In the Active Directory, the logonWorkstation or userWorkstations attribute is available for the user accounts. The Log On option is under the Account tab in Active Directory Users and Computers (ADUC). By default, the value is set to all computers. However, if users want to limit access to the account for security reason, they can do so by listing the computers which the user account is used from, to authenticate in the logonWorkstation or userWorkstations attribute. The users are allowed to use only these computers for authentication.
Password Manager redirects the authentication to Active Directory. When the users in PMUsers enters their credentials, the Active Directory identifies this as an authentication from the PM server. When the logonWorkstation or userWorkstations attribute is used, and the computer is not listed in the attribute, the Active Directory restricts the login.
Secret questions are the main part of the Questions and Answers policy that allows authenticating users on the Self-Service site before users can perform any self-service tasks.
For more information on the Questions and Answers policy, see Configuring Questions and Answers policy.
To create secret questions in the default language
- Open the Administration site by typing the Administration site URL in the address bar of your web browser. By default, the URL is http(s)://<ComputerName>/PMAdmin/.
- On the Administration site home page, click the Add secret questions link under the Management Policy you want to configure.
- On the Configure Questions and Answers Policy page, select the default language for secret questions by clicking the language link in the Default language option.
- Under Question List, click the Edit questions link to specify mandatory, optional and Helpdesk questions in the default language.
- In the Edit Questions in the Default Language dialog box, specify mandatory, optional, and Helpdesk questions.
- Change the order of questions by clicking the appropriate links.
- Click Save to save the questions and close the dialog.
|
NOTE: Modifying a question list does not affect existing personal Questions or Answers profiles unless the users have to update their profiles as a result of the enforcement rules that require users to update Q&A profiles when the question list is modified. For more information on the enforcement rules, see User Enforcement Rules. |
Password Manager Architecture
Password Manager components and third-party applications
This section provides information about Password Manager components and third-party applications that can be used by Password Manager.
The following is a list of Password Manager components:
Password Manager Service and the Administration site
The Self-Service site
The Helpdesk site
Password Policy Manager (PPM)
Secure Password Extension (SPE)
Offline password reset
Migration Wizard
The following is a list of third-party applications that can be used by Password Manager:
TeleSign
Quick Connect Sync Engine
Defender
Password Manager Secure Token Server
RADIUS Two-Factor Authentication
Quest Enterprise Single Sign-On (QESSO)