/
CPMS - Usage Guide

CPMS - Usage Guide

Owned by Jibin John
Last updated: May 21, 2024 by Jibin John
9 min read

First time logging In

  1. To log into CPMS navigate to cpms.smartt.com.

  2. Click on “Forgot your password”. If your account has already been created, you can enter your email here. If it has not yet been created please request an account at this page: https://www.smartt.com/cs61720nDf .

  3. Go to your email and find the email from “Smartt CPMS” with the subject “Team Password Manager: Forgot your password?”. Follow the instructions from this email to reset your password.

  4. Navigate back to cpms.smartt.com and login using your email address as your username and the password you just set as your password.

  5. You will now be logged in.

Getting around

Legend

Legend

1

Click here to create a new shared password

2

Folder tree to navigate all shared projects

3

Search for passwords or shared projects here

4

Displayed shared passwords based on your current search or filter

5

Account settings

6

Private passwords

7

Logout button

Shared Project Organization Structure

You will find your password folder structure (referred to as "Projects") under the "All" header as follows

  1. Company Root Project (this will be a folder with your company name) – this is where all passwords and subproject folders will be stored. If you have a password that is unassociated with a specific service, it should be stored here.

    1. Subprojects (these will be named "Service Type – Service Name", such as "Website – website.url) – these are individual services that are being provided for you (website, colocation, etc) with at least one password associated with that service. NOTE – you can have multiple layers of subprojects

      1. Passwords – these are your saved credentials that you have access to.

Setting up the extension

The CPMS extension provides many quality of life features like auto-filling passwords, ability to search your vault, and the option to turn on “Offer to save web passwords”. More features are constantly being added.

  1. Go to https://teampasswordmanager.com/docs/chrome-extension/#install

  2. Follow the instructions on this page to download the extension for the browser of your choice (Chrome, Edge, and Firefox are the only available options currently) and connect it to the password manager.

  3. (Optional) You can also configure the settings for the extension using the instructions on the webpage.

Accessing a password

Once you have found the credential you need access to, you can access the password in the following ways:

  1. Click on the "Show" button beside the password – this will show the password on the screen so you can type the password elsewhere.

  2. Click on the yellow and white button

    beside "Show" – this will copy the password to your clipboard so you can paste it into another program.

Creating a password

You can store a password yourself with the following process:
NOTE – Only the Name is required – all other fields can be left blank.

  1. Click on blue "New Password" button on top left of screen.

  2. On the New Password screen, select the project/subproject name to create the password under (the projects you have access to add passwords to will be selectable and in blue text)

  3. On the next screen, you have the opportunity to fill in the following information

    1. Name – this is the name of the credential you are creating

      1. Example – "website.url – Google Analytics login"

    2. Access – this is the location or description of what you are accessing

      1. Example – "https://this.is.a.website/login_page"

    3. Username

    4. E-mail – if you have a specific e-mail address associated with this credential (such as what e-mail address an external account uses to send password reset requests), enter it here

    5. Password and Repeat Password – you can click Show to visually verify that you have entered the password correctly.

    6. Expiry Date – if the password is set to expire, you can set this here (not required)

    7. Notes – if you have any specific notes to add (such as where to navigate after logging in), feel free to add them here.

  4. Click Save.

Editing Custom Fields

NOTE: This feature in not yet available for use on private secrets (secrets that can only be seen by you)

  1. Navigate to the entry for the credentials you would like to edit

  2. Click the arrow next to the edit button and then click “Custom Fields”

     

  3. Add labels for custom fields and select their types.

Adding MFA to a secret

NOTE: This feature in not yet available for use on private secrets

  1. Add a custom field labelled “TOTP” with the type “One Time Password”. Click save.

     

  2. Click the edit button.

  3. In the “TOTP” custom field add the secret key for the MFA you are trying to add.

    1. If the secret’s MFA is presented as a QR code you can often click something like “cannot scan this QR code” and a secret key will be displayed instead which you can copy and paste in.

    2. If there is no option to display a secret key instead of a QR code, follow these instructions:

      1. Take a screenshot of the QR code.

      2. Go to a barcode scanning website (eg. https://online-barcode-reader.inliteresearch.com/ )

      3. Upload the screenshot of the QR code.

      4. The website will output a link which will contain a section that looks like this:
        secret=XXXXXXXXXX&issuer=Microsoft

      5. The section with the X’s is where the secret key is located. Copy this into the TOTP section of the CPMS secret.

Other Password Options

While you are viewing a password, you will see some additional options that you may find useful.

Feature Buttons

These feature buttons may be visible to you while viewing a password (depending on your access rights):

  1. Edit – You can change any aspect of the password

  2. Notes – You can edit the custom notes here.

  3. Upload File – If you have a file (screenshot, text file, etc) that you want to associate to this password, you can upload it here.

  4. Duplicate – this creates a duplicate of the credential in the current project (in case you want to create multiple credentials that all access the same website, for example)

  5. Copy – This will create an exact copy in a different project (you need to have the appropriate access to the project that you are copying to)

External Sharing

If you want to grant access to a specific password to a stakeholder who is outside of CPMS (for example, you want to send a password to a vendor and do not need them to have permanent access), External Sharing will provide a custom URL that they can use to access the password. This URL is time sensitive, and will expire after a set time. It is also password protected with its own specific password, which would need to be sent to the third party for them to open the link.
If External Sharing has been enabled on this password (you will need to contact Smartt support to enable this), you can view the details (URL, expiration, and password) so you can send this to stakeholders.

Viewing Security

  1. If you click on the "Security" tab (beside "Data" above the password information), you can view a list of all personnel with access to your password, and what permissions they have been given:

    1. Name – name of person

    2. Role – You will see one of two roles

      1. Admin – this is a full admin of the CPMS system, and is a member of Smartt

      2. Normal User – this is everyone else

    3. Permission – this is the permission granted to that user (Read, Change, or Manage)

    4. Granted Via – this is an explanation of how that permission is granted

      1. Example: "Project: Group: Smartt CSG" means that the Smartt CSG group has been given this access via the entire project/subproject.

Log

If you click on the "Log" tab, you can see a history of who has accessed this password (viewing details, showing the password, etc).

Two Factor Authentication

Using Two-factor (or Two-step) Authentication in Team Password Manager will increase the security of your account because it requires you to enter an additional one-time passcode known only by you.
Google Authenticator
Team Password Manager uses Google Authenticator for Two-factor authentication, so the first step is to install this app in your smartphone if it's not already installed.
Here are the links for the Google Authenticator app for iOS and Android devices:

Enabling two-factor authentication
After installing Google Authenticator, follow these steps to enable two-factor authentication in Team Password Manager:

  1. Sign in into Team Password Manager using your credentials (username + password).

  2. Click on "My Account" on the top menu. ('Your Name' on the top right corner)

  3. Click the button called "Enable Two-Factor Authentication" below your name. If you don't see this button, it means that the Administrator user has disabled two-factor authentication for this installation and you won't be able to use it.

You will see the following screen (the QR code and Secret Key are different every time):

  1. Enter your password for verification.

  2. On your smartphone, open Google Authenticator, tap the plus button to Add a Token, and select Time Based (should be the default):

     

  3. Scan the QR Code with your Google Authenticator device:

    Alternatively, if your device does not have a camera you can enter the Secret Key manually. In this case, you should enter the following data:
    Account: TPM:email (note the ":" between TPM and your email) Key: the Secret Key code you see on the screen

     

  4. Enter the 6-digit Token that Google Authenticator generates every 30 seconds in the Generated Token field:

  5. Click on "Enable two-factor authentication".

Steps 4 and 5 should be done before the Google Authenticator token becomes red in you device. A new token is generated every 30 seconds, so if you see it red, just wait a few seconds until another one is generated. A little circle on the left top corner of the app shows this interval.

If everything is correct, two-factor authentication is now enabled for your user. The next time you sign in into Team Password Manager, after entering your username and password, you'll be prompted to enter the token that the Google Authenticator app shows on your smartphone:

Also, on the "My Account" screen you'll see a new tab called "Two-factor authentication":

This tab shows our QR code and Secret Key in case you need to re-enter it. Also, there's a button to create a new code (in case your smartphone is lost or stolen) or to disable two-factor authentication for your account.

Troubleshooting 2FA

1. When signing in, Team Password Manager won't accept the "Authentication code".

Try it again, checking that the code that the Google Authenticator app hasn't changed while you where entering it. If you've tried it many times without success, contact Smartt support.

2. I've lost my smartphone or it has been stolen.

The first thing to do is to disable two-factor authentication for your user, you can re-enable it when you have a new smartphone. To do this:

  • If you're still logged in, go to "My account" screen and click on "Disable two-factor authentication" on the "Two-factor authentication" tab.

  • If you're not logged in, you need to contact Smartt to disable two-factor authentication for your user.

3. I've deleted my configuration in the Google Authenticator app or I've deleted the app in my device. I can't sign in into Team Password Manager because I don't have a token.

You have to disable two-factor authentication for your user (contact Smartt support to disable 2FA) and then enable it again.