(KeePass & Mobile clients)

Offline Mode allows Pleasant Password Server users to cache passwords locally so that they can access credentials when disconnected from the server.

This feature can be enabled selectively by administrators, and is possible in:

  • Keepass Client
  • Mobile (v2.7.0+)

Notes:

  • Read-Only: No changes made to credentials or groups are synced back to the server.  If a user makes changes to any entries/groups or adds new items, these changes will be lost upon reconnecting to the server.
  • Create a Cache in advance! If a user wants to access their credentials offline they will need to create this cache before going offline from the server.

1) Password Server

First, users will need to have permissions to store their credentials offline.

View Entry Offline

Offline Syncing is restricted by the “View Entry Offline” permission in the Access Levels. If a user has an Access Level with this permisson, the user is able to sync the credential offline. If they do not have access to a credential with this persmission, they then will not be able to cache and view the Entry offline.

Audit Log Records

During an offline sync, an Audit Log record is made for each password that is being cached. A password that has been accessed with Offline Mode by a user has been saved on that user's computer.

2) KeePass

Next, users will see a “Disconnect/Cache...” button in KeePass allowing to disconnect offline.

Caching Passwords

Pressing this button, will cause passwords to be cached locally. The status will show as Working Offline and will allow the user to click a Connect... button.

Included in the Cache

  • All passwords that the user has access to, having the View Entry Offline permission
  • Except any passwords with time limited access

Offline Mode

While the user is in offline mode, the user (nor any other registered user), cannot login into the network via the user's KeePass Client, until it is taken back to online mode.

2FA Requirements

2FA Requirements are not applied when authenticating in Offline Mode. So, it is important that other security precautions are in place with this cached file.

3) Opening in Offline Mode

Work Offline

A KeePass user will be shown Work Offline option button at the login prompt (v7.7.2+). This only happens if they have credentials permitted for Offline use (see above for details).

No Connection at Login

If no connection to the server is found at login, the application will attempt to use a previous cache.

Server Connection Lost

If connection to the server is lost, Keepass for Pleasant Password Server can also automatically switch to offline mode. In this case Keepass will try to load a previously saved cache. 

Attempting to disconnect and cache passwords with no connection to the server will try to use a previously saved cache.  If there is no cache available then nothing can be cached and no credentials are available, the user will need to reconnect to the server to view credentials.

Opening a Cache File

A cache file is fully encrypted and can only be opened indirectly, by logging in using a KeePass for Pleasant client.

Cache Password

The master password for the cache is the user's password. Cached credentials are stored in the KDBX file format which is the encrypted database format for KeePass.

User Password Changes

If the user changes their password then their cache will not open automatically. If they still need access to the cache they can import the file and use their old password as the master password. 

4) Setting Cache Expiry / Clearing the Cache

Cache Expiry

(v7.7.1+ KeePass & Server)

By default the cache does not expire. This can be changed in the Client Configuration by setting the Default Rule to Expire Cache After a set number of days.

Clearing The Cache

The cache can be cleared using the “Clear offline cache…” button in the “Password Server” dropdown menu.

Tag page
You must login to post a comment.