Chat now with support
Chat with Support

Password Manager 5.11.3 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Working with Redistributable Secret Management account Email Templates
Password Policies Enable S2FA for Administrators and Enable S2FA for HelpDesk Users Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Appendix D: Feature imparities between the legacy and the new Self-Service Sites Glossary

Bulk Force Password Reset

Use the Bulk Force Password Reset feature to force selected users, groups and organizational units to change their passwords.

To enforce a password change for users

  1. On the home page of the Administration site, click General Settings > Bulk Force Password Reset.

  2. On the Bulk Force Password Reset page:

    • If you want to enforce password change for individual users, expand the Select Users tree, click Add, manually search for the individual user, select the required user from the results, and click Save.

    • If you want to enforce password change for a user group, expand the Select Groups tree, click Add, manually search for the individual groups, select the required group from the results, and click Save.

    • If you want to enforce password change for the entire organizational unit (OU), expand the Select Organizational Units tree, click Add, manually search for the individual OU, select the required OU from the results, and click Save.

  3. Click Reset Passwords.

NOTE: Consider the following when using the Bulk Force Password Reset feature:

  • Password reset is achieved by setting the Users must change password at next logon flag of the selected user(s) to true. This flag cannot be set to true, if the Password never expires flag is also true.

  • If you have the Domain management account configured with a user other than the Active Directory Administrator, make sure that write permissions are given to the pwdlastset attribute.

Working with Redistributable Secret Management account

Redistributable Secret Management Service (rSMS) is used to manage users password across multiple connected systems. Using rSMS service you can synchronize the passwords across connected systems. The rSMS service is installed with the Password Manager software.

An rSMS account must be created and configured to interact with the rSMS service to execute password change functionality on connected systems. After creating the rSMS account and configuring certificate binding settings (optional), you can configure the settings to reset the password in connected systems.

To create rSMS account and configure certificate binding settings

  1. On the home page of the Administration site, click General Settings.

  2. Click the rSMS Settings tab from the options.

    The Redistributable Secret Management Service page is displayed.

    NOTE:An rSMS account must be created before working with rSMS activity. An rSMS user is automatically created if the imported configuration file has the rSMS account details.

  1. In the Create Account section, click Create Account to create an rSMS account.

  2. In the Certificate binding section, select a custom certificate from the drop-down list, if available. By default, the built-in certificate is used.

    NOTE:If you import a configuration file, the rSMS certificate binding details are not imported. The default binding settings or the certificate binding settings of the system is used.

  3. Select the IP address from the rSMS IP address drop-down list.

    NOTE:For built-in certificates, the Port number field is automatically populated with the value 20001. For custom certificates, custom port number can be provided.

  4. Click Save Settings to save the certificate binding settings.

    NOTE:

    • By default, all Password Manager logs are available in C:\Windows\TEMP folder. If the default Password Manager log path is changed during an update, rSMS automatically uses the updated log path instead of the default path used earlier.
    • Additional rSMS logs are available in the rSMS.Service-{Date}.log file. Enable Password Manager logging from the Administrator site under General Settings | Logging Settings.

Redistributable Secret Management Service supported platforms

Redistributable Secret Management Service (rSMS) supports the platforms that are mentioned here.

Platform Description
WindowsServer A name for a group of server operating systems released by Microsoft.
SolarisSsh A Unix operating system, using an SSH connection.
PanosSsh An operating system developed by Acorn Computers, using an SSH connection.
Aixssh A series of proprietary Unix operating systems developed by IBM, using an SSH connection.
OdbcMysql An open-source relational database management system, using an ODBC Driver.
postgres An open-source relational database management system (RDBMS).
vsphere Server virtualization software
IloSsh HP Integrated Lights-Out (iLO) is a proprietary embedded server management technology, using an SSH connection
OdbcSqlServer A relational database management system, using an ODBC Driver.
ad Microsoft Windows Active Directory
SonicWall SonicWall Secure Mobile Access (SMA) is a unified secure access gateway.
Aws Amazon Web Services (AWS), an on-demand cloud computing platform.
Acf2Tn3270 IBM's Access Control Facility (z-Series), using a TN3270 connection.
F5BigIpSsh A load balancer and a full proxy, using an SSH connection
TopSecretTn3270 CA TopSecret is a streamlined and scalable mainframe security for IBM's zseries operating system, using a TN3270 connection.
OdbcSybase Used to manage and analyze information in relational databases, using an ODBC Driver.
PixSsh Cisco PIX (Private Internet eXchange) is an IP firewall, using an SSH connection.
FreeBsdSsh FreeBSD is a free and open-source Unix-like operating system, using an SSH connection.
DracSsh Dell Remote Access Controller (DRAC) is an out-of-band management platform, using a SSH connection.
Hpuxssh Hewlett Packard Unix Operating systems, using a SSH connection.
Acf2Ldap Access Control Facility, a discretionary access control software security system over LDAP authentications.
RacfLdap Resource Access Control Facility is an IBM security system that provides access control and auditing functionality for zSeries operating systems over LDAP authentications.
SapHana A relational database management system.
LinuxSsh Linux Operating system, using a SSH connection.
RacfTn3270 IBM's Resource Access Control Facility (z-Series), using a TN3270 connection.
SonicSsh SonicOS, an operating system for SonicWall network security appliances (firewalls), using a SSH connection.
TopSecretLdap CA TopSecret is a streamlined and scalable mainframe security for IBM's zseries operating system, using a SSH connection.
MongoDb MongoDb is a cross-platform document-oriented database program.
JunosSsh Junos OS is the FreeBSD-based operating system used in Juniper Networks hardware routers, using an SSH connection.
SapNetweaver SAP NetWeaver is an open application server platform.
OdbcOracle Oracle Database is a multi-model database management system, using an ODBC driver.
As400Tn3270 IBM's Application System/400, using a TN3270 driver.
FortinetSsh Fortinet firewall client, using an SSH connection.
Ldap A protocol used for accessing Active Directory object, user authentication, and authorization in windows server.
MacOsSsh Apple Mac Operating system, using a SSH connection.

Customizing Redistributable Secret Management log path

By default, the rSMS logs are available in C:\Windows\Temp\rSMS. You have the option to customize the log path to record the logs at a different location.

Customizing rSMS log path

  1. On the system where the Password Manager Admin site is installed, click Start and then Services.

  2. On the Services window, right-click on One Identity rSMS Service.
  3. Select Properties and check the location from the Path to executable section.
  4. Open the command prompt with administrator privileges and navigate to the directory where One Identity rSMS Service is installed.
  5. From the directory where One Identity rSMS Service is installed, run the rSMS.Config.exe LogPath command to view the rSMS log path.

    The log path currently used to record rSMS logs is displayed.

  1. To update the log path, run the rSMS.Config.exe LogPath -f <new path> command. For example, rSMS.Config.exe LogPath -f C:\PM.

    The log path is updated. To confirm the log path run the rSMS.Config.exe LogPath command again.

  1. Restart the One Identity rSMS Service.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating