You can control whether passcodes generated by the help desk are divided into two parts. One half of the passcode is issued to the help desk staff and the other half is sent to the employee's manager. The employee must ask the manager for the second half of the passcode. This procedure increases the security for issuing passcodes.
To configure the four eye principle for issuing passcodes
-
Start the Designer program.
-
Connect to the relevant database.
-
Set the QER | Person | PasswordResetAuthenticator | PasscodeSplit configuration parameter.
NOTE: For more information about editing configuration parameters in the Designer, see the One Identity Manager Configuration Guide.
-
Set the QER | WebPortal | MailTemplateIdents | InformManagerAboutSecondHalfOfPasscode configuration parameter.
By default, the second half of the passcode is sent with the Employee - manager half of passcode for password reset mail template.
To use another template for this notification, change the value in the configuration parameter.
TIP: In the Designer, you can configure the current mail template in the Mail templates > Person category. For more information about mail templates, see the One Identity Manager Operational Guide.