This guide is intended to assist in the initial configuration of Password Manager. For complete configuration options, see the Password Manager Administration Guide.
This guide is intended to assist in the initial configuration of Password Manager. For complete configuration options, see the Password Manager Administration Guide.
After installing Password Manager, you must initialize it. After initializing, you can configure the Management policies with the user and helpdesk scopes, Questions and Answers policy and workflow configuration. When initializing a Password Manager instance, you can choose one of the two options: create a unique instance or a replica of an existing instance. When you create the replica of the existing instance, the new instance shares its entire configuration with the existing instance. Password Manager instances sharing the same configuration are referred to as a Password Manager realm. For more information about Password Manager realms, see Installing multiple instances of Password Manager.
To initialize Password Manager instance
Open the Administration Site by entering the following address: http(s)://<computer-name>/PMAdmin, where <computer-name> is the name of the computer on which Password Manager is installed. The Instance Initialization page will be displayed automatically.
On the Instance Initialization page, select one of the following options, depending on what type of instance you want to create:
Unique instance: Creates a new instance.
Replica of existing instance: Joins a new instance to a Password Manager realm.
If you have selected the option Replica of an existing instance, follow the instructions provided in Installing multiple instances of Password Manager.
If you have selected the option Unique instance, under Service connection settings, specify the following:
Certificate name: Select the certificate that was issued for the computer running the Password Manager Service. If you decide to install the Self-Service and Helpdesk Sites separately from the Password Manager Service, it is recommended to replace the built-in certificate that is used to encrypt traffic between the Service and the Sites. For more information, see the Password Manager Administration Guide.
Port number: Specify the port that the Self-Service and Helpdesk Sites will use to connect to the Password Manager Service. By default, port 8081 is used.
Under Advanced settings, specify the following:
Encryption algorithm: Specify the encryption algorithm that will be used to encrypt user answers to secret questions and other security sensitive information. You can select from two options: Triple DES (default) and AES.
Encryption key length: Specify whether a 192-bit or 256-bit encryption key will be used.
Hashing algorithm: Specify the hashing algorithm that will be used to hash user answers to secret questions. The following algorithms are available: MD5 and SHA-256 (default).
NOTE: If the Store answers using reversible encryption option is selected in the Q&A Profile settings, Password Manager will encrypt user answers . Otherwise, the answers will be hashed.
Store user’s Questions and Answers profile in the following attribute of user’s account in Active Directory: In the text box below, type the attribute name that will be used for storing Q&A profile data. By default, Password Manager stores Q&A profile data in the comment attribute of each user's account and configuration data in the comment attribute of a configuration storage account, which is automatically created when installing Password Manager.
Click Save to complete instance initialization.
Several Password Manager instances sharing common configuration are referred to as a realm. A realm is a group of Password Manager Service instances sharing all settings and having the same set of Management Policies, that is, the same user and helpdesk scopes, Q&A policy, and workflow settings. Password Manager realms provide for enhanced availability and fault tolerance.
IMPORTANT: It is not recommended to edit Password Manager settings simultaneously on multiple instances belonging to one realm. Simultaneous modification of settings on multiple Password Manager instances may cause data loss.
To create a Password Manager Realm
Export a configuration file from the instance belonging to the target realm.
To export instance settings to the configuration file, connect to the Administration Site of the instance belonging to the target realm.
On the menu bar, click General Settings, then click Import/Export.
On the Import/Export Configuration Settings page, select the Export configuration settings option and click Export to save the configuration file.
Install a new Password Manager instance by running Password Manager x64 from the autorun window of the installation media.
Open the Administration Site by entering the following address: http(s)://<computer-name>/PMAdmin, where <computer-name> is the name of the computer on which Password Manager is installed. On the Instance Initialization page, select the Replica of existing instance option.
Click Upload to select the configuration file that you exported from the instance belonging to the target realm.
Enter the password to the configuration file and click Save.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center