In the new version of Passwork, we have completely redesigned the System settings. They are now divided into three sections:
- Global — organization settings that determine the operations of most of the Passwork functions
- Default — the values of the settings that will be used if no other custom settings are specified
- Custom — settings that can be set for individual users and roles
Now you can set up different interface languages, configure authorization methods, and enable mandatory two-factor authentication for individual users and roles.
To do this, click "Create a new settings group" in Сustom settings, add users or roles and select your desired settings. The newly created group will be added to the top of the list and will get the highest priority.
The following settings are now available:
- Ability to create organization vaults and private vaults
- Ability to create links to passwords
- Mandatory 2FA
- Time of automatic logout when inactive
- Authorization method (by local password, LDAP password or SSO)
- API usage
- Interface language
We're already working to add new settings.
Custom settings are only available with the advanced license. To get access to the new features — update your Passwork to version 5.2.
Version 5.1.11 with updated design of the import/export windows makes it possible to import data from KeePass in the .XML format, that enables you to keep the original structure of vaults and folders.
- fixed bugs with auto-logout when inactive
- changed API session ID generation method to a more secure one
- fixed syslog entry
- minor improvements to the php_saml library
- browser extension 1.3.6 version support (with localstorage encryption feature, fixes for CVE-2022-42955, CVE-2022-42956)
The new Passwork 2FA mobile app allows you to confirm your Passwork login in just ‘one click’ without having to enter a TOTP code.
In addition, you can add any accounts with two-factor authentication to Passwork 2FA – the app completely replaces Google Authenticator and similar solutions.
The 2FA setup page has been completely redesigned – now users can set up two-factor authentication and download the their necessary app easier and faster.
Running tasks in the background
A new mechanism for handling tasks allows you to run them in the background. For example, you can run an LDAP synchronization task and still work in Passwork. Your synchronization task will run in the background.
You can see scheduled and completed tasks on the “Tasks” page. Here you can also find the configuration instructions for your operating system.
Display a favicon in the password list
The Passwork interface has become even more user friendly and convenient. If a password has a URL, a website icon will be displayed next to its name.
Automatic favicon loading can be set up by administrators on the “Company settings” page. In this case background tasks should be set up.
- automatic session termination in the mobile app and Passwork extension when API key is changed
- removed white background in the dark theme when loading pages
- fixed bug displaying the results of an outdated search query
- improved validation of TOTP keys
- fixed empty messages in Syslog
- added login validation with UTF-8 encoding
- added automatic LDAP host swap :\\ → ://
- fixed errors in LDAP code related to the migration to PHP 8
- redesigned login and registration forms
- switching to PHP 8
- new access rights management window
- failed login attempts are now displayed in the Activity log section
- optimized workability with a large number of users
- granting access to separate passwords without adding users to a vault
- adding TOTP-keys and then generating 2FA-codes
- quick view of granted accesses to vaults and folders
- enabling priority SSO authentication
- test mode for mapping LDAP groups with Passwork roles
- saving LDAP logs to a CSV file
- updating user attributes during synchronization with the LDAP directory
Mobile App Update:
- Passwork version 5 supports
- copying passwords on long press
- new home screen view with sorted by vault type
- inbox passwords
- improved search mechanism
- debug mode
Read more about update – blog.passwork.pro/passwork-5
- automatic user creation when a group is added to AD
- automatic user deactivation when users are removed from AD groups
- names and emails are now loaded from AD
- an additional way of user authorization through a service account was added, it's an alternative to using a mask
- automatic user confirmation after registration in LDAP and SSO
We are pleased to introduce a new mobile app for the self-hosted version of Passwork with the following features:
- Access to all your passwords
- Adding and editing passwords
- Search by title, url, colors and tags
- Flexible password generator
- Biometrics based login to the app
To install the mobile app, select "Mobile application" from the "Settings and users" menu.
- Security patches (CVE-2022-25266, CVE-2022-25267, CVE-2022-25268, CVE-2022-25269, prepared with help of Positive Technologies)
- Enhanced CSRF-token (lifetime can be set in the settings page)
- Optional base64 encoding of HTTP responses
Update your Passwork to the latest version to get all security patches and support for the mobile app.