サポートと今すぐチャット
サポートとのチャット

Password Manager 5.14.3 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring Access to the Administration Site Configuring Access to the Password Manager Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Password Manager Self-Service Site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Glossary

Editing and Deleting secret questions

Translation of questions can be made only to the questions that have been added in the default language.

To delete questions of a default language

  1. To open the Administration Site, enter the Administration Site URL in the address bar of your web browser. By default, the URL is http(s)://<ComputerName>/PMAdminADLDS/.

  2. On the Administration Site home page, click the Q&A Policy link under the Management Policy.

  3. On the Configure Questions and Answers Policy page, click Edit questions under Question List. The Edit Questions in the Default Language page appears.

  4. Click X against the question that has to be deleted, then click Save.

To delete questions of a specific language

  1. To open the Administration Site, enter the Administration Site URL in the address bar of your web browser. By default, the URL is http(s)://<ComputerName>/PMAdminADLDS/.

  2. On the Administration Site home page, click the Q&A Policy link under the Management Policy.

  3. On the Configure Questions and Answers Policy page, click the language for which the questions have to be deleted. The Translate Questions page appears.

  4. Click Delete questions, then click OK.

To Edit questions of a default language

  1. On the home page of the Administration Site, click Q&A Policy link under the Management Policy.

  2. On the Configure Questions and Answers Policy page, under Questions List, click the Edit questions link.

  3. In the Edit questions in the Default Language page, edit the required question.

  4. Click Save.

To Edit questions of a specific language

  1. On the home page of the Administration Site, click Q&A Policy link under the Management Policy.

  2. On the Configure Questions and Answers Policy page, navigate to the Translations: section and click the language for which the questions have to be edited.

  3. In the translated text box against each of the questions, edit the required question.

  4. Click Save.

IMPORTANT:

  • Q&A Policy supports multiple languages. It requires the Password Manager Administrator to configure the required languages for the users to see the same in the Self service site.

  • Change language link appears in the Self-Service Site only when the Password Manager administrator has translated the questions in the required languages.

Configuring Q&A Profile Settings

Q&A profile settings allow you to define settings and requirements for user’s questions and answers. For example, you can prevent users from using the same answer for multiple questions. Questions and answers that do not comply with the policy will not be accepted.

To configure Questions and Answers policy

  1. Connect to the Administration Site by typing the Administration Site URL in the address bar of your Web browser. By default, the URL is http://<ComputerName>/PMAdminADLDS/.

    NOTE: When prompted to log in, provide your domain user name in a domainname\username format.

  2. On the Administration Site home page, click the Q&A Policy link under the Management Policy you want to configure.

  3. On the Configure Questions and Answers Policy page, click the Q&A profile settings link.

  4. In the Q&A Profile Settings dialog, specify the following options:

    Table 5: Questions and Answers profile settings

    Option

    Description

    Question Settings

    Users must answer this number of optional questions to register

    Set the required number of optional questions that a user must answer to create a Questions and Answers profile.

    Users must answer this number of user-defined questions to register

    Set the required number of user-defined questions that a user must specify to create a Questions and Answers profile.

    Minimum length of user-defined questions

    Set the minimum number of characters that user-defined questions can contain.

    Answer Settings

     

    Minimum length of answers

    Set the minimum number of characters that users' answers can contain.

    Reject the same answers for different questions

    Select to prevent users from specifying same answers for different questions.

    Reject answers that contain corresponding questions

    Select to prevent users from specifying answers that contain corresponding questions.

    Store answers using reversible encryption

    Select to store users' answers using reversible encryption. If you do not select this option, answers to mandatory, optional and user-defined questions are hashed. Note, that answers to helpdesk questions are always stored using reversible encryption, even if this option is not selected.

    Security Settings

     

    Allow users to hide their answers

    Select this check box to allow users to hide their answers on the screen, so that answer entry fields will look like a series of asterisks.

    Hide users’ answers by default

    Select this check box to have Password Manager display users' answers as asterisks while they are typing in their answers.

    Do not require users to confirm answers if answers are hidden

    Select this check box to allow users to enter their answers only once, if answers are hidden.

  5. Click Save.

Workflow overview

To customize the behavior of Password Manager for AD LDS, configure workflows in the Password Manager Administration Site. Workflows have 2 types:

  • Self-service workflows customize the behavior of the Password Manager Self-Service Site. All configured and enabled self-service workflows are available as tasks on the Self-Service Site for Password Manager users.

  • Helpdesk workflows customize the behavior of the Password Manager Helpdesk Site. All configured and enabled Helpdesk workflows are available on the Helpdesk Site as helpdesk operator actions.

To modify the behavior of an existing workflow task, in the Home page of the Password Manager Administration Site, click the management policy workflow you want to configure, and click Workflow settings.

Workflow structure

A workflow consists of activities. You can configure each activity independently.

Workflow activities have 3 types:

  • Authentication provides authentication options, such as password-based authentication, Questions and Answers profiles, or phone-based authentication.

  • Actions are core components in workflows, including activities like unlocking accounts, editing Q&A profiles, or resetting passwords.

  • Notifications let you configure email notifications for users and administrators, and specify the conditions under which Password Manager for AD LDS will send these notifications.

You can also create custom activities. For more information, see Custom Activities.

Password Manager for AD LDS lists the available activities in the left pane of the Workflow Designer. To add an activity to a workflow, drag and drop it into the right pane of the Workflow Designer. To remove an activity, click Close on the activity box.

Password Manager for AD LDS displays the workflow structure in the right pane of the Workflow Designer, indicating the type and order of activities to perform in the workflow. To change the order of the activities, simply move them up or down.

Figure 1: Home > <management-policy> > <workflow> > Workflow Settings

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択