Enterprise workflow

When using KeyPass in the enterprise, there will typically be an administrator that updates a central database, and a number of users who make use of it (but cannot modify it).

The administrator first installs KeyPass on his local machine, creates a master database and adds one or more read-only passwords to the database. He then makes the master database available over a normal network share by copying KEYPASS.DAT to a file server.

The user installs KeyPass on his machine and creates a local copy of the central database by copying KEYPASS.DAT from the network share to the local installation folder. He logs in to KeyPass using one of the read-only passwords assigned by the administrator. He can then make use of his copy of the database and even change some personal settings (eg. hotkey, browsers/applications etc.), but he will not be able to modify any of the database entries.

The local database can be automatically synchronized with the central database by specifying the location of the network share in preferences When the administrator updates the central database on his local machine, he should copy KEYPASS.DAT over to the file server again. When KeyPass (running on the user's machine) detects that the timestamp of the central database has changed, it will replace the local copy with the new content, but the user's local settings will be preserved.

It is also possible for the administrator to prevent certain users from accessing parts of the central database by using security tags. Basically, this involves assigning matching tags to both read-only passwords and database entries so that only those passwords with the relevant tags can access those entries. For more information, see Security tags.

When using KeyPass in the enterprise configuration, the administrator and each user will require the Enterprise Edition of KeyPass. This is because only the Enterprise Edition supports read-only passwords and security tags.