Unit Password Management for Elevated Accounts

Managing passwords, encryption keys, and other elevated credentials is an important component of elevated account management. Passwordstate is an on-premise, web-based solution for enterprise password management that allows teams of people to access and share sensitive password resources. It is typically used for managing elevated and administrative passwords, as well as passwords for smaller proprietary systems, such as research databases.


  • Allows for centralized, secure storage of passwords and SSH keys, with support for many different applications, server platforms, and services.
  • Supports role-based access control features to restrict and grant access to passwords by defined groups.
  • Provides the ability to automatically randomize, manage, and change vault passwords.
  • Supports Duo two-factor authentication.

ITS IAM is now offering access to the Enterprise version of Passwordstate for U-M units in two ways:

  • U-M campus units may use the Enterprise version instead of setting up their own instances of Passwordstate. Passwordstate as a service automates elevated account and credential discovery, onboarding, access control, centralized protection and storage, rotation, alerting, reporting, and oversight of all the credentials across the university that provide elevated access rights.
  • Licensed Passwordstate for password management within U-M units. Use of U-M's Passwordstate license is intended for unit and research project implementations; it is not available to individuals other than through their units.
    • Implementation requires, at a minimum:
      • A Microsoft SQL server
      • A server running Internet Information Services (IIS)
      • Ongoing administration of those servers

Attention Michigan Medicine Units: Michigan Medicine units should not implement Passwordstate. Please contact Health Information Technology & Services (HITS) for information about appropriate password management for Michigan Medicine units.

Passwordstate Setup and Support

Enterprise Setup

If you are interested in access to the Enterprise version of Passwordstate or would like additional information, please complete and submit the ITS Passwordstate Request form, and someone from the IAM-Privileged Access Management team will contact you.
Refer to Getting Started with Passwordstate for an overview of the Passwordstate application and instructions for using the Enterprise version of Passwordstate. 

Unit-Managed Setup

The Passwordstate software is available directly from the Click Studios website. It is licensed only for U-M unit and research use. The license is available in a U-M Dropbox Passwordstate folder (U-M login required). Documentation regarding installation at U-M is also available in that folder.


For technical questions, open a TeamDynamix ticket and assign it to the ITS-PrivilegedAccessManagement responsible group, or call the ITS Service Center at 4-HELP.

Documentation for Passwordstate is available from the vendor, Click Studios:

Refer to Access, Authorization, and Authentication Management for applicable policies.