Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Password Manager 5.10 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Password Policies One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Appendix D: Feature imparities between the legacy and the new Self-Service Sites Glossary

Enable S2FA for Administrators and Enable S2FA for HelpDesk Users

This section describes the steps to enable Starling Two-Factor Authentication to protect AD LDS Administration site and Helpdesk site users.

To enable S2FA for Administrators and HelpDesk Users

  1. On the home page of the AD LDS Administration site, click the One Identity Starling tab.
  2. Select Enable S2FA for Administrators checkbox to protect the AD LDS Administration site or select Enable S2FA for HelpDesk Users checkbox to protect the HelpDesk site with Starling Two-Factor Authentication. Select both checkboxes to enable authentication for both Administration and HelpDesk user sites.

    NOTE: The Administrator can choose if the user's mobile, or telephone number, or home phone number, or any other custom set attribute to be used for authentication from the Specify user's AD attribute for mobile number to authenticate the user dropdown box. The Administrator can also add a custom attribute to the existing list of attributes.
  1. Click Save to save the settings.

NOTE: The Administrator can choose which user’s active directory attributes to be used for the mobile number from the Specify user's AD attribute to authenticate the user dropdown box. The administrator can also specify other user’s active directory attribute for mobile number apart from the list.

NOTE: If the administrator unjoins from the Starling, S2FA will stop the protection for AD LDS Administration and HelpDesk sites.
Failsafe Login

In case of One Identity Starling downtime situation, a failsafe method is provided by Password Manager to log in. For such case, Password Manager creates a user qpms2faadmin to log in. The qpms2faadmin user is managed by the administrator.

If the One Identity Starling is down while login to Password Manager, the AD LDS administration site prompts for user credential. The Administrator must provide the password for the qpms2faadmin user to authenticate and login to the AD LDS administration site.

Reporting

Reporting and User Action History Overview

Password Manager provides a simple and convenient way to view, print, and save reports and charts allowing you to analyze information on how the application is used. The reporting functionality within the solution is based on Microsoft SQL Server Reporting Services as a common reporting environment.

The Reports section of the Administrator site includes a number of pre-defined reports that help you perform the following tasks:

  • Track user registration activity
  • Analyze information about what actions are performed by users in Password Manager
  • Check users’ registration status
  • View a list of users whose Questions and Answers profiles must be updated to comply with the current administrator-defined settings
  • Track helpdesk operators’ activity

The user action history provides records of all actions performed by users registered with Password Manager. You can search for records using a full-text search functionality. The user action history is provided by Enterprise Auditing Service embedded in Password Manager.

To use Password Manager reports, you need to connect to an SQL Server and a Report Server.

To use the user action history functionality, you need to connect to an SQL Server only.

 

 

Alternative options

You can use predefined Power BI templates to generate interactive reports as an alternative to Reporting. For more information on Power BI, see Working with Power BI.

Setting Up Reporting Environment

To enable the reporting functionality of Password Manager, ensure that the following requirements are met:

  • A SQL Server is deployed in your environment and the Password Manager database is configured on that server.
  • A SQL Server Reporting Services report server is installed in your working environment.
  • You have configured a connection to the report server through the Administration site.

The interactive Web-based reports are built on data that the report server retrieves from the Password Manager SQL database, and can be either viewed online or exported into multiple file formats.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation