You've successfully installed Team Password Manager and now you're logged in as admin. This page will guide you through the process of configuring Team Password Manager and getting it ready for your team.
Here's a short list of topics that it covers:
- Adding the license
- Configuring email
- Setting up two-factor authentication
- Setting up IP blocking
- The password generator
- Importing passwords
- Creating groups and users
- Project security
- File uploads: maximum file size and uploads folder
1. Adding the license
Team Password Manager is free to use for 2 users and 5 projects, with no time limit. If you need more than this, you should get a license. You can buy one from this page: https://teampasswordmanager.com/buy/.
After buying it you'll receive an email message with the license data, which consists of an email address (the one you entered at checkout) plus a license id (Example: 2-201307258-10) and a license code (a long string of numbers and letters). To add this data to Team Password Manager, go to the "Settings" menu, choose the "Licenses" tab and click on "Add a license". If you have more than one license, do this for each one.
2. Configuring email
It's important that you properly configure Team Password Manager to send email because it's used to send password reset messages to users. We recommend that you use an SMTP server to send email with Team Password Manager. Read how to configure email in Team Password Manager.
3. Setting up two-factor authentication
Team Password Manager uses Google Authenticator for two-factor authentication, and it's enabled by default. As admin you're responsible for enabling/disabling 2FA, but each user is responsible for configuring 2FA for their account. You have two documents covering two-factor authentication in Team Password Manager: two-factor authentication document for admins which you should read, and a document that you should send to your users that will help them configure 2FA: How to enable Two-Factor Authentication for a user.
4. Setting up IP blocking
Automatic IP blocking is disabled by default in Team Password Manager. We recommend that you enable it if your installation is open to the world. Read about it here: IP Address Blocking: manual and automatic.
5. The password generator
By default, the password generator is configured to generate passwords between 8 and 12 characters, allowing uppercase and lowercase letters, digits and some symbols. Change these parameters to suit your needs. Read about it on the password generator docs page.
6. Importing passwords
Team Password Manager allows you to import passwords (creating the corresponding projects along the way) from CSV files. If your organization is already using a system to store passwords, you'll save time by importing them into Team Password Manager. Even if you don't have them organized in projects you can import all of them into a project and later organize them inside Team Password Manager. Read how to import passwords in the export/import docs page.
7. Creating groups and users
Team Password Manager lets you represent your organization inside the software with users, roles and groups. Here's what you need to know about them:
- Users: a user in Team Password Manager represents a named user, that is, a real person that needs to have acces to the software. We do not recommed that you use generic users (like 'marketing' or 'designer') because you couldn't trace who's done what and because there are groups for this. Each user can belong to a group or more. Also, each user has a role.
- Roles: a role defines what a user can do in Team Password Manager. Currently there are 4 roles:
- Admin: can do anything.
- Normal user: work with passwords and projects, but not create/delete projects.
- Project manager: like normal users and also create/delete projects.
- IT: like a project manager plus access to users/groups, log and settings.
- Only read: only read passwords on assigned projects.
- Groups: groups are used to group users so that access to project is easier to grant.
Access to passwords in Team Password Manager is granted through projects and to individual passwords directly. Access to projects/passwords is granted to individual users or to groups of users.
So, how should you proceed?
First, create all the users that need access to Team Password Manager. You'll need their email address and name. You can assign them the role that mimics their function in the organization: managers should be "Project managers" and all the others "Normal users". Use the "Only read" role for special cases (like external users), "Admin" role for users that need to control everything, and create a user with role "IT" if you need to assign someone to maintain your installation.
Create groups that represent departments in your organization, like "marketing" or "design", etc. Assign these groups to the appropriate users.
8. Project security
If you have imported some projects and passwords in step 6 or if you already have created some projects manually, do this: edit each project and:
- Assign a manager to each project.
- Assign the project security to "Set permissions on this project to individual users and/or groups", but do not set permissions to any user or group. Let the project manager do this.
9. File uploads: maximum file size and uploads folder
The maximum file size for uploaded files is defined by PHP. If you want to change it follow these instructions: Admin stuff: how to change the maximum file size.
By default, the folder where uploaded files go is located at the same level of index.php. If you want to change it to a different location, read these instructions: Admin stuff: the uploads folder.
That's all. These might seem like a lot of steps but you'll see that Team Password Manager is quite intuitive and easy to use. You can use these steps as a blueprint for getting your system up to speed. If you have any questions along the way, feel free to ask us anything!