-
Title
How to manually override Password Manager SelfService URL -
Description
There may be an occasion to force the Secure Password Extension (SPE) to use a specific URL rather then using the default URLs that are published in the Service Connection Points in Active Directory. This solution shows how to manually override the Password Manager Self-Service URL.
-
Resolution
It is recommended to take advantage of the included Password Manager ADMx template for Group Policy Object (GPO) settings. Details can be found in the Password Manager Admin Guide.
If a manual update is required, do the following on the machine with the SPE installed:
WARNING: USE REGISTRY EDITOR AT YOUR OWN RISK
On the machine running the SPE (Secure Password Extension):- Launch Regedit
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\One Identity\Password Manager
- NOTE: If the One Identity and Password Manager keys do not exist, create them
- Create a new REG_DWORD (32) entry
- Call it ForceRegistryURL with a value of 1
- Create a new String Value (REG_SZ) called SelfServiceURL
- Enter the URL for SelfService, such as http://myserver.mydomain.com/PMSelfService
NOTE:
1. The URL must contain /PMSelfService or the SPE will not resolve the site properly. The SPE checks and validates that the endpoint is a valid Password Manager Self-Service site, and thus any redirects that may exist in IIS will not work in the SPE even if they resolve in a browser from the same client machine.
2. If HTTPS is used for the URL, the client must be able to validate it, meaning it must be a valid Certificate the computer can verify. Self-signed certificates may not work.
Valid examples of the URL:
https://reset.domain.com/PMSelfService
https://server12.mycustomdomain.com/PMUser
https://passwordreset.internal.local/PMSelfService
https://reset.domain.com/CustomAPIName
https://reset.domain.com
Invalid example: -
Attachments
