Chat now with support
Chat with Support

Password Manager 5.13.2 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring access to the Administration Site Configuring access to the Legacy Self-Service Site or Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Legacy Self-Service or Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Upgrade requirements

Before you start the upgrade process, follow this checklist to ensure you have made the necessary preparations and met the essential upgrade requirements.

Table 13: Upgrade checklist

Step

Comment

Back up the current configuration by doing one of the following:

  • Export the configuration file using the Import/Export option in General Settings and import the same file after the upgrade.
  • Create a copy of the ProgramData folder in the C:\ProgramData\One Identity\Password Manager for future reference.

UI customizations will be lost during upgrade. Follow the steps to save the configuration. For more information on saving the configuration, see Importing and exporting configuration settings.

Ensure that you installed or upgraded the third-party redistributable packages required for the latest version of Password Manager.

 

Ensure that you know the user name and password for domain management accounts.

For more information on what permissions are required for a domain management account, see Configuring permissions for domain management account.

Ensure that Password Manager Service account is a member of the Administrators group on the Web server where Password Manager is installed.

 

Ensure that in IIS 7.0 or later, application pool identity account is a member of the IIS_IUSRS local group. This account must also have permissions to create files in the <Password Manager installation folder>\App_Data folder.

 

Ensure that you know the user name and password for SQL database account.

That is needed only if Password Manager Service account is configured to use special SQL account (different from Password Manager Service account) to access the SQL database.

Ensure that the account, that is used to upgrade Password Manager, is a member of the local Administrators group on the server where you upgrade the product.

 

Ensure that the account, that is used to upgrade Password Manager, is a member of the database creators (db_creator) fixed role on the SQL server hosting the Password Manager configuration database.

 

About Secure Password Extension

Secure Password Extension is an application that provides access to the complete functionality of the Self-Service Site from the Windows logon screen. Secure Password Extension also provides dialogs displayed on end-user computers, these dialogs notify users who must create or update their Questions and Answers profiles.

Secure Password Extension is included on the installation CD and is deployed through Group Policy. For information on how to deploy and configure Secure Password Extension on end-user workstations in the managed domain, see Deploying and configuring Secure Password Extension.

IMPORTANT: Secure Password Extension may be deployed on different workstations by applying different GPOs. This allows you to not upgrade Secure Password Extension on all the workstations at one time, but do it in several steps depending on your needs and preferences.

You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.

IMPORTANT: By default, Secure Password Extension uses the URL of the Self-Service Site installed on the computer where Password Manager Service runs. You can modify the URL on the General Settings|Realm Instances page of the Administration Site.

To remove the existing and assign a latest-version package

  1. Remove the assigned package (Quest Secure Password Extension x86.msi or Quest Secure Password Extension x64.msi) from the list of software to be installed.

  2. Add the latest-version MSI packages to the list of software to be installed.

When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.admx administrative template with the one located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation media.

During upgrade of prm_gina.admx administrative template, the previously made template settings are preserved and picked up by newer versions.

Upgrading multiple instances of Password Manager

This step is optional. It should be performed only if you have installed multiple instances of Password Manager.

To upgrade multiple instances of Password Manager, you need to export the configuration settings from the first configured instance of Password Manager and then import the settings to other instances. You should upgrade all instances of Password Manager to the latest version.

To import configuration settings

  1. Open the Administration Site of the target instance.

  2. On the menu bar, click General Settings, then click the Import/Export tab and select the Import configuration settings option.

  3. Click Upload to select the configuration file that you exported earlier.

  4. Enter the password and click Import.

  5. Repeat steps 1-4 for other instances of Password Manager.

Upgrading Password Manager

This section describes the process to upgrade Password Manager to the latest version (5.13.2).

NOTE:

  • It is recommended to back up the current configuration by exporting the settings from 5.7.1 or later versions. For more information, see To export configuration settings from Password Manager 5.7.1 or later versions section.

  • Running the Migration Wizard is not required while upgrading from Password Manager 5.7.1 or later versions to 5.13.2.

  • If you are upgrading to 5.9.x, it is recommended to reinstall the license file from the Administration Site once the upgrade is complete. Before installing the license, delete the existing SoftLicense binary value from [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Quest Software] registry key.

  • Any workflows that are customized in the previous versions of Password Manager should be manually merged with the workflow of the latest version of the Password Manager to avoid any end user data corruption.

    For example, changes made to the Register workflow (Self-Service workflows) such as addition/update of any authentication steps to the default configuration, should be manually recreated after upgrade to Password Manager 5.13.2.

  • To update storage files with new encryption mechanism, all realm instances must be updated with the Password Manager 5.13.2 configuration and must have the same encryption key.

    To perform the same, login to the Administration Site from the primary server, Navigate to General Settings > Import/Export > Export. Copy and Save the password securely. Import this configuration data in all the Password Manager secondary replication instances by selecting the exported configuration data and providing the password.

  • If the secondary instances are not updated with new configuration, a notification will be displayed in Administration Site as 'Import configuration settings from primary instance”.

    In the replication instances, Navigate to General Settings > Import/Export > Import, select the exported data from the primary server and input the password saved.

  • Shared.storage file will be encrypted and copied to Active Directory only when all replication instances are updated with Password Manager 5.13.2 configuration and encryption key.

  • When all the realm instances are updated with Password Manager 5.13.2, Q&A profiles of users will be updated with new encryption key when one of the following is performed:

    • User updates Q&A profile

    • Run Migration wizard to update all the user profiles automatically

This section consists of the following topics:

To export configuration settings from Password Manager 5.7.1 or later versions

  1. Connect to the Administration Site by typing the Administration Site URL in the address bar of your web browser. By default, the URL is http://<ComputerName>/PMAdmin/.

    NOTE: When prompted to log in, provide your domain user name in a domainname\username format.

  2. On the left pane of the Administration Site, click General Settings, and click the Import/Export tab and select the Export configuration settings option, and then click Export.

After you have exported configuration settings from Password Manager 5.7.1 or later versions, you can uninstall it.

To uninstall Password Manager 5.7.1 or later versions

  1. Click Start, click Run, type appwiz.cpl, then press ENTER.

  2. Select One Identity Password Manager x86/x64 in the list, then click Uninstall.

After you uninstall Password Manager 5.7.1 or later versions, install Password Manager 5.13.2 on the same computer. All configuration settings will be automatically detected by the new version. For more information on how to install Password Manager, see Installing Password Manager.

If you have multiple Password Manager instances installed, when upgrading them, you may experience the following issue: the Realm Instances page of the Administration Site displays an incorrect list of installed instances. After you upgrade all instances, the page will display the correct list.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating