Chat now with support
Chat with Support

Password Manager 5.11.1 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Working with Redistributable Secret Management account Email Templates
Password Policies Enable S2FA for Administrators and Enable S2FA for HelpDesk Users Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Appendix D: Feature imparities between the legacy and the new Self-Service Sites Glossary

Changing Access Account

To access a managed AD LDS instance, you can use the Password Manager Service account, an Active Directory account or an AD LDS account. For more information on how to configure the access account, see Configuring Permissions for Access Account. Password Manager Service account is the account that was configured during Password Manager installation. Password Manager Service account may be used as the access account only when the Service account has all required permissions.

To modify account used to access an AD LDS instance

  1. On the Administration site, select the Management Policy you want to configure and click the User Scope link.
  2. On the User Scope page, select the connection for which you want to change access account and click Edit.
  3. On the User Scope Settings for #Application Directory Partition# page, click Edit.
  4. In the Access account section of the Edit AD LDS Instance Connection dialog, select Password Manager Service account to have Password Manager access the managed instance using the Password Manager Service account. Otherwise, select The following Active Directory account or The following AD LDS account and then enter the required user name and password.
  5. Click Save and select how you want to apply the updated settings. You can either apply the new settings for this user scope only, or everywhere where this connection is used.

Removing Connection to AD LDS Instance

To remove a connection to AD LDS instance

  1. On the Administration site, select the Management Policy you want to configure and click the User Scope link.
  2. On the User Scope page, select the connection you want to delete and click Remove. Note, that the connection will be removed from this user scope only. If you want to permanently remove the connection, remove it everywhere where it is used, and then on the General Settings| AD LDS Instance Connections tab, click Remove under the required connection.

Adding Secret Questions

Secret questions are the main part of the Questions and Answers policy that allows authenticating users on the Self-Service site before users can perform any self-service tasks.

For more information on the Questions and Answers policy, see Configuring Questions and Answers Policy.

To create secret questions in the default language

  1. Open the Administration site by typing the Administration site URL in the address bar of your Web browser. By default, the URL is http(s)://<ComputerName>/PMAdminADLDS/.
  2. On the Administration site home page, click the Add secret questions link under the Management Policy you want to configure.
  3. On the Configure Questions and Answers Policy page, click Add questions in the default language.
  4. In the Edit Questions in the Default Language dialog box, specify mandatory, optional and helpdesk questions. To change the default language for secret questions click the Change language link.
  5. Change questions’ order by clicking the appropriate links.
  6. Click Save to save the questions and close the dialog box.

    IMPORTANT: Modifying a question list does not affect existing personal Questions or Answers profiles unless the users have to update their profiles as a result of the enforcement rules that require users to update Q&A profiles when the question list is modified. For more information on the enforcement rules, see User Enforcement Rules.

Editing and Deleting secret questions

Translation of questions can be made only to the questions that have been added in the default language.

To delete questions of a default language

  1. Open the Administration site by typing the Administration site URL in the address bar of your web browser. By default, the URL is

    http(s)://<ComputerName>/PMAdminADLDS/.
  2. On the Administration site home page, click the Q&A Policy link under the Management Policy.
  3. On the Configure Questions and Answers Policy page, click Edit questions under Question List. The Edit Questions in the Default Language page appears.
  4. Click X against the question that has to be deleted, and then click Save.

To delete questions of a specific language

  1. Open the Administration site by typing the Administration site URL in the address bar of your web browser. By default, the URL is

    http(s)://<ComputerName>/PMAdminADLDS/.
  2. On the Administration site home page, click the Q&A Policy link under the Management Policy.
  3. On the Configure Questions and Answers Policy page, click the language for which the questions have to be deleted. The Translate Questions page appears.
  4. Click Delete questions, and then click OK.

 

To Edit questions of a default language

  1. On the home page of the Administration site, click Q&A Policy link under the Management Policy.
  2. On the Configure Questions and Answers Policy page, under Questions List, click the Edit questions link.
  3. In the Edit questions in the Default Language page, edit the required question.
  4. Click Save.

To Edit questions of a specific language

  1. On the home page of the Administration site, click Q&A Policy link under the Management Policy.
  2. On the Configure Questions and Answers Policy page, navigate to the Translations: section and click the language for which the questions have to be edited.
  3. In the translated text box against each of the questions, edit the required question.
  4. Click Save.

 

NOTE:

  • Q&A Policy supports multiple languages. It requires the Password Manager Administrator to configure the required languages for the users to see the same in the Self service site.
  • Change language link appears in the self-service site only when the Password Manager administrator has translated the questions in the required languages.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating