Introduction
This guide is intended to assist in the initial configuration of Password Manager. For complete configuration options, see the Password Manager Administrator Guide or the How To Guide.
Instance Initialization
After installing Password Manager, you have to initialize it. After initializing, you can configure the Management policies with the user and helpdesk scopes, Questions and Answers policy and workflow configuration. When initializing a Password Manager instance, you can choose one of the two options: create a unique instance or a replica of an existing instance. When you create the replica of the existing instance, the new instance shares its entire configuration with the existing instance. Password Manager instances sharing the same configuration are referred to as a Password Manager realm. For more information about Password Manager realms, see Installing Multiple Instances of Password Manager.
To initialize Password Manager instance
- Open the Administration site by entering the following address: http(s)://<ComputerName>/PMAdmin, where <ComputerName> is the name of the computer on which Password Manager is installed. The Instance Initialization page will be displayed automatically.
- On the Instance Initialization page, select one of the following options, depending on what type of instance you want to create:
- Unique instance. Creates a new instance.
- Replica of existing instance. Joins a new instance to a Password Manager realm.
- If you have selected the option Replica of an existing instance, follow the instructions provided later in the section Installing Multiple Instances of Password Manager.
- If you have selected the option Unique instance, under Service connection settings, specify the following:
- Certificate name. Select the certificate that was issued for the computer running the Password Manager Service. If you decide to install the Self-Service and Helpdesk sites separately from the Password Manager Service, it is recommended to replace the built-in certificate that is used to encrypt traffic between the Service and the sites. For more information, see the Administrator Guide.
- Port number. Specify the port that the Self-Service and Helpdesk sites will use to connect to the Password Manager Service. By default, port 8081 is used.
- Under Advanced settings, specifying the following:
- Encryption algorithm. Specify the encryption algorithm that will be used to encrypt users’ answers to secret questions and other security sensitive information. You can select from two options: Triple DES and AES. By default, Password Manager uses Triple DES algorithm to encrypt data. Note, that users’ answers will be encrypted if the “Store answers using reversible encryption” option is selected in the Q&A Profile settings. Otherwise, the answers will be hashed.
- Encryption key length. Specify whether a 192-bit or 256-bit encryption key will be used.
- Hashing algorithm. Specify the hashing algorithm that will be used to hash users’ answers to secret questions. The following algorithms are available: MD5 and SHA-256. By default, Password Manager uses SHA-256 hashing algorithm. Password Manager will hash users’ answers if “Store answers using reversible encryption” option is not selected in the Q&A Profile settings.
- Store user’s Questions and Answers profile in the following attribute of user’s account in Active Directory. In the text box below, type the attribute name that will be used for storing Q&A profile data. By default, Password Manager stores Q&A profile data in the comment attribute of each user's account and configuration data in the comment attribute of a configuration storage account, which is automatically created when installing Password Manager.
- Click Save to complete instance initialization.
Installing Multiple Instances of Password Manager
Installing Multiple Instances of Password Manager
Several Password Manager instances sharing common configuration are referred to as a realm. A realm is a group of Password Manager Service instances sharing all settings and having the same set of Management Policies, that is, the same user and helpdesk scopes, Q&A policy, and workflow settings. Password Manager realms provide for enhanced availability and fault tolerance.
|
IMPORTANT: It is not recommended to edit Password Manager settings simultaneously on multiple instances belonging to one realm. Simultaneous modification of settings on multiple Password Manager instances may cause data loss. |
To create a Password Manager Realm
- Export a configuration file from the instance belonging to the target realm.
- To export instance settings to the configuration file, connect to the Administration site of the instance belonging to the target realm.
- On the menu bar, click General Settings, then click Import/Export.
- On the Import/Export Configuration Settings page, select the Export configuration settings option and click Export to save the configuration file.
|
IMPORTANT: Remember the password that is generated while exporting the configuration file. You should enter this password when importing the configuration file for a new instance you want to join to the target realm. |
- Install a new Password Manager instance by running Password Manager x64 from the installation CD autorun window.
- Open the Administration site by entering the following address: http(s)://<ComputerName>/PMAdmin, where <ComputerName> is the name of the computer on which Password Manager is installed. On the Instance Initialization page, select the Replica of existing instance option.
- Click Upload to select the configuration file that you exported from the instance belonging to the target realm.
- Enter the password to the configuration file and click Save.
Configuring Administration Site
Configuring Administration Site
After initializing the Administration site, you need to configure the default Management Policy.
The required settings you need to configure for the Management Policy are user scope, secret questions, helpdesk scope, domain connection, and configure notification.