Chat now with support
Chat with Support

Password Manager 5.13.2 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring access to the Administration Site Configuring access to the Legacy Self-Service Site or Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Legacy Self-Service or Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Q&A policy and user enforcement

The Q&A profile settings affects the Invite users to create/update Q&A profiles enforcement rule. This rule has conditions that state when users should be notified to create or update their profiles. These conditions correspond to the Questions and Answers profile settings. For example, the User’s answers are shorter than required condition corresponds to the Minimum length of answers setting. So, when you change any of the Q&A profile settings, you can then select the corresponding condition in the rule and enforce users to create or update their profiles in accordance with the new settings. For more information, see Invite users to create/update profiles.

Password change and reset process overview

Password Manager uses standard Active Directory methods to reset and change password, applying password policies specified in the Active Directory. Thus, resetting or changing password in Password Manager is essentially the same as resetting or changing password using Active Directory Users and Computers (ADUC).

Resetting and changing password in connected systems

If you have configured Password Manager to use One Identity Quick Connect Sync Engine to reset and change passwords in multiple systems, Password Manager will at first reset or change the password in the managed domain. If this operation is performed successfully, then the password will be reset in all connected systems, otherwise Password Manager will attempt to reset the password in the systems in which the password can be reset independently from Active Directory, and all other systems will be skipped.

Enforcing password history when resetting password

When you use Password Manager to reset your password, Active Directory does not automatically check the new password against the password history. As a result, the Enforce password history policy setting may have no effect. To ensure that this password policy setting is applied in Active Directory when your password is reset by using Password Manager, the Enforce password history option must be selected in the Reset password in Active Directory and Reset password in Active Directory and connected systems activities.

Password Manager uses two slots from the password history every time a password is reset. For example, if the password history value defines that users cannot reuse any of the last 10 passwords, then Password Manager checks only the last five passwords. Therefore, it is advised that you double the password history value for all managed domains.

When the password history is enforced for resetting passwords, Password Manager resets users' old password to an automatically generated password that complies with password policies. It is required for the user to go through the Quick Connect workflow once again where the Reset password in Active Directory and connected systems activity is configured. This time the password is changed to the one provided by the user. Note that, if an error occurs when changing the password, users may end up with the automatically generated password they do not know.

For more information, see Reset Password in Active Directory.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating