Chatee ahora con Soporte
Chat con el soporte

Password Manager 5.14 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring Access to the Administration Site Configuring Access to the Password Manager Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Password Manager Self-Service Site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Third-party contributions Glossary

Redistributable Secret Management Service supported platforms

Redistributable Secret Management Service (rSMS) supports the platforms that are mentioned here.

Platform

Description

WindowsServer

A name for a group of server operating systems released by Microsoft.

SolarisSsh

A Unix operating system, using an SSH connection.

PanosSsh

An operating system developed by Acorn Computers, using an SSH connection.

Aixssh

A series of proprietary Unix operating systems developed by IBM, using an SSH connection.

OdbcMysql

An open-source relational database management system, using an ODBC Driver.

postgres

An open-source relational database management system (RDBMS).

vsphere

Server virtualization software

IloSsh

HP Integrated Lights-Out (iLO) is a proprietary embedded server management technology, using an SSH connection

OdbcSqlServer

A relational database management system, using an ODBC Driver.

ad

Microsoft Windows Active Directory

SonicWall

SonicWall Secure Mobile Access (SMA) is a unified secure access gateway.

Aws

Amazon Web Services (AWS), an on-demand cloud computing platform.

Acf2Tn3270

IBM's Access Control Facility (z-Series), using a TN3270 connection.

F5BigIpSsh

A load balancer and a full proxy, using an SSH connection

TopSecretTn3270

CA TopSecret is a streamlined and scalable mainframe security for IBM's zseries operating system, using a TN3270 connection.

OdbcSybase

Used to manage and analyze information in relational databases, using an ODBC Driver.

PixSsh

Cisco PIX (Private Internet eXchange) is an IP firewall, using an SSH connection.

FreeBsdSsh

FreeBSD is a free and open-source Unix-like operating system, using an SSH connection.

DracSsh

Dell Remote Access Controller (DRAC) is an out-of-band management platform, using a SSH connection.

Hpuxssh

Hewlett Packard Unix Operating systems, using a SSH connection.

Acf2Ldap

Access Control Facility, a discretionary access control software security system over LDAP authentications.

RacfLdap

Resource Access Control Facility is an IBM security system that provides access control and auditing functionality for zSeries operating systems over LDAP authentications.

SapHana

A relational database management system.

LinuxSsh

Linux Operating system, using a SSH connection.

RacfTn3270

IBM's Resource Access Control Facility (z-Series), using a TN3270 connection.

SonicSsh

SonicOS, an operating system for SonicWall network security appliances (firewalls), using a SSH connection.

TopSecretLdap

CA TopSecret is a streamlined and scalable mainframe security for IBM's zseries operating system, using a SSH connection.

MongoDb

MongoDb is a cross-platform document-oriented database program.

JunosSsh

Junos OS is the FreeBSD-based operating system used in Juniper Networks hardware routers, using an SSH connection.

SapNetweaver

SAP NetWeaver is an open application server platform.

OdbcOracle

Oracle Database is a multi-model database management system, using an ODBC driver.

As400Tn3270

IBM's Application System/400, using a TN3270 driver.

FortinetSsh

Fortinet firewall client, using an SSH connection.

Ldap

A protocol used for accessing Active Directory object, user authentication, and authorization in windows server.

MacOsSsh

Apple Mac Operating system, using a SSH connection.

Customizing Redistributable Secret Management log path

By default, the rSMS logs are available in C:\Windows\Temp\rSMS. You have the option to customize the log path to record the logs at a different location.

Customizing rSMS log path

  1. On the system where the Password Manager Administration Site is installed, click Start > Services.

  2. On the Services window, right-click on One Identity rSMS Service.

  3. Select Properties and check the location from the Path to executable section.

  4. Open the command prompt with administrator privileges and navigate to the directory where One Identity rSMS Service is installed.

  5. From the directory where One Identity rSMS Service is installed, run the rSMS.Config.exe LogPath command to view the rSMS log path.

    The log path currently used to record rSMS logs is displayed.

  6. To update the log path, run the rSMS.Config.exe LogPath -f <new path> command. For example, rSMS.Config.exe LogPath -f C:\PM.

    The log path is updated. To confirm the log path run the rSMS.Config.exe LogPath command again.

  7. Restart the One Identity rSMS Service.

Email templates

Password Manager provides the option to set the default template for confirmation e-mail. To send an auto generated email to user if workflow succeeds or fails, configure the email template from the General Settings tab for authentication.

To configure default e-mail template:

  1. On the home page of the Administration Site, click General Settings, then click the Email Template tab.

  2. Select the desired language from the Select language to customize template drop-down menu, to customize the email template.

  3. Click the + sign before the desired workflow to edit the template. Edit the subject and body of the notification template in the default language as required. When editing the notification template, you can use the parameters available in the notification editor, for example #USER_ACCOUNT_NAME#, #WORKFLOW_RESULT#, and others.

  4. In the Message format drop-down, select the format to use for the notifications. You can select from two options: either HTML or Plain text.

  5. Select the default language from the Select default language for email drop down menu, to select the default email template to send to the user.

  6. In the User notification settings, select one of the following options for user notification subscription:

    • Subscribe users to this notification. Allow users to unsubscribe.

    • Subscribe users to this notification. Do not allow users to unsubscribe.

    • Do not subscribe users to this notification. Allow users to subscribe to this notification.

  7. Click Save, to save the settings

Upgrading Password Manager

This section describes the process to upgrade Password Manager to the latest version (5.14.0).

NOTE:

  • One Identity recommends to back up the current configuration by exporting the settings from 5.7.1 or later versions.

  • Running the Migration Wizard is not required while upgrading from Password Manager 5.7.1 or later versions to 5.14.0.

  • If you want to upgrade to 5.14.0, it is recommended to reinstall the license file from the Administration Site once the upgrade is complete. Before installing the license, delete the existing SoftLicense binary value from [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Quest Software] registry key.

  • Any workflows that are customized in the previous versions of Password Manager should be manually merged with the workflow of the latest version of the Password Manager to avoid any end user data corruption.

    For example, changes made to the Register workflow (Self-Service workflows) such as addition/update of any authentication steps to the default configuration, should be manually recreated after upgrade to Password Manager 5.14.0.

  • To update storage files with new encryption mechanism, all realm instances must be updated with the Password Manager 5.14.0 configuration and must have the same encryption key.

    To perform the same, login to the Administration Site from the primary server, Navigate to General Settings > Import/Export > Export. Copy and Save the password securely. Import this configuration data in all the Password Manager secondary replication instances by selecting the exported configuration data and providing the password.

  • If the secondary instances are not updated with new configuration, a notification will be displayed in Administration Site as 'Import configuration settings from primary instance”.

    In the replication instances, Navigate to General Settings > Import/Export > Import, select the exported data from the primary server and input the password saved.

  • Shared.storage file will be encrypted and copied to Active Directory only when all replication instances are updated with Password Manager 5.14.0 configuration and encryption key.

  • When all the realm instances are updated with Password Manager 5.14.0, Q&A profiles of users will be updated with new encryption key when one of the following is performed:

    • User updates Q&A profile

    • Run Migration wizard to update all the user profiles automatically

This section consists of the following topics:

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación