Have you looked at some of the IaaS services? OneLogin I know, for example, lets users define their own sites (e.g. the bank) and OneLogin will vault the credential and let them login to a single panel with their corp cred. Azure AD has that too.
Thanks, Brian Desmond [email protected] w - 312.625.1438 | c - 312.731.3132 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dave Lum Sent: Tuesday, May 27, 2014 4:07 PM To: [email protected] Subject: RE: [NTSysADM] KeePass to all users? The short answer to Bob's email is just end user passwords. The HR was an example I just threw out there but it doesn't really apply to me. In my specific case I have two users that handle accounting functions that need to log into a Wells Fargo bank website, and all users login into a LOB app that is AD-unaware. While I have no idea what credentials/passwords they use (other than it's not LDAP), I would like to suggest a tool to help them be less inclined to use the same password across the board. Many of these folks are open to ideas like this, and I was mainly wondering if anyone had tried to roll this out to non-IT folks. IT teams have no problems all using KeePass or Secret Server and the like, it's the non-IT folks I'd like to drive towards the same thing. Dave > Aside from Bob's excellent input, the quoted use case in the original > message is what concerns me. What is causing the HR department have a > pile of disjointed passwords rather than a single corporate credential? > > Thanks, > Brian Desmond > [email protected] > > w - 312.625.1438 | c - 312.731.3132 > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Free, Bob > Sent: Tuesday, May 27, 2014 11:51 AM > To: [email protected] > Subject: RE: [NTSysADM] KeePass to all users? > > What is your overall goal? Just end user passwords or a more > comprehensive solution? > > If the latter, look up privileged account management or privileged > identity management. A LOT can be done in that space if you have the > wherewithal. > > We are deploying a comprehensive solution for PAM and have a password > vault solution for end users available for them to install from SCCM RAP. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of I.T. Garage > Sent: Tuesday, May 27, 2014 9:01 AM > To: [email protected] > Subject: [NTSysADM] KeePass to all users? > > Have any of you deployed a password management tool to every user in > your environment? Or perhaps specific departments? While I wouldn't > expect 100% usage to everyone that had it, I'm thinking it might be worth the > effort. > Something like: > > "You're in HR and have access to confidential data, please use KeePass > if you need to keep track of multiple password for apps and websites..."? > > Thoughts, comments? > > Dave > > > > > > PG&E is committed to protecting our customers' privacy. > To learn more, please visit > http://www.pge.com/about/company/privacy/customer/ > > > > >
