Chat now with support
Chat mit Support

Password Manager 5.13.1 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances Domain Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable S2FA for Administrators & Enable S2FA for HelpDesk Users Reporting Password Manager Integration Accounts Used in Password Manager Open Communication Ports for Password Manager Customization Options Overview Feature imparities between the legacy and the new Self-Service Sites Glossary

Secure Password Extension

Secure Password Extension is an independently deployed component that provides one-click access to the complete functionality of the Self-Service site from the Windows login screen. Secure Password Extension also provides dialog displayed on end-user computers that notify users who must create or update their Questions and Answers profiles with Password Manager.

Secure Password Extension should be installed on users’ computers through group policy.

For more information, see Secure Password Extension overview.

Offline Password Reset

Offline Password Reset (OPR) is an independently deployed component that enables users to use the offline password reset functionality provided by Password Manager. This functionality allows resetting passwords when users have forgotten their current passwords and their computers are not connected to the intranet (Active Directory is not available).

Offline Password Reset should be installed on users’ computers through group policy.

The password can be reset by two methods when the user is offline. Do one of the following to reset the password when the system is not connected to corporate network.

With mobile QRcode scanner:

  1. Scan the QRcode from the welcome page and click Next.

  2. Scanning the QRcode redirects to Password self-Service site on the mobile device.

  3. On the Password Self-Service site, select the Forgot My Password option. This will give a response code to reset your password on the offline system.

  4. Type the response code in the Response code text box.

  5. Type the new password and confirm the new password in relevant text boxes.

  6. Click Next to reset the password.

NOTE:

  • If you don't have latest .NET Framework to display QRCode Image, click Next to reset your password using the challenge code.

  • Use the latest prm_gina.admx file by removing the older file from group policy.

If the user fails to reset the password three times on Password Reset wizard for any reason, Offline Password Reset Wizard generates a new QR code. The user must scan the new QR code and follow the steps again to reset the password.

NOTE:

  • For the QR code to work, make sure that Password Manager Self-Service site URL exists in the registry.

  • To update the registry entry of the Password Manager Self-Service site URL, navigate to Generic Settings folder in the Administrative templates node and enable Specify URL path to the Password Self-Service site setting.

  • If Password Manager Self-Service site URL is not present in the registry, Password Manager Self-Service site will not appear on 32 char challenge code window of OPR.

Without mobile QRcode scanner:

  1. Select the Select the checkbox if you do not have the QRcode scanner and click Next. check box, and click Next.

  2. On a device connected to the internet, open the Password Self-Service site and access your account.

  3. Select the Forgot My Password option.

  4. Enter the challenge code that appeared on the Password Reset page of One Identity Secure Password Extension Wizard in the text box and click Next.

  5. Type the response code in the Response code text box.

  6. Type the new password and confirm the new password in relevant text boxes.

  7. Click Next to reset the password.

For more information, see Reset Password in Active Directory.

Migration Wizard

Migration Wizard (part of Password Manager 5.13.1) users to update profile whenever the administrator reinitializes the Password Manager instance. For more information, see To update users’ Q&A profiles with new instance settings and clear old Q&A data for user objects in Active Directory.

Telesign

TeleSign is a service that provides phone-based authentication for Password Manager users. To enable the TeleSign service, it must be covered by your license and the administrator must configure the Authenticate via Phone activity and include the activity in corresponding workflows. If TeleSign is enabled, when performing a task on the Self-Service or Helpdesk site, users will be prompted to select their phone number, to which a one-time code will be sent by TeleSign, and then enter the code on the site for verification.

TeleSign service is available anywhere where users can receive calls or text messages. To receive verification codes, users do not need to install any applications on their phones.

To communicate with TeleSign, Password Manager uses REST API.

For more information, see Phone-based authentication service overview.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen