In the Active Directory, the logonWorkstation or userWorkstations attribute is available for the user accounts. The Log On option is under the Account tab in Active Directory Users and Computers (ADUC). By default, the value is set to all computers. However, if users want to limit access to the account for security reason, they can do so by listing the computers which the user account is used from, to authenticate in the logonWorkstation or userWorkstations attribute. The users are allowed to use only these computers for authentication.
Password Manager redirects the authentication to Active Directory. When the users in PMUsers enters their credentials, the Active Directory identifies this as an authentication from the PM server. When the logonWorkstation or userWorkstations attribute is used, and the computer is not listed in the attribute, the Active Directory restricts the login.
Secret questions are the main part of the Questions and Answers policy that allows authenticating users on the Self-Service site before users can perform any self-service tasks.
For more information on the Questions and Answers policy, see Configuring Questions and Answers policy.
To create secret questions in the default language
-
Open the Administration Site by entering the Administration Site URL in the address bar of your web browser. By default, the URL is http(s)://<ComputerName>/PMAdmin/.
-
On the Administration Site home page, click the Add secret questions link under the Management Policy you want to configure.
-
On the Configure Questions and Answers Policy page, select the default language for secret questions by clicking the language link in the Default language option.
-
Under Question List, click the Edit questions link to specify mandatory, optional and helpdesk questions in the default language.
-
In the Edit Questions in the Default Language dialog box, specify mandatory, optional, and helpdesk questions.
-
Change the order of questions by clicking the appropriate links.
-
Click Save to save the questions and close the dialog.
NOTE: Modifying a question list does not affect existing personal Questions or Answers profiles unless the users have to update their profiles as a result of the enforcement rules that require users to update Q&A profiles when the question list is modified. For more information on the enforcement rules, see User Enforcement Rules.
Password Manager Architecture