master password complexity Administrators can configure the requirements for local passwords and master passwords, preventing users from creating weak passwords. Available settings include minimum length, mandatory use of uppercase letters, numbers, and special characters. These requirements are visible on the registration and password change pages.
Allow saving master password in the browser This setting is available in the Master Password Complexity Policies section. It enables or disables the need to enter your master password every time the browser tab with Passwork is refreshed (if the master password mode is enabled).
To enhance your administrators' capabilities in user management, we've made several functional and interface improvements.
Selection of authorization method This setting has been moved from the System Settings section. Now, you can choose the authorization method individually for each user. Three authorization types are available — local password, domain password, or SSO. These parameters can be combined and applied to both individual users and user groups.
Exclusion of users from LDAP synchronization These users will remain active in Passwork even if they are deactivated on the AD side. Roles associated with their security groups won't be applied to them either.
Interface enhancements We've added new icons for authorization types, allowing administrators to instantly see which authorization methods are available for each user in the general user list.
Changing user status Changing the status to "Administrator" or "Employee" can now only be done on the user page. Previously, the status was also set in the general user list, which could lead to unintended actions.
New filters in the user list Now, you can select users with a specific type of authorization and LDAP synchronization.
Temporary passwords When resetting your authorization or master password, a temporary password is generated. Users must change it to a permanent one upon their next login to Passwork. The complexity of temporary passwords has also been increased.
Improved 2FA reset Now, administrators can reset the 2FA of a user separately from the authorization password.
Enhanced master password reset security When resetting the master password, all active user sessions are automatically reset. To resume working with Passwork, users need to enter the new master password.
In the new version of Passwork, we've added several parameters to LDAP and SSO settings. Additionally, we've made improvements to enhance our security, optimize user records in the license, and optimize the database.
2FA support for SSO authorization Users logging into Passwork through single sign-on services can now confirm their login with a second factor.
Logging out of IdP when logging out of Passwork By enabling this SSO setting, users will also need to log out of their credential provider system each time they log out of Passwork.
Improved LDAP interface We removed the global enabling/disabling of LDAP authorization. Now, it's enough to activate the necessary AD server. Additionally, we added new icons indicating which AD servers have LDAP synchronization enabled.
Passwork lock when changing the server master key We've added a lock to Passwork in order to protect your data when changing the server master key. If it's changed, users won't be able to perform any actions until the master key is restored.
Licensing improvements Unverified users are no longer counted in the total number of users.
Automatic cleaning of session collection in the database to limit its size.