- What is the name of the street where you first lived?
- What is your favorite movie?
- What is your Mother's maiden name?
- What year (YYYY) was your Mother born?
- What is your Father's middle name?
- What year (YYYY) was your Father born?
- What is the year (YYYY) of your first car?
- What is the make of your first car?
- What is the model of your first car?
- What was your first hire date with XXXXX (company name)?
- What is your employee number with XXXXX (company name)?
- Where is your favorite vacation location?
- What is the name of your first child?
- What is the name of your oldest niece?
- What is the name of your first employer?
- What is your favorite hobby?
- What is your paternal grandfather's first name?
- What is your paternal grandmother's first name?
- In what city was your mother born? (Enter full name of city only)
- In what city was your father born? (Enter full name of city only)
- In what city was your high school? (Enter only "Charlotte" for Charlotte High School)
- Where did you meet your spouse for the first time? (Enter full name of city only)
- What was the name of your first pet?
- In what year (YYYY) did you graduate from high school?
- Who is your favorite childhood superhero?
Overview
Licensing
Using a license from a previous version
Telephone verification license
Starling 2FA license
RADIUS Two-Factor Authentication
How to obtain a new license key
Upgrading
Upgrade considerations
Secure Password Extension
Password Policy Manager
Configuration
Reinitialization
Reports
Starling 2FA
Customizations
Troubleshooting
Is it possible to upgrade the Password Manager servers first and then the SPE (Secure Password Extension) at a later time?
Is it possible to roll back after the upgrade?
Does Password Policy Manager have to be upgraded on the Domain Controllers?
Upgrading from Password Manager 5.5.3 or later versions
Upgrading the Secure Password Extension
To remove the existing and assign a latest-version package
To remove an assigned MSI package
To deploy and configure Secure Password Extension
Upgrading Offline Password Reset
How to enable logging
To enable logging for Password Manager service
To enable logging for a stand-alone server
To enable logging for the Secure Password Extension (SPE)
To enable Password Policy Manager (PPM) logging:
How to move the Password Manager database
Changing the Password Manager service account
Workflow design considerations
Common Sample Questions
Helpdesk scope and options
The Helpdesk site handles typical tasks performed by Helpdesk operators, such as resetting passwords, unlocking user accounts, assigning temporary passcodes, and managing users' Questions and Answers profiles.
The Helpdesk site can be installed either on the same server as the Administration Site and Password Manager service, or on a stand-alone server.
The Helpdesk site uses a form-based authentication which prompts users to logon:
Figure 11:
Password Manager allows a Helpdesk group to be added for each Management Scope. If you require different Helpdesk groups to be able to administer different scopes of users, additional Management Scopes will have to be created to accommodate the restrictions for the Helpdesk groups.
The Scope of who can logon to the Helpdesk site can be configured in the Admin site for each Management Policy:
Figure 12:
To select the Groups who can access the Helpdesk site, first click Helpdesk Scope, then click Add domain connection.
Figure 13:
If you already have a Domain connection, select Use this connection:
Figure 14:
If you do not see the desired Domain Connection, click Add domain connection and enter the required information.
Once the Domain has been added, select Edit:
Figure 15:
Add in the Groups to be allowed access to the Helpdesk site and perform Helpdesk actions.
Reinitialization
Reinitialization
Password Manager has the ability to change the configuration options, such as the encryption level and the attribute used to store Users’ Q&A Profile settings without the need to reinstall or modify configuration files.
If you choose to perform a Reinitialization, please keep the following in mind:
When changing the Encryption algorithm within the PMAdmin site | General settings | Reinitialization section the following message occurs:
|
|
Warning: You are changing configuration and security settings. To prevent users from losing their Q&A profiles use the Migration Wizard to update the profiles. |
What are the next steps?
- Once the setting has been changed select Save
- Provide a password to the new configuration file
- Select Export (do not click Save yet)
- Click Save after the Export is complete or it will not work
- Launch the Migration Wizard found in the Password Manager Autorun and select: Update users’ Q&A profiles with new instance settings and follow the wizard
Reports
Reports
Reporting is an optional component. The Reports section of the Admin site includes a number of pre-defined reports that help you perform the following tasks:
- Track user registration activity
- Analyze information about what actions are performed by users in Password Manager
- Check users’ registration status
- View a list of users whose Questions and Answers profiles must be updated to comply with the current administrator-defined settings
- Track helpdesk operators’ activity
To use Password Manager Reports, you need to connect to a Microsoft SQL Server and a Microsoft Reporting Service Server (SSRS).
To use the User Action History functionality, you need to connect to an SQL Server only.
If you choose to take advantage of the Password Manager reports, the following is required:
- Microsoft SQL Reporting Services (SSRS) must be installed and configured
- The Password Manager service account must have sufficient permissions to create and write to a database on the SQL server
|
|
NOTE: You cannot pre-create the database. Password Manager must create it. |
- The Password Manager service account must have sufficient permission to publish reports on the SSRS server.