When you have installed Password Manager, follow this checklist to configure the solution to implement automated and secure password management in an Active Directory domain.
Table 2: Checklist to configure Password Manager
|
Prepare a domain management account. |
Configuring permissions for domain management account |
|
Configure a user scope. |
Configuring user scope |
|
Configure the Questions and Answers policy: Create language-specific question lists, and configure Q&A profile settings if required. |
Configuring Questions and Answers policy |
|
Configure a Helpdesk scope to grant access permissions for the Helpdesk Site to Helpdesk operators and delegate administrative tasks. |
Configuring access to the Helpdesk Site |
|
Configure Self-Service and Helpdesk workflows to define what tasks will be available on the Self-Service and Helpdesk sites. |
Password Manager Self-Service Site workflows
Helpdesk workflows |
|
If required, configure rules for user registration notification and enforcement by specifying a registration schedule and enabling registration notification. |
User enforcement rules |
|
Configure general settings that apply to all user scopes (such as account search options, SMTP servers, scheduled tasks, and so on.) |
General Settings overview |
|
If you want to provide access to the Self-Service Site from the Windows login screen and notify users that they should create or update Q&A profiles, install Secure Password Extension. |
Deploying and configuring Secure Password Extension |
|
If you want to use Password Manager to enforce password policies, you must install Password Policy Manager (PPM) on all domain controllers in the domain. Then, create password policies and configure password policy rules. |
Installing Password Policy Manager |
|
If you want to use Password Manager for cross-platform password synchronization, install One Identity Quick Connect Sync Engine and configure the product to integrate with Password Manager. |
Reset Password in Active Directory and Connected Systems |
|
Ensure that all Password Manager users have JavaScript enabled in their browser settings. |
|
|
Ensure that the users know the Self-Service Site URL and can access the site to register and perform password self-management tasks. |
|
Management Policy is a core element of Password Manager. Using the Management Policy, you can configure workflows for registering new users, resetting passwords, and others. For each Management Policy you can configure a user scope, and delegate Helpdesk tasks by configuring a Helpdesk scope. You can configure multiple Management Policies with different user and Helpdesk scopes, workflows, and secret questions. The default Management Policy with preconfigured workflows is available out of the box.
A Management Policy consists of the following components:
User scope is a group or several groups of users managed by Password Manager. When configuring a user scope for a Management Policy, you can add user groups from different domains. For more information about the user scope, see Configuring user scope.
Helpdesk scope is a group of Helpdesk operators who are allowed to manage users from the user scope of the same Management Policy. By configuring the Helpdesk scope, you can delegate administrative tasks to specified Helpdesk operators. For more information about the Helpdesk scope, see Configuring access to the Helpdesk Site.
Questions and Answers policy (Q&A policy) is a policy within which secret questions and Q&A profile settings are defined. Secret questions are a set of mandatory, optional, and Helpdesk questions for users’ Questions and Answers profiles. These questions are used to register users with Password Manager and later to authenticate users when they use the Self-Service Site. Q&A profile settings define how many questions a user must answer to create Q&A profile settings and set requirements for user’s questions and answers. For more information about Q&A policy, see Configuring Questions and Answers policy.
All workflows are divided into two categories: Self-Service and Helpdesk workflows. The Self-Service workflows define the tasks available to users on the Self-Service Site, that is, every configured workflow is a task on the Self-Service Site. The helpdesk workflows define what tasks are available to helpdesk operators on the Helpdesk Site. A workflow consists of several activities that you can add to or remove from the workflow to customize it.
The Default Management Policy offers preconfigured workflows that can be easily customized. For more information about workflows, see Workflow overview.
User enforcement rules and reminders allow you to set up the enforcement schedule to invite users to create or update their Q&A profiles and configure the reminder that will notify users to change passwords before password expiration. For more information, see User enforcement rules.
In the Password Manager Administration Site, you can add or clone a new Management Policy.
To create a new Management Policy
To clone an existing Management Policy
-
In the Password Manager Administration Site, click Add new Management policy.
-
Check Clone existing Management Policy.
-
Select a Management Policy to clone from the list of already existing Management Policies.
