Chatta subito con l'assistenza

Ottieni assistenza in tempo reale
Completa la registrazione

Accedi

Richiedi prezzo

Contatta il supporto vendite

Password Manager 5.13.1 - Administration Guide

Table of Contents

About Password Manager

Password Manager Overview

Getting Started

Different Site for Different Roles Password Manager Components Licensing

Installing the License Updating the License Telephone Verification Feature License

Checklist: Installing Password Manager Installing Password Manager

Configuring Password Manager Service Account and Application Pool Identity Enabling HTTPS Steps to Install Password Manager Instance Initialization Installing Legacy Self-Service, Password Manager Self-Service, and Helpdesk Sites on a Standalone Server FailSafe support in Password Manager Installing Multiple Instances of Password Manager

Specifying Custom Certificates for Authentication and Traffic Encryption Between Password Manager Service and Web Sites

Step 1: Obtain and Install Custom Certificates From a TrustedWindows-Based Certification Authority Step 2: Provide Certificate Issued for Server Computer to Password Manager Service Step 3: Provide Certificate Issued for Client Computers to Self-Service and Helpdesk Sites

Configuring Management Policy

Configuring User Scope

Configuring Permissions for Domain Management Account Adding Domain Connection

Enable LDAP over SSL

Specifying Advanced Options for Domain Connection

Domain Controller Active Directory Sites Changes Propagation

Propagating account-related changes Propagating Q&A profile-related changes Propagating password-related changes

Changing Domain Management Account Removing a Domain Connection User Logon Requirements

Adding Secret Questions

Password Manager Architecture

Password Manager Components and Third-Party Solutions

Password Manager Service and Administration Site Self-Service Site Helpdesk Site Password Policy Manager Secure Password Extension Offline Password Reset Migration Wizard Telesign SQL Server Database and SQL Server Reporting Services One Identity Quick Connect Sync Engine Defender Password Manager Secure Token Server RADIUS Two-Factor Authentication Quest Enterprise Single Sign-On Redistributable Secret Management Service Location sensitive authentication Password Manager permission checker Working with Power BI templates Password Manager Credential Checker

Typical Deployment Scenarios

Simple Deployment Deployment of the Legacy Self-Service, Password Manager Self-Service site and Helpdesk Sites on Standalone Servers Realm Deployment Multiple Realm Deployment

Password Manager in Perimeter Network

Installing Password Manager in Perimeter Network with Read-Only Domain Controllers Installing Password Manager in Perimeter Network with Reverse Proxy Installing Password Manager in Perimeter Networ kwithout AD DS

Management Policy Overview

Management Policy Components Management Policy and Other Password Manager Settings

Password Policy Overview

Using One Identity Password Policies Using Fine-Grained Password Policies Applying Multiple Password Policies Using Password Policy Manager

Secure Password Extension Overview

Locating Self-Service Site

Obtaining Self-Service Site URL from Service Connection Point Changing Self-Service Site URL on the Administration Site

Launching User Notification

reCAPTCHA Overview

How It Works How to Use reCAPTCHA on Password Manager Sites System Requirements for Using reCAPTCHA References

User Enrollment Process Overview Questions and Answers Policy Overview

Q&A Policy and Authentication Q&A Policy and User Enforcement

Password Change and Reset Process Overview

Resetting and Changing Password in Connected Systems Enforcing Password History When Resetting Password Replicating Password Changes

Data Replication

Storing Data Replicating Data Changing Replication Settings

Phone-Based Authentication Service Overview

How It Works How to Use Phone-Based Authentication System Requirements

Management Policies

Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site

Specifying Advanced Options for Domain Connection

Active Directory Sites

Changes Propagation

Changing Domain Management Account Removing a Domain Connection

Configuring Questions and Answers Policy

Creating Secret Questions Editing and Deleting Questions Configuring Q&A Profile Settings

Workflow overview

Workflow structure Workflow state Workflow settings

Custom workflows

Importing and exporting workflows

Custom Activities

Custom Activity Settings Creating Custom Activities Importing and Exporting Custom Activities Removing Custom Activities

Self-Service Workflows

Configuring the country code drop-down menu

Manage My Profile Forgot My Password Manage My Passwords Unlock My Account My Notifications I Have a Passcode Self-Service Activities Overview

Authentication Activities

Display CAPTCHA Display reCAPTCHA Authentication Methods Authenticate with Password Authenticate with Q&A Profile (Random Questions) Authenticate with Q&A Profile (Specific Questions) Authenticate with Q&A Profile (User-selected questions) Authenticate with Defender Authenticate with external provider Authenticate with RADIUS Two-Factor Authentication Authenticate via Phone Authenticate with Passcode

Action Activities

Register Manage My Profile Edit Q&A Profile Reset Password in Active Directory Change Password in Active Directory Reset Password in Active Directory and Connected Systems Change Password in Active Directory and Connected Systems Reset password in connected systems through embedded connectors Unlock Account Enable Account Force User to Change Password at Next Logon Subscribe to Notifications Lock Q&A Profile Display User Agreement Restart Workflow if Error Occurs Issue BitLocker Recovery Key Provide product feedback

Notification Activities

Customizing Notifications Email User if Workflow Succeeds Email User if Workflow Fails Email Administrator if Workflow Succeeds Email Administrator if Workflow Fails

Helpdesk Workflows

Assign Passcode Reset Password Unlock Account Unlock Profile Verify User Identity Enforce Update of Profile Helpdesk Activities Overview

Authentication Activities

Authentication Methods Authenticate with Q&A Profile Authenticate via Phone Authenticate with Defender Authenticate with RADIUS Two-Factor Authentication

Action Activities

Reset Password in Active Directory Reset Password in Active Directory and Connected Systems Unlock Account Enable Account Force User to Change Password at Next Logon Assign Passcode Unlock Q&A Profile Enforce Update of Q&A Profile Restart Workflow if Error Occurs

Notification Activities

Customizing Notifications Email User if Workflow Succeeds Email User if Workflow Fails Email Administrator if Workflow Succeeds Email Administrator if Workflow Fails

User Enforcement Rules

Invite Users to Create/Update Q&A Profiles Remind Users to Create/Update Q&A Profiles

Forced Enrollment

Disable account Enable Account

Remind Users to Change Password

General Settings

General Settings Overview Search and Logon Options

Configuring Account Search Options

Partial user search on external network

Configuring Security Options

Hiding the domain user name on the Self-Service Site Hiding personally identifiable information for logged-in users Configuring anti-bot security settings

Configuring CAPTCHA security images Configuring reCAPTCHA security settings

Import/Export Configuration Settings

Exporting Configuration Settings Importing Configuration Settings

Outgoing Mail Servers Diagnostic Logging Scheduled Tasks

Invitation to Create/Update Profile Task Reminder to Create/Update Profile Task Reminder to Change Password Task Active Directory Sites Maximum Password Age Policy Task User Status Statistics Task Clear Old Records from Reporting Database Environment Health Checker Task Update RADIUS server status

Web Interface Customization Instance Reinitialization

Modifying Service Connection Settings Modifying Advanced Settings

Realm Instances Domain Connections

Using Domain Connections Specifying Access Account for Domain Connections Changing Access Account for Domain Connections Specifying Advanced Options for Domain Connection

Active Directory Sites

Changes Propagation

Propagating account-related changes Propagating Q&A profile-related changes Propagating password-related changes

Removing a Domain Connection

Extensibility Features

Extensibility Features Overview

RADIUS Two-Factor Authentication

Working with RADIUS servers

Internal Feedback Password Manager components and third-party applications

Password Manager Secure Token Server Configuring Password Manager Secure Token Server

Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account

Redistributable Secret Management Service supported platforms Customizing Redistributable Secret Management log path

Email Templates

Upgrading Password Manager

Upgrade Requirements About Secure Password Extension Upgrading Multiple Instances of Password Manager Upgrading Password Manager

In-place upgrade Manual upgrade from 5.9.x or later versions Running the Migration Wizard Modifying the service account Converting Q&A Profiles

Upgrading Secure Password Extension Upgrading Password Policy Manager

Administrative Templates

Installing Administrative Templates Configuring Administrative Templates Updating Administrative Templates Removing Administrative Templates

Secure Password Extension

Configuring Access to Self-Service Site from Windows Logon Screen

Introducing Secure Password Extension Understanding How Secure Password Extension Works

Locating Self-Service Site Obtaining Self-Service Site URL from Service Connection Point Changing Self-Service Site URL on the Administration Site Changing Self-Service Site URL in the Administrative Template Launching User Notification

Deploying and Configuring Secure Password Extension

Deploying Secure Password Extension Configuring Secure Password Extension

Overriding Automatic Self-Service Site Location Password Manager Realm Affinity

Managing Secure Password Extension Using Administrative Templates

Generic Settings

Uninstalling Secure Password Extension

Logging in Secure Password Extension

Password Policies

About Password Policies

Password Policy Manager Password Policy Rules

Installing Password Policy Manager Uninstalling Password Policy Manager Creating and Configuring a Password Policy

Configuring Password Policy Rules

Password Compliance Password Age Rule Length Rule Complexity Rule Required Characters Rule Disallowed Characters Rule Sequence Rule User Properties Rule Dictionary Rule Symmetry Rule Custom Rule

Managing Password Policy Scope

Applying Password Policies Changing Policy Priority

Deleting a Password Policy

Enable S2FA for Administrators & Enable S2FA for HelpDesk Users Reporting

Reporting and User Action History Overview

Using Reports User Action History Managing Connections to SQL Server and Report Server Setting Up Reporting Environment

Best Practices for Configuring Reporting Services

Reporting Services Default Configuration Reporting Services Firewall Issues

Password Manager Integration

Quest Enterprise Single Sign-On (QESSO)

Accounts Used in Password Manager

Password Manager Service Account Application Pool Identity Domain Management Account Password Policy Account Account for Using One Identity Quick Connect

Open Communication Ports for Password Manager Customization Options Overview

Customization of Steps in Self-Service and Helpdesk Tasks Email Notification Customization User Agreement Customization Account Search Options Customization Web Interface Customization Customization of Password Policies List Customization of Password Strength Meter Customization of User Name

Feature imparities between the legacy and the new Self-Service Sites Glossary

User Logon Requirements

Getting Started > Configuring Management Policy > Configuring User Scope > User Logon Requirements

In the Active Directory, the logonWorkstation or userWorkstations attribute is available for the user accounts. The Log On option is under the Account tab in Active Directory Users and Computers (ADUC). By default, the value is set to all computers. However, if users want to limit access to the account for security reason, they can do so by listing the computers which the user account is used from, to authenticate in the logonWorkstation or userWorkstations attribute. The users are allowed to use only these computers for authentication.

Password Manager redirects the authentication to Active Directory. When the users in PMUsers enters their credentials, the Active Directory identifies this as an authentication from the PM server. When the logonWorkstation or userWorkstations attribute is used, and the computer is not listed in the attribute, the Active Directory restricts the login.

Adding Secret Questions

Getting Started > Configuring Management Policy > Adding Secret Questions

Secret questions are the main part of the Questions and Answers policy that allows authenticating users on the Self-Service site before users can perform any self-service tasks.

For more information on the Questions and Answers policy, see Configuring Questions and Answers policy.

To create secret questions in the default language

Open the Administration Site by entering the Administration Site URL in the address bar of your web browser. By default, the URL is http(s)://<ComputerName>/PMAdmin/.
On the Administration Site home page, click the Add secret questions link under the Management Policy you want to configure.
On the Configure Questions and Answers Policy page, select the default language for secret questions by clicking the language link in the Default language option.
Under Question List, click the Edit questions link to specify mandatory, optional and helpdesk questions in the default language.
In the Edit Questions in the Default Language dialog box, specify mandatory, optional, and helpdesk questions.
Change the order of questions by clicking the appropriate links.
Click Save to save the questions and close the dialog.

NOTE: Modifying a question list does not affect existing personal Questions or Answers profiles unless the users have to update their profiles as a result of the enforcement rules that require users to update Q&A profiles when the question list is modified. For more information on the enforcement rules, see User Enforcement Rules.

Password Manager Architecture

Password Manager Architecture

Password Manager Components and Third-Party Solutions

Password Manager Service and Administration Site

Self-Service Site

Password Policy Manager

Secure Password Extension

Offline Password Reset

Migration Wizard

SQL Server Database and SQL Server Reporting Services

One Identity Quick Connect Sync Engine

Password Manager Secure Token Server

RADIUS Two-Factor Authentication

Quest Enterprise Single Sign-On

Redistributable Secret Management Service

Location sensitive authentication

Password Manager permission checker

Working with Power BI templates

Password Manager Credential Checker

Typical Deployment Scenarios

Simple Deployment

Deployment of the Legacy Self-Service, Password Manager Self-Service site and Helpdesk Sites on Standalone Servers

Realm Deployment

Multiple Realm Deployment

Password Manager in Perimeter Network

Installing Password Manager in Perimeter Network with Read-Only Domain Controllers

Installing Password Manager in Perimeter Network with Reverse Proxy

Installing Password Manager in Perimeter Networ kwithout AD DS

Management Policy Overview

Management Policy Components

Management Policy and Other Password Manager Settings

Password Policy Overview

Using One Identity Password Policies

Using Fine-Grained Password Policies

Applying Multiple Password Policies

Using Password Policy Manager

Secure Password Extension Overview

Locating Self-Service Site

Launching User Notification

reCAPTCHA Overview

How to Use reCAPTCHA on Password Manager Sites

System Requirements for Using reCAPTCHA

User Enrollment Process Overview

Questions and Answers Policy Overview

Q&A Policy and Authentication

Q&A Policy and User Enforcement

Password Change and Reset Process Overview

Resetting and Changing Password in Connected Systems

Enforcing Password History When Resetting Password

Replicating Password Changes

Data Replication

Replicating Data

Changing Replication Settings

Phone-Based Authentication Service Overview

How to Use Phone-Based Authentication

System Requirements

Password Manager Components and Third-Party Solutions

Password Manager Architecture > Password Manager components and third-party applications

This section provides information about Password Manager components and third-party applications that can be used by Password Manager.

The following is a list of Password Manager components:

Password Manager Service and the Administration site

The Self-Service site

The Helpdesk site

Password Policy Manager (PPM)

Secure Password Extension (SPE)

Offline password reset

Migration Wizard

The following is a list of third-party applications that can be used by Password Manager:

Quick Connect Sync Engine

Password Manager Secure Token Server

RADIUS Two-Factor Authentication

Quest Enterprise Single Sign-On (QESSO)

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione

© ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center