Chat now with support
Chat with Support

Password Manager 5.14 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring access to the Administration Site Configuring access to the Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Third-party contributions Glossary

Disable user account

In Password Manager, you can manually set when users get reminders before disabling their account. If the user does not update their Q&A account in the set time period, their account gets disabled. To configure the reminders, perform the following steps.

To disable the user account after a series of reminders

  1. Connect to the Administration Site by typing the Administration Site URL in the address bar of your web browser. By default, the URL is http://<ComputerName>/PMAdmin/.

    NOTE: When prompted to log in, provide your domain user name in a domainname\username format.

  2. Select the Management Policy you want to modify.

  3. Expand the User Enforcement Rules section and click Remind Users to Create/Update Q&A Profiles.

  4. In the Apply the following notification scenarios to users from the rule’s scope section, click Add to add a new notification scenario, or click Edit to modify an existing notification scenario.

  5. In Configure Notification Scenario window, do the following:

  6. Select the User was invited to create/update Q&A profile N days ago option and enter the required number of days within which the users have to create or update their Q&A profiles.

  7. Select Disable user account.

  8. Select Notify users by email check box to configure email notification, or select Notify users via Secure Password Extension check box to configure notification by a dialog and click Next.

    • If you have selected the Notify users by email check box, edit the notification template if necessary. Specify the following settings if required and click Next:

      • To define the default notification language, click the language link next to the Default language option and select the required language.

      • To specify the notification text in another language, click Add new language and select the required language. Notification templates in 16 languages are available out of the box (English, Chinese (Simplified), Chinese (Traditional), Danish, Dutch, French, German, Japanese, Korean, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Polish, Czech, Swedish).

    • If you have selected the Notify users via Secure Password Extension check box, configure the postpone options that will be available to users on the notification dialog: select check boxes with required time intervals and click OK.

  9. Click Save.

Enable user account

You can enable the accounts disabled through forced enrollment, using a customized enable account workflow.

NOTE: The custom workflow must be executed only through Secure Password Extension or through mobile browsers. Because user login is restricted on workstation after disabling of the account.

To enable the account, use the following activities in the workflow:

  1. Authenticate with password or any 2FA procedure such as Radius.

    NOTE: In the activity settings, you must select Authenticate users with disabled accounts check box to unlock and re-enable the disabled user accounts.

  2. Edit Q&A profile

  3. Enable account.

    NOTE: In the activity settings, you must select Enable user accounts disabled by forced enrollment check box to unlock and re-enable the disabled user accounts disabled through forced enrollment. If you do not select the check box, all the disabled user accounts in the organization are enabled.

  4. If an error occurs, restart the workflow.

Remind users to change password

By using this enforcement rule you can configure Password Manager to notify users about password expiration. If you configure this notification, users will be notified by email.

The notification schedule is defined by the Reminder to Change Password scheduled task. Note that notification starts only after this scheduled task has run. For more information on the scheduled tasks, see Scheduled tasks.

NOTE: If you disable the Reminder to Change Password scheduled task, users will not be reminded of password expiration.

To enable the rule, on the Home page of the Administration Site, expand the required enforcement rules section, click Remind Users to Change Password, and then click Enable.

To configure this enforcement rule, you must specify a user scope, conditions when an email notification should be sent and an email notification text.

To configure this reminder

  1. Connect to the Administration Site by typing the Administration Site URL in the address bar of your Web browser. By default, the URL is http://<ComputerName>/PMAdmin/.

    NOTE: When prompted to log in, provide your domain user name in a domainname\username format.

  2. Select the Management Policy you want to modify.

  3. Expand the User Enforcement Rules section and click Remind Users to Change Password.

  4. To set the user scope of this rule, click Configure under Configure the rule’s scope, specify the following settings and click Save:

    Table 8: Configure the scope of rule

    Option

    Description

    Users from the user scope of the Management Policy

    Select this option to include all users from the Management Policy user scope to the rule’s scope.

    The following users

    Select this option to specify groups included to and excluded from the rule’s scope.

    Users included both in the Management Policy user scope and the following groups

    Specify groups included in the rule’s scope.

    NOTE: Only users belonging both to the Management Policy user scope and the specified groups will be included in the rule’s scope. To browse for groups, click Add, select the required groups and click Save.

    Users excluded from the rule’s scope

    Specify groups excluded from the rule’s scope. To browse for groups, click Add, select the required groups and click Save.

  5. To specify the conditions under which users should be notified to change their passwords, click Configure under Notify users who meet the following condition, specify the number of days before password expiration and click OK.

  6. To edit the notification template, use a WYSIWYG editor in the Configure email notification section.

  7. To define the default notification language, click the language link next to the Default language option and select the required language.

  8. To specify the notification text in another language, click Add new language and select the required language. Notification templates in 17 languages are available out of the box (English, Chinese (Simplified), Chinese (Traditional), Danish, Dutch, French, German, Italian, Japanese, Korean, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Polish, Czech, Swedish). The language of the notification message corresponds to the language of a user’s Q&A profile. If the corresponding language is not available, the notification message is sent in the default language.

  9. Click Save.

IMPORTANT: To send email notifications to users, you must specify an outgoing mail server (SMTP server). For more information on how to configure the SMTP server, see Outgoing mail servers.

General Settings

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating