In the Active Directory, the logonWorkstation or userWorkstations attribute is available for the user accounts. The Log On option is under the Account tab in Active Directory Users and Computers (ADUC). By default, the value is set to all computers. However, if users want to limit access to the account for security reason, they can do so by listing the computers which the user account is used from, to authenticate in the logonWorkstation or userWorkstations attribute. The users are allowed to use only these computers for authentication.
Password Manager redirects the authentication to Active Directory. When the users in PMUsers enters their credentials, the Active Directory identifies this as an authentication from the Password Manager server. When the logonWorkstation or userWorkstations attribute is used, and the computer is not listed in the attribute, the Active Directory restricts the login.
Password Manager architecture
This section provides information about Password Manager components and third-party applications that can be used by Password Manager.
The following is a list of Password Manager components:
The following is a list of third-party applications that can be used by Password Manager:
Password Manager Service and the Administration Site are a core component of Password Manager.
Password Manager Service is a Windows service that provides core functionality and runs under the Password Manager Service account, which is specified during Password Manager installation.
The Administration Site provides all the necessary settings for an administrator to configure and use Password Manager. Using the Administration Site, the administrator can configure user and Helpdesk scopes, management policies, password policy rules.
Note that the Administration Site cannot be installed separately from Password Manager Service.
When installing the Administration Site and Password Manager Service, the Self-Service and Helpdesk sites are also installed.