Chat now with support
Chat with Support

Password Manager 5.13.2 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring access to the Administration Site Configuring access to the Legacy Self-Service Site or Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Legacy Self-Service or Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Installing Password Manager in perimeter network with read-only domain controllers

If your network topology includes a perimeter network (DMZ) that contains only read-only domain controllers (RODCs), you should consider the following when installing Password Manager in this environment.

Because password changes may not get immediately replicated to RODCs, users may experience downtime when authenticating using an RODC if their passwords were changed or reset on a DC in another Active Directory site.

To mitigate this issue, it is recommended to do either of the following when installing Password Manager in the perimeter network:

  • Install Password Manager Service in a dedicated RODC replication hub site (as shown below), if this hub site exists in your environment.

  • If Password Manager Service cannot be installed in the dedicated RODC replication hub site, do either of the following:

    • For your Management Policy, specify the appropriate writable DC from the hub site in the advanced settings of the domain connection. For more information, see Specifying advanced settings for domain connection.

    • For your Management Policy, specify the hub site in the list of Active Directory sites to which replication changes will be forced. For more information, see Specifying advanced settings for domain connection.

    • Enable change notification on the site link between the dedicated RODC replication hub site (or the site in which an RODC is installed) and the site in which Password Manager Service is installed.

Installing Password Manager in perimeter network with reverse proxy

A reverse proxy is a proxy server that is typically deployed in a perimeter network to enhance security of the corporate network. By providing a single point of access to the servers installed in the intranet, the reverse proxy server protects the intranet from an external attack.

If you have the reverse proxy deployed in the perimeter network in your environment, it is recommended to install the Password Manager Service and the Self-Service Site and Helpdesk Site in the intranet and configure the reverse proxy to redirect requests from external users to the correct intranet URLs of the Password Manager sites.

Installing Password Manager in perimeter network without AD DS

If Active Directory Domain Services (AD DS) is not deployed in a perimeter network in your environment, you may still install Password Manager in this perimeter network.

When AD DS is not deployed in the perimeter network, servers are placed in a workgroup. Password Manager allows installing the Self-Service and Helpdesk sites on servers that are not placed in any domain.

Management Policy overview

A Management Policy is a core concept in Password Manager. Management Policies allow you to organize and group settings for dedicated users and helpdesk operators.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating