Chat now with support

Live-Hilfe anfordern
Registrierung abschließen

Anmelden

Preisinformationen anfragen

Vertrieb kontaktieren

Password Manager 5.13.2 - Administration Guide (AD LDS Edition)

Inhaltsnavigation

About Password Manager

Password Manager overview

Getting Started

Different sites for Different roles Password Manager for AD LDS Components Licensing

Installing the License Updating the license Telephone Verification feature license

Checklist: Installing Password Manager Installing Password Manager for AD LDS

Configuring Password Manager Service Account and Application Pool Identity Enabling HTTPS Installing Password Manager Extending AD LDS Schema Initializing instance Installing Legacy Self-Service, Password Manager Self-Service, and Helpdesk Sites on a Standalone Server FailSafe support in Password Manager Installing multiple instances of Password Manager

Specifying Custom Certificates for Authentication and Traffic Encryption Between Password Manager Service and Web Sites

Step 1: Obtain and install custom certificates from a trusted Windows-based Certification Authority Step 2: Providing certificate issued for server computer to Password Manager service Step 3: Providing certificate issued for client computers to Self-Service and Helpdesk Sites

Password Manager Architecture

Password Manager Components and Third-Party Solutions

The Password Manager Service and the Administration Site Self-Service Site Helpdesk Site TeleSign SQL Server Database and SQL Server Reporting Services One Identity Quick Connect Sync Engine Defender Password Manager Secure Token Server RADIUS Two-Factor Authentication Redistributable Secret Management Service Location sensitive authentication Working with Power BI templates Password Manager Credential Checker

Typical Deployment Scenarios

Simple Deployment Deployment of the Legacy Self-Service, Password Manager Self-Service and Helpdesk Sites on Standalone Servers Realm deployment Multiple Realm Deployment

Password Manager in a perimeter network

Installing Password Manager in Perimeter Network with Reverse Proxy

Management Policy Overview

Management Policy components Management Policy and other Password Manager settings

Password Policy Overview reCAPTCHA Overview

How it works How to Use reCAPTCHA on Password Manager Sites System Requirements for Using reCAPTCHA References

User Enrollment Process Overview Questions and Answers Policy Overview

Q&A Policy and Authentication Q&A Policy and User Enforcement

Data Replication

Storing Data Replicating data Changing replication settings

Phone-Based Authentication Service Overview

How It Works How to use phone-based authentication System requirements

Configuring Management Policy

Configuring Permissions for Access Account Connecting to AD LDS Instance Changing Access Account Removing Connection to AD LDS Instance Adding Secret Questions Editing and Deleting secret questions

Management Policies

Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Legacy Self-Service Site and Password Manager Self-Service Site Configuring Access to the Helpdesk Site

Changing Access Account Removing Connection to AD LDS Instance

Configuring Questions and Answers Policy

Creating Secret Questions Editing and Deleting secret questions Configuring Q&A Profile Settings

Workflow overview

Workflow structure Workflow states Workflow settings

Custom workflows

Importing and exporting workflows

Custom Activities

Custom Activity Settings Creating custom activities Importing and exporting custom activities Removing Custom Activities

Legacy Self-Service or Password Manager Self-Service Site workflows

Configuring country code drop-down menu

Manage My Profile Forgot My Password Manage My Passwords Unlock My Account My Notifications I Have a Passcode Overview of Built-in Legacy Self-Service and Password Manager Self-Service Site Activities

Authentication Activities

Display CAPTCHA Display reCAPTCHA Authentication methods Authenticate with Password Authenticate with Q&A Profile (Random Questions) Authenticate with Q&A Profile (Specific Questions) Authenticate with Q&A Profile (User-selected questions) Authenticate with Defender Authenticate with external provider Authenticate with RADIUS Two-Factor Authentication Authenticate via Phone Authenticate with Passcode

Action Activities

Edit Q&A Profile Reset Password in AD LDS Change Password in AD LDS Reset Password in AD LDS and Connected Systems Change Password in AD LDS and Connected Systems Unlock Account Enable Account Force User to Change Password at Next Logon Subscribe to Notifications Lock Q&A Profile Display User Agreement Restart Workflow if Error Occurs

Notification Activities

Customizing Notifications Email User if Workflow Succeeds Email User if Workflow Fails Email Administrator if Workflow Succeeds Email Administrator if Workflow Fails

Helpdesk Workflows

Verify User Identity Assign Passcode Reset Password Unlock Account Unlock Profile Enforce Update of Profile Overview of Built-in Helpdesk Activities

Authentication Activities

Authentication methods Authenticate with Q&A Profile Authenticate via Phone Authenticate with Defender Authenticate with RADIUS Two-Factor Authentication

Action Activities

Reset Password in AD LDS Reset Password in AD LDS and Connected Systems Unlock Account Enable Account Force User to Change Password at Next Logon Assign Passcode Unlock a Q&A Profile Enforce Update of Q&A Profile Restart Workflow if Error Occurs

Notification Activities

Customizing Notifications Email User if Workflow Succeeds Email User if Workflow Fails Email Administrator if Workflow Succeeds Email Administrator if Workflow Fails

User Enforcement Rules

Invite Users to Create/Update Profiles Remind Users to Create/Update Profiles Remind Users to Change Password

General Settings

General Settings Overview Search and Logon Options

Configuring Search Options for the Self-Service Site

Partial user search on external network Configuring Security Options

Configuring Search Options for the Helpdesk Site Configuring Security Settings

Hiding personally identifiable information for logged-in users Configuring anti-bot security settings

Configuring CAPTCHA security images Configuring reCAPTCHA security settings

Import/Export Configuration Settings

Exporting Configuration Settings Importing Configuration Settings

Outgoing Mail Servers Diagnostic Logging Scheduled Tasks

Invitation to Create/Update Profile Task Reminder to Create/Update Profile Task Reminder to Change Password Task Maximum Password Age Policy Task Update RADIUS server status User Status Statistics Task Clear Old Records from Reporting Database

Web Interface Customization Instance Reinitialization

Modifying Service Connection Settings Modifying Advanced Settings

Realm Instances AD LDS Instance Connections

Using Connections to AD LDS Instances Specifying Access Account for AD LDS Instance Connections Changing Access Account for AD LDS Instance Connections Removing Connection to AD LDS Instance

Extensibility Features

Extensibility Features Overview

RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications

Password Manager Secure Token Server Configuring Password Manager Secure Token Server

Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account

Redistributable Secret Management Service supported platforms Customizing Redistributable Secret Management log path

Email templates

Upgrading Password Manager

In-place upgrade from 5.8.2 or later versions to 5.13.2 Manual upgrade from 5.9.x or later versions

Password Policies

About Password Policies Creating a Password Policy Managing Password Policy Scope

Applying Password Policies Changing Policy Priority

Configuring Password Policy Rules

Password Compliance Password Age Rule Length Rule Complexity Rule Required Characters Rule Disallowed Characters Rule Sequence Rule User Properties Rule Symmetry Rule Custom Rule

Deleting a Password Policy

Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting

Reporting and User Action History Overview

Setting Up Reporting Environment Using Reports User Action History Managing Connections to SQL Server and Report Server

Best Practices for Configuring Reporting Services

Reporting Services Default Configuration Reporting Services Firewall Issues

Accounts Used in Password Manager for AD LDS

The Password Manager Service Account Application Pool Identity Access Account for Application Directory Partition Connection Account for Using One Identity Quick Connect

Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview

Customization of Steps in Legacy Self-Service Site, Password Manager Self-Service Site, and Helpdesk Tasks Email Notification Customization User Agreement Customization Account Search Options Customization Web Interface Customization Customization of Password Policies List Customization of Password Strength Meter

Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Enable Account

Management Policies > Helpdesk Workflows > Overview of Built-in Helpdesk Activities > Enable Account

Use this activity to enable users’ disabled accounts. You can use the activity in different workflows. It is recommended to place this activity after authentication activities in a workflow.

For example, to enable users with disabled accounts to reset passwords and enable their accounts, you can use the Enable Account activity in the Forgot My Password workflow:

Authenticate user with Q&A profile.
Enable account.
Reset password in AD LDS.
Restart workflow if error occurs.
Email user if workflow succeeds.
Email user if workflow fails.

Force User to Change Password at Next Logon

Management Policies > Helpdesk Workflows > Overview of Built-in Helpdesk Activities > Force User to Change Password at Next Logon

Use this activity when users want to change their passwords during the next logon.

For example, you can use this activity in the Reset Password workflow and can force users to change passwords at the next logon once the password has been reset by a helpdesk operator.

To allow users to change password at the next logon, the helpdesk operator must select Helpdesk operators can choose whether to force users to change password at next logon check box available in the Force user to change password at next logon activity.

It is recommended to place this activity after the Reset Password in AD LDS activity in a workflow.

Assign Passcode

Management Policies > Helpdesk Workflows > Overview of Built-in Helpdesk Activities > Assign Passcode

This activity is a core activity of the Assign Passcode workflow. It allows helpdesk operators to assign a passcode to the user who has forgotten password and is not yet registered with Password Manager or has forgotten answers to secret questions. This activity has the following settings:

Passcode length: Specify how many characters a passcode must contain.
Passcode lifetime: Specify how long a passcode issued by helpdesk operators is valid.

Unlock a Q&A Profile

Management Policies > Helpdesk Workflows > Overview of Built-in Helpdesk Activities > Unlock a Q&A Profile

This activity is a core activity of the Unlock Q&A Profile workflow. It allows helpdesk operators to unlock users’ Q&A profiles using the Helpdesk Site.

You do not need to configure any settings for this activity.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz Cookie Preference Center