By default, the toolbar and the logout pop-up of the Self-Service Site display both the display name and the AD LDS domain name where the user is logged in (in the <User Display Name> (<AD LDS domain>) format). For example:
Sam Smith (ADLDS-domain)
If the security policies of your organization require hiding personally identifiable information (PII) on the user interface, you can configure Password Manager for AD LDS to truncate PII on the Self-Service Site, for example as:
S** S**** (ADLDS-domain)
To hide PII on the Self-Service Site for the logged-in users
-
In the Password Manager Administration Site, navigate to General Settings > Search and Logon Options.
-
Scroll down to Security Settings.
-
Enable Do not show personally identifiable information (PII) for the logged in user.
-
To apply the changes, click Save.
Once you are ready, logging in next time to the Self-Service Site with any user will display truncated PII for the logged-in user.
NOTE: The amount of user information truncated by the Do not show personally identifiable information (PII) for the logged in user setting is affected by the configured user account search options described in Configuring Search Options for the Self-Service Site
-
Truncating PII with the Do not allow users to search for their accounts option also selected will truncate the entire expanded PII. For example, setting the Users must enter the following user account attribute... > Self-Service Site sub-setting to mail will result in both the user display name and their email address being truncated. For example, Sam Smith (sam.smith@example.com) will be truncated as:
S** S**** (s********************)
-
Truncating PII with the Allow users to search for their accounts option also selected will truncate only the user name of the logged-in user, but not the name of the AD LDS instance they are connected to. For example:
S** S**** (adlds-instance)
To prevent bot attacks against your One Identity Password Manager deployment, you can configure anti-bot security measures for the Find User page of the Self-Service Site. Password Manager supports configuring CAPTCHA images and reCAPTCHA v2 or v3 security solutions.
You can configure the Password Manager for AD LDS Self-Service Site to display CAPTCHA images on the Find User page as an anti-bot security measure.
To configure CAPTCHA images for the Self-Service Site
-
In the Password Manager Administration Site, navigate to General Settings > Search and Logon Options.
-
Scroll down to Security Settings.
-
To enable the CAPTCHA or reCAPTCHA settings, enable Show a security image to prevent bot attacks.
-
To configure the CAPTCHA settings, select Display CAPTCHA and click Settings.
-
In the CAPTCHA Settings dialog, configure the following options:
-
Number of characters: Specify the number of characters (1–15) to display on the generated CAPTCHA image. The default value is 5.
-
Noise level: Specify the number and size of noise artifacts on the generated CAPTCHA image. Higher levels mean more difficult readability.
When ready, click OK.
-
Under Security Settings, select Show a security image every time the search is performed to perform the configured anti-bot protection check each time a search is performed on the Find User page of the Self-Service Site.
TIP: Enable this setting for an increased protection against bot attacks.
-
To apply your settings, click Save.
You can configure the Find User page of the Password Manager for AD LDS Self-Service Site to include reCAPTCHA anti-bot protection. Password Manager supports the reCAPTCHA v2 and v3 engines.
|
NOTE: Password Manager for AD LDS supports only the "I'm not a robot" Checkbox challenge of reCAPTCHA v2. It does not support the Invisible reCAPTCHA badge and reCAPTCHA Android app validations. |
Prerequisites
Before you configure reCAPTCHA v2 or v3 protection for the Password Manager for AD LDS Self-Service Site, make sure that the following conditions are met:
-
The server running Password Manager for AD LDS has an active Internet connection and can communicate with the Google reCAPTCHA endpoint.
-
You must sign up and generate a reCAPTCHA site key and secret key from Google. For more information, see the Google reCAPTCHA portal.
|
NOTE: When generating the keys on the Google reCAPTCHA Admin site, provide the domain name(s) where the Password Manager for AD LDS Self-Service Site(s) are deployed. If multiple Self-Service Sites are deployed in several different domains, provide all the domains to generate the required number of site keys and secret keys. |
To configure reCAPTCHA protection for the Self-Service Site
-
In the Password Manager Administration Site, navigate to General Settings > Search and Logon Options.
-
Scroll down to Security Settings.
-
To enable the CAPTCHA or reCAPTCHA settings, enable Show a security image to prevent bot attacks.
-
To configure the reCAPTCHA settings, select Display reCAPTCHA and click Settings.
-
In the reCAPTCHA Settings dialog, configure the following options:
-
Version: Select the reCAPTCHA version to use (v2 or v3).
-
Site key: Enter the site key that was generated on the Google reCAPTCHA Admin site.
-
Secret key: Enter the secret key that was generated on the Google reCAPTCHA Admin site.
-
Theme: Select the visual theme (Light or Dark) to use with the reCAPTCHA widget.
|
NOTE: This setting is available only for reCAPTCHA v2. |
-
Enter reCAPTCHA v3 Score: Specify the reCAPTCHA v3 score threshold (0.0–1.0) under which the interaction is considered to be a bot attempt. The default value is 0.5, and One Identity recommends using it until further adjustments are made based on the actual site traffic.
|
NOTE: This setting is available only for reCAPTCHA v3. |
Click OK.
-
Under Security Settings, select Show a security image every time the search is performed to perform the configured anti-bot protection check each time a search is performed on the Find User page of the Self-Service Site.
TIP: Enable this setting for an increased protection against bot attacks.
- To apply your settings, click Save.
Once you configured reCAPTCHA, the Find User page of the Self-Service Site will be updated to include the configured anti-bot protection method:
-
If reCAPTCHA v2 is configured, the I'm not a robot check box widget appears.
-
If reCAPTCHA v3 is configured, the reCAPTCHA widget appears at the bottom right corner of the screen.