Chat now with support
Chat with Support

Password Manager 5.11.1 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Working with Redistributable Secret Management account Email Templates
Password Policies Enable S2FA for Administrators and Enable S2FA for HelpDesk Users Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Appendix D: Feature imparities between the legacy and the new Self-Service Sites Glossary

User Action History

User action history is a history of all actions performed by all users registered with Password Manager. This functionality is provided by the Enterprise Auditing Service. This service is installed during Password Manager installation and does not require any configuration.

To view user action history, you need to add a connection to SQL Server.

To connect to SQL Server

  1. On the home page of the Password Manager Administration site, click Reporting.
  2. On the Statistics page, click the History link under the Reporting and User Action History title.
  3. On the History page, click Connect to SQL Server.
  4. In the SQL Server Connection Settings dialog box, specify the following settings and click OK.
Table 28: SQL server connection settings

Setting

Description

SQL Server

Type the name of the SQL Server to be used for storing the Password Manager database.

Database name

Specify the name for the database where Password Manager will log information used for building reports.

If the database you specified does not yet exist, you will be prompted to confirm creation of the database.

When prompted, select the account for creating the database. This account must have the permission to create a database.

Select account for connecting to the SQL Server

To have Password Manager access the SQL Server under the Password Manager Service account, select Password Manager Service account. Otherwise, select Specific SQL Server account, and then enter user name and password of the user account you want Password Manager to use when accessing the SQL Server.

Note, that the account you select must have the permissions to write to the database.

After you connect to SQL Server, you can perform full-text search for various user actions by user names, emails, activity names, etc.

On the History page of the Administration site, enter a value you want to search for and click Search. You can sort the search results by relevance or date. To search for actions performed by John Doe for example, enter John Doe.

Managing Connections to SQL Server and Report Server

On the Reporting page of the Administration site, you can edit or remove existing connections to SQL and Report Servers.

To edit connections, under Reporting and User Action History, click the Edit Connections link and specify required values.

To remove connections, under Reporting and User Action History, click the Disconnect Servers link. Note, that all existing connections will be removed.

Best Practices for Configuring Reporting Services

This section provides instructions on how to configure the Reporting Services component. SQL Server Reporting Services component builds reports using the data that SQL Server stores in the Password Manager database. This database must be configured on the SQL Server.

SQL Server Reporting Services allows you to create and view reports that provide statistical data on how Password Manager is used, for example how many users have created their Questions and Answers profiles, how many users need to update their Questions and Answers profiles, what actions each user or helpdesk operator has performed in Password Manager, etc.

The following topics are covered:

  • Reporting Services default configuration
  • Reporting Services authorization issues
  • Reporting Services firewall issues

Reporting Services Default Configuration

The SQL Server Reporting Services component and the Management Tools component must be installed in order to use the Password Manager Reporting functionality. Make sure you select the required features when running the Microsoft SQL Server Setup.

Use the Reporting Services Configuration tool to configure SQL Server Reporting Services. If you installed a report server using the Install but do not configure the server option, you must use this tool to configure the server prior to using it. If you installed a report server using the Install the default configuration option, you can use this tool to verify or modify the settings that were specified during setup.

It is recommended to select the Install the default configuration option during SQL Server and Reporting Services setup on the Report Server Installation Options page of the Setup Wizard. In most cases this will save you much time and effort as long as Reporting Services default configuration is concerned.

Reporting Services Configuration tool can be used to configure a local or a remote report server instance. You must have local system administrator permissions on the computer that hosts the report server you want to configure.

NOTE: Please note that remote data sources are not supported by SQL Server Reporting Services included in Microsoft SQL Server Express Edition.

To configure the Reporting Services default configuration

  1. Start the Reporting Services Configuration tool.
  2. Enter the SQL Server machine name and the Report Server Instance name and then click Connect.

IMPORTANT: Sequentially configure the Report Server options listed in the left pane of the Reporting Services Configuration tool. There must not be any Not configured options after the configuration is finished.

 

  1. Open the Report Server Virtual Directory Settings section.
  2. Click New to create a new virtual directory. This opens a dialog box with the default settings entered. To accept the default settings click OK.
  3. Click Apply.
  4. Check the Apply default settings checkbox and click Apply.
  5. Open the Report Manager Virtual Directory Settings section.
  6. Click New to create a new virtual directory. This opens a dialog box with the default settings entered. To accept the default settings click OK.
  7. Click Apply.
  8. Open the Web Service Identity section.
  9. Click Apply to accept the default application pool names for the Report Server and the Report Manager

- OR -

Click New to specify your own application pool names.

  1. Click Apply.

The Reporting Services feature requires an SQL Server database (different from the Password Manager database) to store report server service data.

You can create the report server database in the following ways:

  • Automatically through Setup, if you choose the default configuration installation option in the SQL Server Installation Wizard, by selecting the Install the default configuration option in the Report Server Installation Options page.
  • Manually through Reporting Services Configuration tool.

To create a report server database

  1. Start the Reporting Services Configuration tool and connect to the report server instance you want to configure (the default instance name is MSSQLSERVER for SQL Server and SQLEXPRESS for SQL Server Express Edition).
  2. In the Database Setup page, click Connect. This opens a SQL Server Connection dialog box.
  3. Type the name of the SQL Server database engine you want to use.
  4. Select the type of credentials used to connect to the SQL Server. You can specify a SQL Server login or use your credentials. The credentials you specify must have permission to log on to the server. Click OK.
  5. In the Database Setup page, click New. This reopens the SQL Server Connection dialog box.
  6. Type the name of the SQL Server database engine and select credentials. The credentials you specify must have permission to create a database.
  7. Type the name of the report server database. A temporary database is created along with the primary database.
  8. Choose the language to use, and then click OK.
  9. In the Database Setup page, specify the credentials used by the report server to connect to the report server database.
    • Select the Service credentials option to use the Windows service account and Web service account to connect through integrated security.
    • Select the Windows credentials option to specify a domain user account. A domain user account must be specified as <domain>\<user>.
    • Select the SQL Server credentials option to specify a SQL Server login.
  10. Click Apply.

A report server database can be created on a local or on a remote SQL Server database engine instance.

When you finish the Report Server configuration please restart the Report Server instance for the changes to take effect. You can restart the Report Server by sequential clicking the Stop button and then the Start button at the Server Status tab of the Reporting Services Configuration tool. If the configuration is performed correctly, the Initialization will be successfully passed for the Report Server instance.

Follow this checklist to verify Password Manager reporting functionality configuration and settings.

Table 29: Reporting functionality configuration and settings

Step

Reference

Ensure that MS SQL Server with the Reporting Services component is installed and configured.

Refer to MS SQL Server documentation.

Install Password Manager and its components.

Refer to Installing Password Manager for AD LDS.

Ensure that the DefaultAppPool, PMAdminADLDS, PMUserADLDS, PMHelpdeskADLDS, and ReportServer application pools are running in the IIS Manager on the Password Manager and the Report Services servers. If any of these pools are not running – start them manually.

 

Ensure that the Default Web Site is running in the IIS Manager on the Password Manager and the Report Services servers. If the web site is not running – start it manually.

 

Connect to the Reporting Services server through Password Manager Administration site.

 

The interactive Web-based reports are built using the data that the report server retrieves from the Password Manager SQL database.

For more information on Reporting Services setup and configuration, refer to SQL Server documentation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating