Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AEK
SuperUser
SuperUser

Created on ‎08-13-2024 08:56 AM

Hide passwords in FortiPAM

Hello FortiPAM admins

Is there a way to hide passwords of users' secrets from being seen by the admin?

AEK
AEK
Labels:
489
0 Kudos
5 REPLIES 5
Bjay_Prakash_Ghising
Contributor

Created on ‎08-13-2024 11:29 AM Edited on ‎08-13-2024 11:31 AM

Hi @AEK 

 

https://docs.fortinet.com/document/fortipam/1.3.0/administration-guide/203151/creating-a-folder#User...

 

Users with the following permission can view secret passwords on the GUI:

  • Owner
  • Edit
  • View (Only for users with roles where View Encrypted Information is enabled)

https://docs.fortinet.com/document/fortipam/1.3.0/administration-guide/488581/secrets

 

Admin cannot view the secrets (password) of the target with user permission:

  • List
  • None

But you can't launch the secret list with that permission.

1 (3).jpg

 2.jpg

 

Currently, FortiPAM don't offer to hide password for secret list with view permission.

 

Hope that helps, 

 

Kind Regards, 

Bijay Prakash Ghising

 

 

 

Ghising
Ghising
457
AEK
SuperUser
SuperUser
In response to Bjay_Prakash_Ghising

Created on ‎08-13-2024 12:42 PM

Hello Ghising

Thanks for your response and reference.

I think it would be much more secure to permanently hide the back-end server's passwords from any admin or user with any role/permissions.

I still don't understand why FortiPAM doesn't hide it. Maybe there is something conceptual that I don't understand yet about PAM.

AEK
AEK
433
Bjay_Prakash_Ghising
Contributor
In response to AEK

Created on ‎08-14-2024 07:31 AM

Hi @AEK 

 

If you have role disabled for "View Encrypted Information " and "view" user permission then it won't display the password. 

 

Just verified in this Q/A

 

https://community.fortinet.com/t5/Support-Forum/Hiding-sensitive-credentials-for-Standard-users-on-F...

 

https://docs.fortinet.com/document/fortipam/1.3.0/administration-guide/117972/role

 

https://docs.fortinet.com/document/fortipam/1.3.0/administration-guide/488581/secrets

 

 

Ghising
Ghising
392
AEK
SuperUser
SuperUser
In response to Bjay_Prakash_Ghising

Created on ‎08-14-2024 09:31 AM

Thanks Ghising

But the question still here: how can I convince my sysadmin to enter his password in my FortiPAM if he knows that I (as FortiPAM administrator) can see his password if I want?

AEK
AEK
386
basem85
New Contributor II
In response to AEK

Created on ‎11-10-2024 12:32 PM

Hello

I also searching for the same question, there is missing concept here, admin or SuperAdmin should not be able to see the password in secrete, it's supposed just in one case Glass breaking mode.

 

I did not find any related article talks about this issue

74
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.