Quickstart Guide
Quickstart - product presentation
WALLIX Entreprise Vault
Safeguarding user logins and passwords is a critical aspect for businesses, as it addresses challenges associated with security risks and data protection.
Organizations prioritize countering these risks through encryption, access controls, and authentication mechanisms. WALLIX Enterprise Vault centralizes business passwords and sensitive identity data. This solution strengthens security through encrypted storage, reinforcing credential protection and optimizing the user experience.
By fortifying a secure data environment, WALLIX Enterprise Vault enhances collaboration within teams while safeguarding against potential threats. In essence, the platform serves as a comprehensive solution to the multifaceted challenges of credential management.
It is a cloud-based business tool, which means that the data is stored encrypted on a database accessible from anywhere and under the control of administrators.
Features and capabilities
There are 2 populations which interact with the product.
End-User (quickstart guide)
- Zero-Knowledge encryption
- Encrypted data storage in a cloudbased environment
- Authentication with single or multifactor authentication
- Unlimited storage of items: identities, credit card information, notes, and attachments
- Secure credential sharing with users across your organization
- Direct encrypted sharing of text and files by email with non-vault users
- Password Generator
- Ability to change master-password
- Vault Health Reports
Administrator (quickstart guide)
- Account Lifecycle Management through Trustelem
- Entreprise Vault security policies
- Users’ master password recovery
- Event and audit logs
Technical Specifications
Four levels of encryption: User - Shared Vault – Items - Recovery
Application Range: Browser plug-in, Mobile Application, and Web Application
Available reports: Exposed Passwords, Password Reuse, Weak Passwords, Unsecured Websites, and Inactive Two-Step Login
Authentication methods: WALLIX IDaaS, Active Directory, LDAP
Silent Authentication: Kerberos / X509 authentication
Multi-Factor Authentication Methods (MFA): WALLIX Authenticator, TOTP, SMS/ Email OTP, Security Key U2F / FIDO
Native Integration of Directories: Active Directory, LDAP, Azure AD, G Suite Directory
Traceability: Complete logging and audit of access and authorizations
Extension: API and script publication to connect the platform to client environments
Quickstart guide for administrators
When the subscription is created, administrators must perform the initial configuration.
Users and accesses are defined via Trustelem, while the Entreprise Vault is managed via a dedicated application.
After that, the work mainly concerns the user lifecycle management: creating or deleting users, unblocking those who need help and finally checking product status and logs.
Trustelem management
Initial setup
The first step when a customer acquires Enterprise Vault is to configure Trustelem. The goal is to define which users will have access to Entreprise Vault and how. These actions are performed by Trustelem administrators.
There are therefore 4 main steps in the setup.
- Add users, created locally or synchronized from directories
- Add Enterprise Vault apps (user + admin)
- Define access rules
- Optionally, define the usable 2nd factors, as well as the enrollment methods
Note: Trustelem administration page should always be secured using multi-factor authentication. To do so you need to enroll a 2nd factor for the admin accounts, then enable multi-factor using the option "Authentication level for Trustelem admin console" on Security settings > General.
Subscription management
When the initial setup is done, Trustelem administration page is still usefull for:
- Managing changes in the setup (new users, new 2nd factors, new enrolment process...)
- Managing user password lost
- Managing advanced features (silent authentication, self-service password reset, siem integration, API automations...)
More information about Trustelem are available here: https://trustelem-doc.wallix.com/books/trustelem-administration - Auditing the authentication
Entreprise Vault setup
In this quickstart guide, a limited action number is presented. To see all the administrators tasks, you can use this link:
https://vault-doc.wallix.com/books/entreprise-vault-administration
Entreprise Vault administration access
To access Entreprise Vault administration page, a Trustelem user must have access to the Entreprise Vault administration application.
By default, the subscription administrator is in the group "Entreprise Vault Admin" which has the access to this app.
To add new Entreprise Vault administrators, the users must be affected to this group.
Entreprise Vault administration page
As mentioned in the previous point, the Entreprise Vault administration is done through an application. So, to access this app the administrators must use their Trustelem dashboard: https://your_domain.trustelem.com.
Manage users
As a reminder, users creation is done through Trustelem admin page and not with Entreprise Vault admin app.
On the Entreprise Vault admin app you can manage:
- The Entreprise Vault users deletion from the Entreprise Vault data base.
It will not remove users fromTrustelem
It will delete all the associated items - The obligation for users to change their master password at the next connection
- The change of user encryption keys
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-administration/page/administration-application
Manage organization policies
On the Entreprise Vault admin app you can manage the settings applying to the entire company.
You can define rules for the logs, the security, the recovery process...
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-administration/page/administration-application
Audit the vault
On the Entreprise Vault admin app you can audit user's items, and share vault's items.
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-administration/page/administration-application
Quickstart guide for users
A user can carry out a large number of Enterprise Vault-related actions. Only the most important are listed in this page.
The full list can be found here: https://vault-doc.wallix.com/books/entreprise-vault-usage
Account creation
The user journey begins when their account is created on Trustelem.
- If they are created localy, they will receive an enrolment link to define their password
- If they are synchronized from a directory, the administrators will communicate about the account creation
Then users can access to the Entreprise Vault application using the url: https://vault-your_domain.trustelem.com
First they need to authenticate using Trustelem credentials (Trustelem password or directory password).
Then they can define or provide their master-password, depending on whether it already exists or not. This password will be used for the data encryption.
More information about the account creation and the account management are presented here: https://vault-doc.wallix.com/books/entreprise-vault-usage/chapter/account-management
Entreprise Vault home screen
When users log in to WALLIX Enterprise Vault using https://vault-your_domain.trustelem.com, their home screen will display all items in their vaults.
Each user has a Personal Vault which is private.
But users can also create or be invited to access items in one or more Shared Vaults.
The different vaults include items which can be:
- Identities (firstname, lastname, phone number, address...)
- Logins (identifier, password and TOTP for single or multi factor authentication)
- Credit cards
- Secure Notes
This items can be organized using folders in personal vault, and collections in shared vaults.
This home screen also contains a Filters menu by which users can find specific items using:
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/page/search-an-item#bkmrk-search
After the first authentication on the web page, user are able to choose to use a browser plugin or a mobile app, in addition to the website.
Create Item
An Item can be an Identity (firstname, lastname...), a login (identifier, password, TOTP), a credit card or a note.
It can be created on a personal vault, or in a shared vault.
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/page/create-item
Create Folder
A folder is used to organize personal vault items.
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/page/create-folder
Use a Shared Vault
It is possible to access items in a vault shared with you, or create a new shared vault to share items with other.
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/chapter/manage-shared-vaults
Send data to non-vault user
The "Send" option is used to share data with users who are not in the vault. It generates a link sent by email.
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/page/create-send
Password generator
If you want to generate a new and secured password, then Entreprise Vault can do that for you.
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/page/username-or-password-generator
Reset Master Password
If you lost your master password, you can ask for a reset.
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/page/reset-master-password
Change the settings
Additional settings can be found in the product (customize the tools, change the language, get security reports...).
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/chapter/avanced-options
Install Browser Extension and mobile application
In addition to the website, you can choose to use a browser plugin, or a mobile application.
More information are available here: https://vault-doc.wallix.com/books/entreprise-vault-usage/chapter/manage-browser-plugins-and-mobile-apps