Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Password Manager 5.14 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring Access to the Administration Site Configuring Access to the Password Manager Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Password Manager Self-Service Site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Third-party contributions Glossary

Authenticate with external provider

Use this activity to authenticate users with an external provider, configured with Secure Token Server.

This activity has the following settings:

  • Choose from the configured providers to use in this activity for authentication: A provider set up in General Settings > Secure Token Server, to be used when this activity is the current in a workflow.

  • Choose the behaviour of the authentication: You can choose if the login interface is shown in an iframe or in a popup.

NOTE: Use popup behaviour when your login provider sends the content with X-Frame-Options : Deny header.

NOTE: For LDAP type Authentication Providers the User's Unique ID Attribute attribute mapping has to be objectGUID.

Authenticate with RADIUS Two-Factor Authentication

Use this activity to configure Password Manager to use a RADIUS server for two-factor authentication.

It uses one-time passwords (OTP) generated by hardware or software tokens for authentication.

You can use RADIUS Two-Factor Authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.

Before using RADIUS Two-Factor Authentication for authentication, users have to configure it in General Settings tab on the home page of the Administration Site. For more information, see RADIUS Two-Factor Authentication.

Authenticate via Phone

Use this activity to include phone-based authentication in a self-service workflow. If your license includes phone-based authentication service, you will be able to configure and use this activity.

If your Password Manager license does not include phone-based authentication service and you want to use this service, access the Support Portal at https://support.oneidentity.com/.

Before enabling the phone-based authentication, make sure that the users’ phone numbers that are stored in AD LDS are in the correct format. The phone number must meet the following requirements:

  • The number starts with either 00 or + followed by a country code and subscriber’s number. For example, +1 555-789-1314 or 00 1 5554567890.

  • The number can have extensions. For example, the number +1 555 123-45-67 ext 890.

  • Digits within the number can be separated by a space, hyphen, comma, period, plus and minus signs, slash (/), backward slash (\), asterisk (*), hash (#), and a tab character.

  • The number can contain the following brackets: parentheses (), curly braces {}, square brackets [], and angle brackets <>. Only one set of brackets is allowed within the number. The opening bracket must be in the first half of the number. For example, the number +15551234(567) will be considered invalid.

The USA numbers may not start with 00 or + sign, if they comply with all other requirements and contain 11 digits. For example, the number 1-555-123-3245 will be considered valid.

This activity has the following settings:

  • Authentication method: You can specify whether you want users to receive a call or an SMS with a one-time PIN code by selecting the corresponding option. You can also allow users to choose the authentication method on the Self-Service Site by selecting the Allow users to choose between an automated voice call and SMS option.

  • SMS template: Enter the text message that will contain a one-time PIN code and will be sent to users during phone-based authentication.

  • telephoneNumber, homePhone, mobile and other attributes: Select one or several attributes of a user account from which telephone numbers will be used during phone-based authentication. You can also specify other attributes.

You can test the configured settings by clicking the Test settings button and entering the phone number to which a one-time PIN code will be sent.

Authenticate with Passcode

Use this activity to allow users to use passcode for creating or updating Questions and Answers profile. Passcodes are assigned by helpdesk operators to users who have forgotten their passwords and at the same are not registered with Password Manager or have forgotten their answers to secret questions.

You do not need to configure any settings for this activity.

By default, this authentication activity is used in the I Have a Passcode workflow.

For more information on configuring settings for assigning passcodes, see Assign Passcode.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation