Chat now with support
Chat with Support

Password Manager 5.13.2 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Legacy Self-Service Site and Password Manager Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Legacy Self-Service or Password Manager Self-Service Site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Configuring Q&A Profile Settings

Q&A profile settings allow you to define settings and requirements for user’s questions and answers. For example, you can prevent users from using the same answer for multiple questions. Questions and answers that do not comply with the policy will not be accepted.

To configure Questions and Answers policy

  1. Connect to the Administration Site by typing the Administration Site URL in the address bar of your Web browser. By default, the URL is http://<ComputerName>/PMAdminADLDS/.

    NOTE: When prompted to log in, provide your domain user name in a domainname\username format.

  2. On the Administration Site home page, click the Q&A Policy link under the Management Policy you want to configure.

  3. On the Configure Questions and Answers Policy page, click the Q&A profile settings link.

  4. In the Q&A Profile Settings dialog, specify the following options:

    Table 5: Questions and Answers profile settings

    Option

    Description

    Question Settings

    Users must answer this number of optional questions to register

    Set the required number of optional questions that a user must answer to create a Questions and Answers profile.

    Users must answer this number of user-defined questions to register

    Set the required number of user-defined questions that a user must specify to create a Questions and Answers profile.

    Minimum length of user-defined questions

    Set the minimum number of characters that user-defined questions can contain.

    Answer Settings

     

    Minimum length of answers

    Set the minimum number of characters that users' answers can contain.

    Reject the same answers for different questions

    Select to prevent users from specifying same answers for different questions.

    Reject answers that contain corresponding questions

    Select to prevent users from specifying answers that contain corresponding questions.

    Store answers using reversible encryption

    Select to store users' answers using reversible encryption. If you do not select this option, answers to mandatory, optional and user-defined questions are hashed. Note, that answers to helpdesk questions are always stored using reversible encryption, even if this option is not selected.

    Security Settings

     

    Allow users to hide their answers

    Select this check box to allow users to hide their answers on the screen, so that answer entry fields will look like a series of asterisks.

    Hide users’ answers by default

    Select this check box to have Password Manager display users' answers as asterisks while they are typing in their answers.

    Do not require users to confirm answers if answers are hidden

    Select this check box to allow users to enter their answers only once, if answers are hidden.

  5. Click Save.

Workflow overview

To customize the behavior of Password Manager for AD LDS, configure workflows in the Password Manager Administration Site. Workflows have 2 types:

  • Self-service workflows customize the behavior of the Password Manager Self-Service Site. All configured and enabled self-service workflows are available as tasks on the Self-Service Site for Password Manager users.

  • Helpdesk workflows customize the behavior of the Password Manager Helpdesk Site. All configured and enabled Helpdesk workflows are available on the Helpdesk Site as helpdesk operator actions.

To modify the behavior of an existing workflow task, in the Home page of the Password Manager Administration Site, click the management policy workflow you want to configure, and click Workflow settings.

Workflow structure

A workflow consists of activities. You can configure each activity independently.

Workflow activities have 3 types:

  • Authentication provides authentication options, such as password-based authentication, Questions and Answers profiles, or phone-based authentication.

  • Actions are core components in workflows, including activities like unlocking accounts, editing Q&A profiles, or resetting passwords.

  • Notifications let you configure email notifications for users and administrators, and specify the conditions under which Password Manager for AD LDS will send these notifications.

You can also create custom activities. For more information, see Custom Activities.

Password Manager for AD LDS lists the available activities in the left pane of the Workflow Designer. To add an activity to a workflow, drag and drop it into the right pane of the Workflow Designer. To remove an activity, click Close on the activity box.

Password Manager for AD LDS displays the workflow structure in the right pane of the Workflow Designer, indicating the type and order of activities to perform in the workflow. To change the order of the activities, simply move them up or down.

Figure 1: Home > <management-policy> > <workflow> > Workflow Settings

Workflow states

Workflow states determine how Password Manager for AD LDS ran a workflow and which activities of the workflow it initiated. Workflows have 3 states:

  • Success is the state of the workflow if no errors occur when running a workflow. In this state, Password Manager for AD LDS performs all workflow activities, except the following:

    • Email user if workflow fails

    • Email administrator if workflow fails

    • Lock Q&A profile

    • Restart workflow if error occurs

  • Failure is the state of the workflow if an error occurs when running a workflow activity. If any errors occur during the workflow, Password Manager for AD LDS performs only the following activities:

    • Email user if workflow fails

    • Email administrator if workflow fails

    • Lock Q&A profile

    • Restart workflow if error occurs

      NOTE: The Restart workflow if error occurs activity resets the workflow state to Success and runs the workflow from the beginning.

  • Critical Error is the state of the workflow if a critical error occurs (for example, locking a user account or a Q&A profile). If any critical errors occur when running the workflow, Password Manager for AD LDS performs only the following activities:

    • Email user if workflow fails

    • Email administrator if workflow fails

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating