Server Settings
The Server settings dialog box can be found in the menu item Manage. It includes six tabs: General, Connections, Logging, Additional, Email and 2FA Settings.
General
Server
Here you can make basic settings on the server:
Server language: Allows you to select the language.
Server port: Specifies the port by default.
Use SSL/TLS: Enables the use of an SSL/TLS connection between client and server.
Use SSL/TLS for REST Server: Enables the use of an SSL/TLS connection for REST Server connection. With the REST server implementation, the Enterprise Server can now be accessed via REST API. A new web interface is made available in
the source code for demonstration purposes or for productive use. Internally it is a web server which can use HTTP or HTTPS (recommended) protocol. In order to use HTTPS, you need to install a valid SSL certificate.
Install certificate: Allows you to install an SSL certificate. If you wish to use this option, a dialog box will open where you can enter your certificate file and its key.
Databases
Storage folder: You can define the path where databases should be stored by default.
Connections
Supported authentications
Specify which authentication you would like to allow on your server. You can use either authentication with User credentials (account and password) and/or Integrated Windows Authentication (Single Sign On) here.
Supported clients
Specify which clients should be supported for connection to the server. The following options are available here:
- Standard Edition for Windows
- Corporate Edition for Windows
- Mobile Edition
- macOS Edition
- Web Client
NOTE: All clients that should be able to connect to the Enterprise Server need to be activated in the Server Manager. If a client is unchecked here, users won't be able to connect to the Enterprise Server with this edition.
New connection from different device
Select one of the three available options here to specify how connections from other devices should be handled if carried out by the same user.
Inactive sessions
Specify how Password Depot Enterprise Server should handle inactive connections.
Failed logins
Specify the number of failed login attempts a user can carry out before his account will be temporarily blocked. If a user account has been blocked, it can be re-activated again by the server administrator. To do so, open the Server Manager and go to
Users -> <USERNAME> -> Accounts and uncheck the box "Account deactivated".
Logging
In this tab you can adjust the settings referring to the Password Depot Enterprise Server's logs. The following options are available here:
Local log
- Logs folder: You can see here the local directory for storing the Enterprise Server's logs by default. You can adjust it by using the "Browse" button.
- Max. file size (KB): Determine the maximum size (KB) of the server's log file.
- Create new log file: Here, you can define the interval for creating new log files.
- Delete logs: Define the settings for deleting already existing logs. You can either select to never delete any log files created or determine a specific number of log files that should be kept, 30, for example (this number is set
by default): This means that the latest 30 files will be saved and older log files will be deleted.
- Remote log: Check the box "Send log messages to a remote server" if you wish to activate this option and send the Enterprise Server's log files to external log servers. You can further adjust the server address and port
of the external server where logs of the Enterprise Server should be sent to. Thus, you can ensure that protocols are not being manipulated.
Backups
In this tab, you can specify your settings for backup copies, among others:
Backup
- Backup folder: You can specify where backup copies should be saved to. Use the Browse button on the right to select a different directory.
- Backup databases on every startup: Select this option in order to create a backup copy of existing databases each time the program is started.
- Backup databases every: Determine a specific number of hours after which Password Depot Enterprise Server will automatically create a backup copy of existing databases.
NOTE: By default, both options for creating backups are checked and we further recommend to keep both options activated while working with the server.
- Log backups to file: If you select this option, the program will create a log of backups generated and will save it to the specified file so that you will be able to track when backups of databases were created at a later point of
time.
Additional
In the Additional tab more options are available as follows:
Active Directory:
- Specify whether to perform AD synchronization automatically. If so, you will also be able to determine the time interval automatic AD synchronization should take place. Furthermore, you can also specify what to do with users and groups not (no longer)
found in AD. Those users can be ignored, deactivated or deleted by the Server Manager.
NOTE: Synchronization should preferably be initiated by the administrator manually for a given reason. If automatic synchronization is required, synchronization cycles should preferably be at times when server load is low and, for example,
every 24 hours (1140 minutes).
Edit entries
- The administrator can determine a specific lock entry timeout (min.) here. By default, this is five minutes, however, you can increase or decrease the lock entry timeout, if desired. If a user has opened an entry but is not working with it, this specific
entry will then be locked automatically if the timeout set up in the server manager has expired.
Private databases
- Server administrators can determine whether a private database should be created automatically for every new user on the Enterprise Server. Those private databases will then also be stored to the server and users can add their own private entries
there which are not supposed to be part of the company's server database. Private databases will be displayed as Private_DB_<USER>.pswe in the Database area.
- Administrators can further determine whether private databases should be deleted automatically from the server once the user a private database has been assigned to is removed from the Enterprise Server. If this option is activated and a user is deleted,
their private database will be deleted from the server at the same time, too and thus will no longer be available on the server.
Please note that by default none of the above options is checked.
WebSockets port for clients
- Use default port number: The default port number is 25109 and also checked in the server settings by default. If the browser add-on is being used, by default communication
takes place through this port and users do not need to adjust their settings since port 25109 is also set in the browser by default.
- Auto-generate unique port numbers (recommended for Terminal Servers): As you can see from the description, this option is strongly recommended when using Password Depot on a terminal server. Since all users work
on the same system when using a terminal server it must be ensured that each user is assigned a unique port number for communication with the add-on. The socket port number is not a virtual but moreover physical parameter and therefore can not be shared by different instances of the Password Depot client. If you do not use individual port
numbers for each client, problems will definitely occur since Password Depot can not know where to send (= client) the access data requested by the add-on. It may happen, in this case, that User A receives access data from User B even though he
has no access rights for such entries. Therefore, when using a terminal server, it is mandatory, in any case, to assign individual port numbers to each user who is to work with Password Depot on the terminal server. You can now check the option Auto-generate unique port numbers (recommended for Terminal Servers) in the server settings and use it by default on the Enterprise Server. In this case, each user available on the server will be assigned a separate port number automatically and it will not be necessary to adjust the port number for each user individually
by the administrator.
For additional information about port numbers when working with the add-on click here.
Email
In this tab you can define your settings for email notifications:
- Sender: You can enter here the sender's email address and name.
- Outgoing Mail Server: You can configure the outgoing mail server here.
- Test Connection: You can enter the email address of a recipient here and send a test email to check the settings previously made.
2FA Settings
You can select here whether you would like users to log in on the server with Two-Factor Authentication. You can choose Two-Factor Authentication with two options: TOTP and email. By activating the
option Users may choose to remember their devices (days) the administrator can determine a certain period of time during which users can trust connections to a specific device. In this case, regarding Two-Factor Authentication, it
will not be necessary for users to always enter a new code each time they want to connect to the same device in x days if provided that the user enables the option Trust this computer when connecting for the first time and entering
the required code once.
The option Email code expiration time (minutes) determines the validity of a code sent by email for Two-Factor Authentication. By default, this is ten minutes. However, this time can be adjusted here by the server administrator. If
a user does not enter the required code in time, the latter expires. A new code will then be necessary in order to authenticate successfully.
Please visit our knowledgebase in order to get more information about Two-Factor Authentication.
HINT: Both Integrated Windows Authentication and Password Depot authentication support support Two-Factor Authentication. Under Users -> <USERNAME> -> Accounts Two-Factor Authentication can be deactivated
for single users individually, if necessary. Read more about this option in the chapter Add User.