Password Custom Fields and Storing Passwords for Customers
Configuration of Password Custom Fields
A Custom Field can be created under the Configuration > Custom Objects > Custom Tables screen for password storage.
In order to be link to the customer tab, the "Linked Entity" for the table will need to be set as "Area".
Under the Field List you can assign the custom fields for each section of the password storage table. Below is the recommended set of fields, stating the type of password, associated user and the password itself:
It is important to create the password field with the "Input Type" set as Password (as below). This will encrypt the data and also audit any access to the password.
You can also amend the Visibility Restrictions, so the password field will only appear for selected customers.
The last step is to create a new Custom Field and link the Custom Table to the Custom Field. Go to Custom Fields as shown below and ensure the "Entity" is set to Customer then click New.
When creating the new Custom Field ensure that you select the "Type of Field" as Table and teh "Link to Table" is the Custom Table we created previously.
This is what is used for the customer password storage tab (shown below), where a custom table has been created with the fields outlined above. This table can be edited through the client screen to assign and store passwords for specific users. Stored passwords are hidden by default, but can be viewed by selecting the eye icon next to the password.
Technical Specification of password storage
Custom fields that are setup as Password type are stored in the database with AES 256-bit encryption.
Each password has a separate unique key.
Each key is encrypted with an X.509 certificate.
The certificates are stored separately to the database.
Decrypted passwords are never saved into the database or any logging.
Connections to HaloPSA are only able to be made using SSL encryption.
On-premise (not hosted by Halo) customers can specify the thumbprint of their own certificate.