Chat now with support
Chat with Support

Password Manager 5.9.7 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Password Policies One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

RADIUS Two-Factor Authentication

RADIUS Two-Factor Authentication enables two-factor authentication on Password Manager. RADIUS Two-Factor Authentication uses one-time passwords to authenticate users on the Self-Service site and Helpdesk site.

To configure RADIUS Two-Factor Authentication in Password Manager, you have to configure the RADIUS server details in Password Manager.

To configure RADIUS Two-Factor Authentication for authentication

  1. On the home page of the Administration site, click GeneralSettings, and click the RADIUS Two-Factor tab.
  2. In the RADIUS Server (IP address): text box, enter the RADIUS server IP address.
  3. In the Port number text box, enter the port number assigned during configuration of RADIUS.
  4. In the RADIUS Shared Secret text box, enter the password set during RADIUS configuration.

  5. Select the check box, if Radius server requires two-step authentication like Azure MFA.

    		 NOTE: The Administrator can choose which user’s active directory attributes to be used for authentication from the Specify user's AD attribute to authenticate the user dropdown box. The administrator can also specify additional active directory attributes to use for authentication apart from the list.

  6. From the Additional RADIUS Attribute section, select the required RADIUS attribute from the drop-down menu. Specify the value for the selected attribute and click +. The RADIUS attributes and the corresponding values that you add is displayed. Click - to remove the RADIUS attribute you added.

    NOTE: The RADIUS attributes supported are NAS-IP-Address, NAS-Port, NAS-Port-Type, and NAS-Identifier.

  7. Click Save.

For more information, see Authenticate with RADIUS Two-Factor Authentication.

Redistributable Secret Management Service

Redistributable Secret Management Service

Redistributable Secret Management Service (rSMS) can be used to manage user passwords across multiple connected systems. Using the rSMS service it is possible to quickly synchronize the passwords across connected systems. By default, the rSMS service is installed with the Password Manager software.

Alternative option

The Redistributable Secret Management Service (rSMS) feature, can be used as an alternative to Quick Connect Sync Engine.

NOTE: Target platform IP address or the Hostname should not be same server where One Identity rSMS service is installed.

Location sensitive authentication

The location sensitive authentication feature allow you to skip certain authentication methods for users trying to execute a workflow on Self-Service site from a defined corporate network. Using this feature, you can also restrict the capability of searching for the users on Self-Service Site from IP addresses that is not specified in the defined corporate IP address range.

 IMPORTANT: It is mandatory to have at least one authentication method for users accessing the application from the defined corporate network.

You can use the location sensitive authentication feature for any of the following authentication types:

  • Q&A profile (random questions)

  • Q&A profile (specific questions)

  • Defender

  • Starling Two-Factor Authentication

  • RADIUS Two-Factor Authentication

  • Phone

Configuring corporate IP address range

You must specify a defined corporate IP address range that help in determining if the users are trying to execute the workflow from an internal or external network.

  1. On the home page of the Administration site, click General Settings | Corporate IP Address Ranges.

  2. On the Corporate IP Address Ranges page, click Add Corporate IP Address Range.

  3. Provide the Network Address and Subnet Mask.

  4. Click Save.

    The corporate IP address range is successfully added.

To edit the defined corporate IP address, click Edit. Click Remove to delete the defined corporate IP address.

Working with Power BI

Microsoft Power BI is an analytics service that is used to visualize large data with business intelligence. You can generate multiples interactive reports and customize dashboards with data insights and plot them on graphs to simplify data visualization.

IMPORTANT:The existing reporting in Password Manager is retained for the current release, after which it will be deprecated and replaced by Power BI reporting service.

The predefined Password Manager PowerBI template is available in Password Manager\Setup\Template\PowerBI Template of the installation CD. You can extend the functionality by exporting the predefined template using the PowerBI Desktop software. The template provides the following reports by default:

  • User Status

  • Actions by Users

  • Actions by Number of Users l

  • Users actions by Month

  • Email Notification by Type and User

  • Helpdesk usage by Actions

  • Helpdesk Usage by Operators

  • Helpdesk Usage by Users

  • Registration by Month

To import the predefined PowerBI template

  1. Download and install the Power BI Desktop software from the Microsoft Download Center.

  2. Provide the credentials to login to the Power BI Desktop software.

  3. Navigate to File | Import | Power BI template.

  4. Select the predefined Power BI template and click Open.

    The SQL Server database window is displayed.

  5. The PowerBI Desktop initiates the process to connect to the database from which the template is created. Click Cancel.

  6. The Refresh window is displayed. Click Cancel.

  7. Navigate to the Data Source settings in the Power BI Desktop.

    The Data source settings window is displayed.

  8. Click Change Source.

  9. Provide the SQL Server name in the Server field and the Database name in the Database field.

  10. Click OK.

  11. Click Apply changes in the warning message to apply the latest changes.

    The Power BI Desktop is connected the database and all the updates are displayed.

Alternative option

As an alternative to generating reports using predefined Power BI templates, you can use the Reporting feature. For more information, see Reporting and User Action History Overview

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating