サポートと今すぐチャット
サポートとのチャット

Password Manager 5.9.7 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Password Policies One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Authentication Methods

Authentication Methods

Use this activity to select which authentication methods to display in the User site. The three types of authentication methods available to select for the administrator are as follows:

  • Security questions
  • Corporate authentication
  • Personal Email

IMPORTANT: The administrator can select any one of the activities selected in the registration method, to make it default mode for authentication for the users on the User site. Select one of the settings radio buttons from the right side to make it default authentication method.
 

NOTE:

  • When the administrator select registration method(s), only the respective authentication methods are visible to the administrator in Authentication methods. See Register
  • If the Administrator has selected Allow user to edit corporate details in corporate authentication of registration mode, a user cannot update the corporate email and corporate mobile number, if they are already populated.
Security Questions

Use this activity to authenticate a user with the personal Questions and Answers profile. In this activity, the administrator can specify how many questions from the Questions and Answers profile the user must answer for authentication. There are two methods to authenticate the users using Q&A method.

Corporate Authentication

Use this activity to authenticate a user with a mobile device. There are three methods to authenticate the users using a mobile device.

Personal Email

Authenticate via Passcode: Use this activity to authenticate the users with a passcode. The administrator can configure passcode length and expiry time limit for the passcode.

Authenticate with Password

Use this activity to authenticate users by their passwords when running a workflow.

This activity has the following settings:

  • Authenticate users with expired passwords. Select this check box to grant access to the Self-Service site to users who are required to change their passwords at next logon. If you clear this check box, users will be denied any access to Password Manager functionality when their passwords are expired or should be changed at next logon.
  • Authenticate users with disabled accounts. If you select this check box, Password Manager will allow users whose accounts are disabled to unlock and re-enable their accounts, reset and manage passwords by using their Q&A profiles.

Authenticate with Q&A Profile (Random Questions)

Use this activity to authenticate a user with the personal Questions and Answers profile. In this activity you can specify how many questions from the Questions and Answers profile the user must answer to be authenticated. But you cannot select specific questions from user’s Q&A profile. To require users to answer specific questions from their Q&A profiles, use the Authenticate with Q&A profile (specific questions) activity.

You can configure this activity to display all questions on a single page or only one or the specified number of questions at a time, so that users will not be able to see next questions before they answer the current ones. To display all questions on a single page, use this activity one time in a workflow. To display questions consecutively on several pages, use this activity several times in a workflow (place several Authenticate with Q&A profile (random questions) activities in a row).

This activity has the following settings:

  1. All questions from user’s Q&A profile. Select this option to have users answer all questions from their Q&A profiles during authentication.
  2. This number of randomly selected questions. Select this option to set the number of questions required to authenticate users. You can specify what types of secret questions (mandatory, optional or user-defined) should be used to authenticate the user by selecting corresponding check boxes.
  3. Do the following if the number of questions in user’s Q&A profile is less than specified. Using this option you can either allow or prohibit authentication for users if their Q&A profiles do not have enough secret questions. If you allow authentication, then all questions from the Q&A profile will be used to authenticate a user. If you decide to prohibit authentication, the workflow in which this activity is used will not be performed. The user will have to update his Q&A profile first, after that he will be able to perform the task that contains this authentication activity.

Allow users to see what questions were answered incorrectly. Select this check box to allow users to see to what questions they have provided incorrect answers during authentication.

Authenticate with Q&A Profile (Specific Questions)

Use this activity to authenticate a user with the personal Questions and Answers profile. In this activity you can select specific questions from user’s Q&A profile that the user must answer to be authenticated.

You can configure this activity to display all questions on a single page or only one or specified number of questions at a time, so that users will not be able to see next questions before they answer the current ones. To display all questions on a single page, use this activity one time in a workflow and select the required questions. To display questions consecutively on several pages, use this activity several times in a workflow (place several Authenticate with Q&A profile (specific questions) activities in a row).

This activity has the following settings:

  • Mandatory questions. Specify mandatory questions from users’ Q&A profiles that users will answer during authentication.
  • Optional questions. Specify optional questions from users’ Q&A profiles that users will answer during authentication.
  • User-defined questions. Specify user-defined questions from users’ Q&A profiles that users will answer during authentication.
  • Allow users to see what questions were answered incorrectly. Select this check box to allow users to see to what questions they have provided incorrect answers during authentication.

IMPORTANT: If the questions you selected in this activity cannot be found in user’s Q&A profile, the user will not be authenticated and the workflow containing this activity will not be performed for this user. The user will have to update his Q&A profile to answer the required secret questions.
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択