Password Manager requires a separate license for the Telephone verification feature that allows users to authenticate themselves via one-time PINs received as text messages or through automated voice calls. For more information about this feature, see Phone-based authentication service overview.
You can install this license during Password Manager installation or provide the license file later on the Administration site. To install the license after Password Manager installation, see Updating the License.
You must specify a separate scope of users for telephone verification service. Only users included in the scope will have access to the service.
License violation occurs in the following cases
The actual number of users exceeds the maximum licensed number for the telephone verification service. In this case, users will not be able to authenticate via phone if you do not decrease the number of user accounts set in the scope or do not update the license.
The license for the telephone verification service expired. In this case, you will have a grace period of 30 days during which the telephone verification service is available. Once the grace period has expired, users will not be able to authenticate via phone, but, other authentication mechanisms such as Q&A, are not affected by expiry/non-compliance of this Telephone Verification license.
This checklist provides tasks that an administrator should perform when installing Password Manager.
This section describes how to install Password Manager. You will learn how to configure Password Manager Service account and application pool identity. A separate section will guide you through the steps required to install Password Manager.
When installing Password Manager, you are prompted to specify two accounts: Password Manager Service account and application pool identity. Password Manager Service account is an account under which Password Manager Service runs. You can also use Password Manager Service account as a domain management account (the account that is necessary to add managed domains when configuring the user and Helpdesk scopes). To do this, ensure that Password Manager Service account has the minimum permissions required to successfully perform password management tasks in the domain. For more information, see Configuring Permissions for Domain Management Account.
Application pool identity is an account under which the application pool's worker process runs. The account you specify as the application pool identity will be used to run Password Manager Web sites.
For Password Manager to run successfully, the accounts you specify when installing Password Manager must meet the following requirements:
If the App pool account is a domain user with minimal permission, make sure that <PM installation folder>\Web folder must be provided with full control permission set for Application pool identity account.
Before you install Password Manager, make sure that the Password Manager Service account and application pool identity have the rights listed above.
© 2022 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책