Home - Enterprise Server

In Password Depot, you can open and save databases on the Enterprise Server module. To do so, please open the Home screen and click on the tab PD Enterprise Server. The following options are now available:

  • Sign in: Directs you to the login site of the Enterprise Server. Here, you enter all of the information indicated below this list. After login, all databases that you can access will be listed. Alternatively, you can also use the integrated Windows authentication, if available  for this purpose, click on the right arrow button. Further, since version 12.0.7, optional Two-Factor Authentication has been implemented when connecting to the Enterprise Server. The administrator is able to activate Two-Factor Authentication for the client's server login. If this option is selected, clients need to enter both user name and password (if standard authentication is used) as well as a particular code they will receive during login process. You can read more about Two-Factor Authentication here.
  • Sign out: Logs you out of the Enterprise Server.
  • Open: Opens a database selected in the list. For this purpose, select the desired database in the view and then click on Open.
  • Refresh: Refreshes the list of available databases saved on the Enterprise Server.
  • Change server password: Allows you to change the password for Enterprise Server.
  • View server certificate: If a certificate was installed earlier, you can view its details here.
  • Search: If there are multiple databases, search for the desired database in the corresponding Enterprise Server.

NOTE: Databases for the Enterprise Server can only be created via the server's control panel. In case you would like to share a file on your local PC with other users, you would need to send this file to the system administrator first.

NOTE: Once you have opened a database from the Enterprise Server, you can quickly and easily switch between the databases you have access to in the tab bar without having to reopen the home screen.

Enterprise Server: Login

Having clicked on Sign in, you will need to indicate your server information:

  • Server address: Type in the address from which Enterprise Server is executed. Generally, this is a local address, e.g. 90.0.0.1.
  • Port: Enter the port through which Password Depot can be reached. A specific default port is defined for every main version. For Password Depot 19, the default port is 25019.
  • Authentication: Select the correct authentication mode (Standard Authentication with username/password, Integrated Windows Authentication, Windows Domain Credentials, Azure AD/Entra ID, OpenID Connect or WebAuthn/Passkeys).
  • Domain / Username: The domain of the server and/or your username.
  • Password: Enter your password here.

Finally, click on OK.

NOTE: In the Enterprise Server tab, you can only open files which you are allowed to access. Those rights are assigned to you by your server administrator. If you have logged on to the Enterprise Server successfully and see a message that no database has been assigned to your user's account yet, please contact your server administrator because otherwise working with the Enterprise Server will not be possible at all.

How to authenticate on the Enterprise Server?

In general, the server administrator decides how users should authenticate on the Enterprise Server. Thus, when connecting to the Enterprise Server, it is only required for users to select the correct authentication mode to establish a secure client to server connection. The Password Depot Enterprise Server Login window offers different authentication modes to choose from:

  • Standard Authentication (username & password)
  • Integrated Windows Authentication (SSO)
  • Windows Domain Credentials
  • Azure AD/Entra ID
  • OpenID Connect
  • WebAuthn/Passkeys

Standard Authentication

You can use the Standard Authentication to connect to the Enterprise Server if your Password Depot Server administrator has created local users and assigned usernames and passwords to single users. To login, enter the username and password which was assigned to you by your server administrator and also make sure to use the correct server address and port.

Integrated Windows Authentication

If you would like to use the Integrated Windows Authentication, also called Single Sign-On, to login on the Enterprise Server, you have to be a member of an Active Directory. Besides, your server administrator must perform the Active Directory synchronization in the Server Manager (prior to the user login) to add Active Directory users to the Password Depot server. If this is the case, please select the Integrated Windows Authentication in the Password Depot Enterprise Server Login window and make sure to use the correct server address and port. Your Windows NT access data will then be used to login. If settings are correct, your logon name as well as the corresponding domain are already displayed in the login window. Finally, just click OK to proceed and establish a client to server connection. The access data sent will be validated in the background and you will be logged in as soon as the data has been proven valid.

Windows Domain Credentials Authentication

With Windows Domain Credentials authentication, you log on to the Enterprise Server using your Windows domain credentials. To use this method, your user account must be a member of an Active Directory domain. In addition, your server administrator must have added you as a user in the Server Manager as part of Active Directory synchronization.

If these prerequisites are met, select Windows Domain Credentials in the Password Depot Enterprise Server Login window and make sure that the server address and port are correct. Then enter your domain user name (e.g. DOMAIN\username or [email protected]) and the corresponding password.

Click LOGIN to start the sign-in process. Your domain credentials are verified in the background. If the account and password are correct and your account has the required permissions, you are logged on to the Enterprise Server and can open the server databases that have been shared with you.

Azure AD/Entra ID Authentication

If you would like to use the Azure AD/Entra ID Authentication, you have to be a member of an Azure Active Directory. Besides, your server administrator must perform the Azure AD synchronization in the Server Manager (prior to the user login) to add Azure AD users to the Password Depot server. If this is the case, please select the Azure AD Authentication in the Password Depot Enterprise Server Login window and make sure to use the correct server address and port.

Afterwards, a new dialog window will be displayed saying that Password Depot would like to use "microsoftonline.com" for authentication. Please confirm to proceed. You are forwarded to your browser next. Select the correct Microsoft account, enter your email address and password. Finally, you must enable Password Depot one more time to access your Microsoft account.

A connection to the Enterprise Server will be established once you have completed all the steps required. Afterwards, you can select the desired database and open it.

Open ID Connect Authentication 

This authentication method allows users to log in using credentials from an OpenID Connect (OIDC) identity provider. Once integrated, users can be imported from the external provider into the Password Depot Server and authenticate directly through the Password Depot Client using their federated credentials.

To authenticate via OIDC, ensure that the Password Depot Server administrator has configured at least one valid OpenID Connect provider in the server settings. If required, obtain the server address and port number from your administrator.

In the Password Depot Client, enter the server address and port number, select OpenID Connect as the authentication method, and choose the predefined OIDC identity provider from the drop-down menu. If the identity provider does not appear, click the Discover Identity Providers button (green icon) to initiate a discovery request to the server.

Next, click Login. You will be redirected to the identity provider's login page. Enter your external account credentials (e.g., Microsoft Entra ID, Auth0) and, upon successful authentication, you will be redirected back to the client and granted access to the server  based on your assigned roles and permissions.

WebAuthn/Passkeys Authentication

The WebAuthn/Passkeys authentication method enables passwordless login to the Enterprise Server. Instead of a password, you use a WebAuthn/FIDO2-based authenticator, such as a FIDO2 security key, Windows Hello or another compatible passkey.

To use this method, your server administrator must have enabled WebAuthn in the Server Manager and registered at least one passkey for your user account. If necessary, ask your administrator for the correct server address and port number.

In the Password Depot Enterprise Server Login window, select WebAuthn/Passkeys as the authentication method and verify the server settings. Then click LOGIN to start the authentication process. The corresponding WebAuthn dialog of your operating system will open. Follow the instructions shown there – for example, touch your FIDO2 security key, enter a PIN if required, or confirm the login using fingerprint or facial recognition via Windows Hello.

After successful cryptographic verification, you are automatically logged on to the Enterprise Server and, based on your assigned roles and permissions, gain access to the server databases that have been shared with you.