Chat now with support
Chat with Support

Password Manager 5.13.1 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Legacy Self-Service Site and Password Manager Self-Service site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Legacy Self-Service or Password Manager Self-Service site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Feature imparities between the legacy and the new Self-Service Sites Glossary

Editing and Deleting secret questions

Translation of questions can be made only to the questions that have been added in the default language.

To delete questions of a default language

  1. To open the Administration site, enter the Administration site URL in the address bar of your web browser. By default, the URL is http(s)://<ComputerName>/PMAdminADLDS/.

  2. On the Administration site home page, click the Q&A Policy link under the Management Policy.

  3. On the Configure Questions and Answers Policy page, click Edit questions under Question List. The Edit Questions in the Default Language page appears.

  4. Click X against the question that has to be deleted, then click Save.

To delete questions of a specific language

  1. To open the Administration site, enter the Administration site URL in the address bar of your web browser. By default, the URL is http(s)://<ComputerName>/PMAdminADLDS/.

  2. On the Administration site home page, click the Q&A Policy link under the Management Policy.

  3. On the Configure Questions and Answers Policy page, click the language for which the questions have to be deleted. The Translate Questions page appears.

  4. Click Delete questions, then click OK.

To Edit questions of a default language

  1. On the home page of the Administration site, click Q&A Policy link under the Management Policy.

  2. On the Configure Questions and Answers Policy page, under Questions List, click the Edit questions link.

  3. In the Edit questions in the Default Language page, edit the required question.

  4. Click Save.

To Edit questions of a specific language

  1. On the home page of the Administration site, click Q&A Policy link under the Management Policy.

  2. On the Configure Questions and Answers Policy page, navigate to the Translations: section and click the language for which the questions have to be edited.

  3. In the translated text box against each of the questions, edit the required question.

  4. Click Save.

IMPORTANT:

  • Q&A Policy supports multiple languages. It requires the Password Manager Administrator to configure the required languages for the users to see the same in the Self service site.

  • Change language link appears in the self-service site only when the Password Manager administrator has translated the questions in the required languages.

Management Policies

Checklist: Configuring Password Manager

When you have installed Password Manager, follow this checklist to configure the solution to implement automated and secure password management in an AD LDS instance.

Table 3: Checklist to configure Password Manager

Step

Reference

Prepare an access account to AD LDS instance.

Configuring Permissions for Access Account

Configure a user scope.

 

Configure the Questions and Answers policy: create language-specific question lists, and configure Q&A profile settings if required.

Adding Secret Questions

Configure a helpdesk scope to grant access permissions for the Helpdesk site to helpdesk operators and delegate administrative tasks.

Configuring Access to the Helpdesk Site

Configure self-service and helpdesk workflows to define what tasks will be available on the Self-Service and Helpdesk sites.

Legacy Self-Service or Password Manager Self-Service site workflows

Helpdesk Workflows

If required, configure rules for enforcing users to register with Password Manager.

User Enforcement Rules

Configure general settings that apply to all Management Policies (such as account search options, SMTP servers, scheduled tasks, etc.)

General Settings Overview

Create password policies and configure password policy rules.

Creating a Password Policy

If you want to use Password Manager for cross-platform password synchronization, install One Identity Quick Connect Sync Engine and configure the product to integrate with Password Manager.

Reset Password in AD LDS and Connected Systems

Ensure that all Password Manager users have JavaScript enabled in their browser settings.

 

Ensure that the users know the Self-Service site URL and can access the site to register and perform password self-management tasks.

 

Understanding Management Policies

Management Policy is a core element of Password Manager. Using the Management Policy you can configure workflows for registering new users, resetting passwords, and others. For each Management Policy you can configure a user scope, and delegate helpdesk tasks by configuring a helpdesk scope. You can configure multiple Management Policies with different user and helpdesk scopes, workflows and secret questions. The default Management Policy with preconfigured workflows is available out of the box.

A Management Policy consists of the following components:

  • Questions and Answers policy

  • User scope

  • Helpdesk scope

  • Workflows

  • User enforcement rules

User scope is a group or several groups of users managed by Password Manager. When configuring the user scope for a Management Policy, you can add connections to multiple AD LDS instances.

Helpdesk scope is a group of helpdesk operators who are allowed to manage users from the user scope of the same Management Policy. By configuring the helpdesk scope you can delegate administrative tasks to specified helpdesk operators. For more information about the helpdesk scope, see Configuring Access to the Helpdesk Site.

Questions and Answers policy (Q&A policy) is a policy within which secret questions and Q&A profile settings are defined. Secret questions are a set of mandatory, optional and helpdesk questions for users’ Questions and Answers profiles. These questions are used to register users with Password Manager and later to authenticate users when they use the Self-Service site. Q&A profile settings define how many questions a user must answer to create Q&A profile settings and set requirements for user’s questions and answers. For more information about Q&A policy, see Configuring Questions and Answers Policy.

All workflows are divided into two categories: self-service and helpdesk workflows. The self-service workflows define the tasks available to users on the Self-Service site, that is, every configured workflow is a task on the Self-Service site. The helpdesk workflows define what tasks are available to helpdesk operators on the Helpdesk site. A workflow consists of several activities that you can add to or remove from the workflow to customize it.

The Default Management Policy offers preconfigured workflows. You can also create your own workflows. For more information about workflows, see Workflow overview.

User enforcement rules allow you to set up the enforcement schedule to invite users to create or update their Q&A profiles and configure the reminder that will notify users to change passwords before password expiration. For more information, see User Enforcement Rules.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating