Chat now with support
Chat with Support

Password Manager 5.10.1 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances Domain Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies One Identity Starling Reporting Password Manager Integration Appendixes Glossary

User Logon Requirements

In the Active Directory, the logonWorkstation or userWorkstations attribute is available for the user accounts. The Log On option is under the Account tab in Active Directory Users and Computers (ADUC). By default, the value is set to all computers. However, if users want to limit access to the account for security reason, they can do so by listing the computers which the user account is used from, to authenticate in the logonWorkstation or userWorkstations attribute. The users are allowed to use only these computers for authentication.

Password Manager redirects the authentication to Active Directory. When the users in PMUsers enters their credentials, the Active Directory identifies this as an authentication from the PM server. When the logonWorkstation or userWorkstations attribute is used, and the computer is not listed in the attribute, the Active Directory restricts the login.

Adding Secret Questions

Secret questions are the main part of the Questions and Answers policy that allows authenticating users on the Self-Service site before users can perform any self-service tasks.

For more information on the Questions and Answers policy, see Configuring Questions and Answers policy.

To create secret questions in the default language

  1. Open the Administration site by typing the Administration site URL in the address bar of your web browser. By default, the URL is http(s)://<ComputerName>/PMAdmin/.
  2. On the Administration site home page, click the Add secret questions link under the Management Policy you want to configure.
  3. On the Configure Questions and Answers Policy page, select the default language for secret questions by clicking the language link in the Default language option.
  4. Under Question List, click the Edit questions link to specify mandatory, optional and Helpdesk questions in the default language.
  5. In the Edit Questions in the Default Language dialog box, specify mandatory, optional, and Helpdesk questions.
  6. Change the order of questions by clicking the appropriate links.
  7. Click Save to save the questions and close the dialog.

    NOTE: Modifying a question list does not affect existing personal Questions or Answers profiles unless the users have to update their profiles as a result of the enforcement rules that require users to update Q&A profiles when the question list is modified. For more information on the enforcement rules, see User Enforcement Rules.

 

Password Manager Architecture

Password Manager Components and Third-Party Solutions

Password Manager components and third-party applications

This section provides information about Password Manager components and third-party applications that can be used by Password Manager.

The following is a list of Password Manager components:

Password Manager Service and the Administration site

The Self-Service site

The Helpdesk site

Password Policy Manager (PPM)

Secure Password Extension (SPE)

Offline password reset

Migration Wizard

The following is a list of third-party applications that can be used by Password Manager:

TeleSign

Quick Connect Sync Engine

Defender

Starling Two-Factor Authentication

RADIUS Two-Factor Authentication

Quest Enterprise Single Sign-On (QESSO)

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating