Reporting Services Firewall Issues
If Password Manager fails to operate properly when Reporting Services are separated from Password Manager by a firewall, specific ports should be open in the firewall.
To get the complete list of Password Manager server port numbers, that have to be open for the application to function properly, see Appendix B: Open Communication Ports for Password Manager for AD LDS.
Accounts Used in Password Manager for AD LDS
Accounts Used in Password Manager for AD LDS
The following accounts can be used in Password Manager:
-
Password Manager Service account
-
Application pool identity
-
Access account for AD LDS
-
Password policy account
-
Account for One Identity Quick Connect
Password Manager Service Account
Password Manager Service account is used to install Password Manager. For Password Manager to run successfully, Password Manager Service account must be a member of the Administrators group on the Web server where Password Manager is installed.
Application Pool Identity
Application pool identity is an account under which the application pool's worker process runs. The account you specify as the application pool identity during Password Manager setup will be used to run Password Manager Web sites.
Application pool identity account must meet the following requirements:
- This account must be a member of the IIS_IUSRS local group on the Web server in IIS 7.0.
- This account must have permissions to create files in the <Password Manager installation folder>\App_Data folder.
- Application pool identity account must the full control permission set for the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager for AD LDS.