Secure Password Extension is an application that provides one-click access to the complete functionality of the Self-Service Site from the Windows logon screen. Secure Password Extension also provides dialogs displayed on end-user computers, these dialogs notify users who must create or update their Questions and Answers profiles with Password Manager. Secure Password Extension is included on the installation CD and is deployed through Group Policy. For information on how to deploy and configure Secure Password Extension on end-user workstations in the managed domain, see Deploying and configuring Secure Password Extension.
Secure Password Extension supports the authentication model in the following systems
On workstations running windows 8.1 and 10, Secure Password Extension adds an icon under the Sign-in options to the user tile of the windows logon screen. By clicking these buttons and links, users can open the Self-Service Site.
When users connect to the Self-Service Site from the Windows logon screen, anonymous access is enabled and the functionality of Microsoft Internet Explorer is restricted, thereby preventing the actions that may pose a security threat. Once users open the Self-Service Site search page from the Windows logon screen, they cannot access any other Web site, or open a new browser window or a context menu.
This section explains how Secure Password Extension locates the Self-Service Site and launches notification dialogs on end-user computers that remind users to create or update their Q&A profiles.
By default, Secure Password Extension uses a URL from a service connection point to locate the Self-Service Site. You can also override the default URL published in the service connection point by specifying a different URL in the General Settings of the Administration Site or by specifying a different URL in the supplied administrative template and applying the template to selected users.
For more information, see:
Every Password Manager instance publishes its service connection points in Active Directory. Secure Password Extension uses service connection points to automatically locate the Self-Service Site.
Service connection points are objects in Active Directory that hold information about services. Services can publish information about their existence by creating service connection points in Active Directory. Client applications use this information to find and connect to instances of the service. When an instance of Password Manager is installed, the Password Manager Service publishes its service connection points in Active Directory. To locate the server where the Self-Service Site is deployed, Secure Password Extension uses the service connection points published by Password Manager Service instances in Active Directory.
-
Password Manager instance publishes a service connection point in Active Directory.
-
Secure Password Extension locates the service connection point.
-
Secure Password Extension obtains the necessary data from the service connection point (URL path to the Self-Service Site).
-
Secure Password Extension opens the Self-Service Site.