miketheautomater

The Administration > Password Folders area is unusable with 250K folders in the system. Trying to move between pages of 25 records takes 18 seconds per page to load.

When Folder load on demand is enabled (we are a MSP with ~40K customer folders) we cannot use deep links to a Folder or Password List because the folder tree does not expand to show the current folder / all password lists under that folder. This is important for us as a large MSP as we have a need to have our various ITSM tools deep link to a customer's folder or to a specific customer password list in PasswordState. Deep linking to the password list does not show the customer's folder name if every password list was named the same across customers. Expanding the folder tree on the left, or putting a folder navigation breadcrumb link on the password list part of the page would be helpful.

Please add the ability to create custom reports. Here are some examples of reports that would be useful to a MSP: Show all user password actions for all passwords in a folder and its subfolders across all password lists Show a list of all password names, Password ID, password list/type, last password change date, password expiration date, tree path, create date, who created it, is TOTP enabled, password complexity requirements / compliance, etc. Show all passwords created under a specific password list template (every password list for all customers / all folders) - group by password list template so it shows password count per template How many users logged in today or over X days or how many users logged in each week (over X weeks)

Folders can only be created via the system wide API key, same goes for adding Password Lists from a Template to the folder. We need a way via API to add folders, add password lists from template, add/modify/remove password list permissions and have the API user NOT be able to read/change any passwords in existing password lists. We tried the Windows Integrated Auth API, unfortunately to be able to see if the folder already had a password list required us to give that API user View permissions on the Password List Template or Password List which also allows them to view any password records in that list. As a large organization, we try our best to follow the least privilege model including API users.

Please add API methods: Edit any user setting that the UI allows Disable/enable the user account This is important to us as we have 800 SAML user accounts that are created via API by an in house user provisioning tool. Existing users on occasion need their surname or email address changed, and terminated employees also need to be disabled. There are currently no API methods in PasswordState for this.

Can Password strength policies be changed to require a minimum of let's say three from this list of four types? lowercase Uppercase Number Symbol We often have to save generated API keys from customer systems that might be very long/complex but they have a mix of lower/upper/number and not a symbol, or symbols and no numbers. In this scenario, ideally we want minimum of: 1 lowercase character 1 uppercase character 1 number or symbol Minimum length: 8

Please add TOTP secret key change history to Passwords. Please add audit logging for when the TOTP secret key is revealed/viewed/copied (just like passwords are) This is important because in a system with 700+ users, if someone accidentally edits the TOTP secret key or removes it, there is no way to recover it and you might be permanently locked out of an account, if that account does not have any other 2FA methods configured. Some enterprise systems like Microsoft Entra do not issue TOTP one-time account recovery codes. When users share passwords that have TOTP enabled on them, the TOTP secret key could be copied to a different authenticator app. Since the TOTP secret key is sensitive it should be treated like a password from an auditing and who knows it perspective.