What are Management Policies used for in Password Manager?
Management Policy is a core element of Password Manager. Using the Management Policy you can configure workflows for tasks such as registering new users and resetting passwords. For each Management Policy you can configure a user scope, and delegate helpdesk tasks by configuring a helpdesk scope. You can configure multiple Management Policies with different user and helpdesk scopes, workflows and secret questions. The default Management Policy with preconfigured workflows is available out of the box.
A Management Policy consists of the following components:
• Questions and Answers policy
• User scope
• Helpdesk scope
• User enforcement rules and reminders
User scope is a group or several groups of users managed by Password Manager. When configuring a user scope for a Management Policy, you can add user groups from different domains. For more information about the user scope, see “Configuring User Scope” in the Password Manager Admin guide.
Helpdesk scope is a group of helpdesk operators who are allowed to manage users from the user scope of the same Management Policy. By configuring the helpdesk scope you can delegate administrative tasks to specified helpdesk operators. For more information about the helpdesk scope, see “Configuring Helpdesk Scope” in the Password Manager Admin guide.
Questions and Answers policy (Q&A policy) is a policy within which secret questions and Q&A profile settings are defined. Secret questions are a set of mandatory, optional and helpdesk questions for users’ Questions and Answers profiles. These questions are used to register users with Password Manager and later to authenticate users when they use the Self-Service site. Q&A profile settings define how many questions a user must answer to create Q&A profile settings and set requirements for user’s questions and answers. For more information about Q&A policy, see “Configuring Questions and Answers Policy” in the Password Manager Admin guide.
All workflows are divided into two categories: Self-Service and Helpdesk workflows. The self-service workflows define the tasks available to users on the Self-Service site, i.e. every configured workflow is a task on the Self-Service site. The helpdesk workflows define what tasks are available to helpdesk operators on the Helpdesk site. A workflow consists of several activities that you can add to or remove from the workflow to customize it.
The Default Management Policy offers preconfigured workflows that can be easily customized. For more information about workflows, see “Workflow Overview” on page 60. User enforcement rules and reminders allow you to set up the enforcement schedule to invite users to create or update their Q&A profiles and configure the reminder that will notify users to change passwords before password expiration. For more information, see “User Enforcement Rules and Reminders” in the Admin guide.
Password Manager 5.7.1 Admin Guide can be found here: