Chatta subito con l'assistenza
Chat con il supporto

Password Manager 5.12 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Working with Redistributable Secret Management account Email Templates
Password Policies Enable S2FA for Administrators and Enable S2FA for HelpDesk Users Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Appendix D: Feature imparities between the legacy and the new Self-Service Sites Glossary

Search and Logon Options

By configuring the search and logon options you specify how users and helpdesk operators search for their accounts and log in on the Self-Service and Helpdesk sites.

You can also configure Password Manager to display CAPTCHA or reCAPTCHA images and allow or prohibit account search on the Self-Service site.

Configuring Search and Security Options for the Self-Service Site

You can use the General Settings > Search and Logon Options tab of the Password Manager for AD LDS Administration Site to configure the following account search and security options:

Table 14: Search and Logon options

Option

Description

Do not allow users to search for their accounts

When selected, users must either select the applicable directory partition to log in, or must specify an additional user account attribute (for example, their email address) when logging in either to the Self-Service Site or the Helpdesk Site.

  • Show the list of application directory partitions to allow users to select the partition for logging in: When selected, the Self-Service Site will show all application directory partitions registered to Password Manager for AD LDS, allowing users to select the application directory partition their accounts belongs to.

    NOTE: The list will display all aliases that the user specified in their partition connections.

  • Users must enter the following user account attribute for identification (this may slow down the performance): When selected, users must search for their accounts by using the specified AD LDS user account attribute. Use the text boxes under this setting to specify the attribute (for example, the email address) that users must enter on the Find User page of the Self-Service site to search for their user account.

Allow users to search for their accounts

When selected, users can search for their accounts by simply providing their first name, last name, or account email address.

  • Allow user search from external network: When selected, users can search their account on the Self-Service site also from an external network.

    TIP: Deselect this setting to restrict searches only to IP addresses specified in the corporate IP address range of your organization, and to increase security. For more information on defining corporate IP address ranges, see Location sensitive authentication.

    For more information on user search in an external network, see Partial user search on external network.

    NOTE: If the Allow user search from external network setting is unchecked, but no corporate IP address range is specified in the organization, every network from which a user search is performed will be treated by Password Manager for AD LDS as an external network.

  • Search in multiple application directory partitions: When selected, users can search for their accounts in all application directory partitions registered with Password Manager for AD LDS.

  • Number of users to display in search results: Specifies the number of user accounts (between 1 and 99) displayed in the search results.

  • Automatically show available self-service tasks if only one account is found: When selected, Password Manager for AD LDS automatically opens the Home page of the Self-Service site for the user if only one user account is found that matches the search criteria.

  • User account attributes to display in search results: Allows you to specify the user attributes (such as first name, last name, user logon name, email address) to display in the search results.

Partial user search on external network

When you search for a user from an external network and the Allow user search from external network check box is un-checked, the application still displays the self-service tasks for certain users based on the below mentioned criteria:

  • Users can reach the Dashboard page only when the search criteria exactly matches with the search results.
  • If the user name to be searched is part (substring) of another username, Search Results get listed only for the single user, based on the exact match.
  • If the user name to be searched is part (substring) of multiple usernames, Search Results show No accounts matching your search criteria have been found. Check the information you entered and try again message.

Let us consider the below mentioned users in the user scope. Search behavior and result are as given in the table.

  • ABCEFG_1
  • ABCEFG_2
  • ABCEFG_3
  • ABCEFG_11
  • XYZEFG

 

S.No Search String Dashboard Status Search Results Comments
1 XYZ “No accounts matching your search criteria have been found. Check the information you entered and try again.” even though search string is part of XYZEFG.
2 XYZEFG Takes user to dashboard of XYZEFG.
3 ABCE “No accounts matching your search criteria have been found. Check the information you entered and try again” Since there are multiple users matching the search string.
4 ABCEFG_1 Only ABCEFG_1 is listed even though search string is part of ABCEFG_11.
5 ABCEFG_3 Takes us to dashboard of ABCEFG_3.

 

Conventions:

Dashboard Status - It indicates whether the user is able to view the respective workflow tasks in the Self-service site.

Search Results - It indicates the possible search results obtained after the search criteria.

- It Indicates that the workflow page appears for the user.

- It indicates that the workflow page does not appear for the user.

Configuring Security Options

By configuring the security options you can specify whether CAPTCHA or reCAPTCHA images should be displayed on the Find Your Account page to prevent bot attacks.

reCAPTCHA is a free CAPTCHA service provided by Google.

To start using reCAPTCHA you need to sign up and get reCAPTCHA keys on the following web site: http://www.google.com/recaptcha.

When getting the keys, provide the DNS name of the domain where Password Manager Self-Service sites are installed. If the Self-Service sites are installed in different domains, select the Enable this key on all domains check box to create a global key.

To learn more about using and configuring reCAPTCHA, go to http://www.google.com/recaptcha/learnmore.

To configure security options

  1. Connect to the Administration site by typing the Administration site URL in the address bar of your Web browser. By default, the URL is http://<ComputerName>/PMAdminADLDS/.
  2. On the menu bar, click General Settings, then click the Search and Logon Options tab, and select the Self-Service site option from the drop-down list.
  3. In the Security Settings section select the Show a security image to prevent bot attacks check box to have the Self-Service site display a picture with characters and require the user to enter the characters on the picture. This feature provides enhanced protection against automated attacks.
  4. Select the Display CAPTCHA radio button if you want the Self-Service site to show CAPTCHA images on the Find Your Account page. Click Settings to configure the following CAPTCHA settings:
    • Number of characters Specify the number of characters that will be displayed on a CAPTCHA image.
    • Noise level Select the noise level for a CAPTCHA image. The higher the level the more difficult it will be to read the characters.
  5. Select the Display reCAPTCHA radio button if you want the Self-Service site to show reCAPTCHA images on the Find Your Account page. Click Settings to configure the following reCAPTCHA settings:
    • Public key Specify the public key you received when configuring reCAPTCHA on the reCAPTCHA Web site.
    • Private key Specify the private key you received when configuring reCAPTCHA on the reCAPTCHA Web site.
    • Theme Select a color theme for the reCAPTCHA widget.
  6. Select the Show a security image every time the search is performed check box to show a CAPTCHA or reCAPTCHA image every time the search is performed on the Find Your Account page of the Self-Service page. Selecting this option increases protection against bot attacks.
  7. Click Save.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione