How to Use Phone-Based Authentication
To use phone-based authentication on the Self-Service and Helpdesk sites, add the Authenticate via Phone activity in self-service and helpdesk workflows. When configuring this activity, you can specify Active Directory attributes from which phone numbers can be retrieved, and available authentication methods: that is, SMS or automated voice call.
Phone numbers that belong to Private Branch Exchange (PBX) are also supported. PBX phones require either a live switchboard operator or an automated attendant to complete the call. By default, Password Manager supports automated attendant scenario. It can be configured for live operators by changing PhoneNumberExtensionType parameter in QPM.Service.Host.exe.config file. For automated attendants, set PhoneNumberExtensionType to 1 and for live operators, set PhoneNumberExtensionType to 2.
For PhoneNumberExtensionType set to 1 (DTMF digits are dialed), include commas in the PhoneNumberExtensionTemplate, where each comma represents one second pause in the dialing sequence. To increase the pause in the dialing sequence, add the required number of commas in PhoneNumberExtensionTemplate in the configuration file.
|
|
NOTE: The phone number extension must be configured with extension separator in the Active Directory. Phone number with extension must have "x" or "X" in it to separate the extension number from the phone number as given in the following examples:
+91-98881234567 Extension 1234 +91-98881234567 Ext 1234 +91-98881234567 Extn 1234 +91-98861234567 x 1234 +91-98861234567 Ex 1234 |
For more information on configuring this activity, see Authenticate via phone.
System Requirements
To use the phone-based authentication service, the following requirements must be met:
- You have a valid license for the phone-based authentication service (see the About page of the Administration site for the service status).
- Outbound SSL connections are allowed from the computer on which Password Manager Service runs to the following address: https://*.telesign.com. * can be replaced with any valid subdomain name; for example, https://api.telesign.com or https://www.telesign.com.
Management Policies
Checklist: Configuring Password Manager
Understanding Management Policies
Configuring Access to the Administration Site
Configuring Access to the Self-Service Site
Configuring Access to the Helpdesk Site
Specifying Advanced Options for Domain Connection
Changing Domain Management Account
Configuring Questions and Answers Policy
Editing and Deleting Questions
Configuring Q&A Profile Settings
Importing and Exporting Workflows
Importing and Exporting Custom Activities
Self-Service Activities Overview
Email User if Workflow Succeeds
Email Administrator if Workflow Succeeds
Email Administrator if Workflow Fails
Invite Users to Create/Update Q&A Profiles
Checklist: Configuring Password Manager
When you have installed Password Manager, follow this checklist to configure the solution to implement automated and secure password management in an Active Directory domain.
|
Step |
Reference |
|
Configure a user scope. |
|
|
Configure the Questions and Answers policy: Create language-specific question lists, and configure Q&A profile settings if required. |
|
|
Configure a Helpdesk scope to grant access permissions for the Helpdesk site to Helpdesk operators and delegate administrative tasks. |
|
|
Configure Self-Service and Helpdesk workflows to define what tasks will be available on the Self-Service and Helpdesk sites. |
Legacy Self-Service or Password Manager Self-Service site workflows |
|
If required, configure rules for user registration notification and enforcement by specifying a registration schedule and enabling registration notification. |
|
|
Configure general settings that apply to all user scopes (such as account search options, SMTP servers, scheduled tasks, and so on.) |
|
|
If you want to provide access to the Self-Service site from the Windows login screen and notify users that they should create or update Q&A profiles, install Secure Password Extension. |
|
|
If you want to use Password Manager to enforce password policies, you must install Password Policy Manager (PPM) on all domain controllers in the domain. Then, create password policies and configure password policy rules. |
|
|
If you want to use Password Manager for cross-platform password synchronization, install One Identity Quick Connect Sync Engine and configure the product to integrate with Password Manager. |
|
|
Ensure that all Password Manager users have Java Script enabled in Microsoft Internet Explorer settings. |
|
|
Ensure that the users know the Self-Service site URL and can access the site to register and perform password self-management tasks. |
|