Chat now with support
Chat with Support

Password Manager 5.13.2 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Legacy Self-Service Site and Password Manager Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Legacy Self-Service or Password Manager Self-Service Site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Email templates

Password Manager provides the option to set the default template for confirmation e-mail. To send an auto generated email to user if workflow succeeds or fails, configure the email template from the General Settings tab for authentication.

To configure default e-mail template:

  1. On the home page of the Administration Site, click General Settings, then click the Email Template tab.

  2. Select the desired language from the Select language to customize template drop-down menu, to customize the email template.

  3. Click the + sign before the desired workflow to edit the template. Edit the subject and body of the notification template in the default language as required. When editing the notification template, you can use the parameters available in the notification editor, for example #USER_ACCOUNT_NAME#, #WORKFLOW_RESULT#, and others.

  4. In the Message format drop-down, select the format to use for the notifications. You can select from two options: either HTML or Plain text.

  5. Select the default language from the Select default language for email drop down menu, to select the default email template to send to the user.

  6. In the User notification settings, select one of the following options for user notification subscription:

    • Subscribe users to this notification. Allow users to unsubscribe.

    • Subscribe users to this notification. Do not allow users to unsubscribe.

    • Do not subscribe users to this notification. Allow users to subscribe to this notification.

  7. Click Save, to save the settings

Upgrading Password Manager

This section describes the process to upgrade Password Manager to the latest version (5.13.2).

NOTE:

  • It is recommended to back up the current configuration by exporting the settings from 5.7.1 or later versions. For more information, see To export configuration settings from Password Manager for AD LDS 5.7.1 or later versions to 5.13.2..

  • Running the Migration Wizard is not required while upgrading from Password Manager 5.7.1 or later versions to 5.13.2.

  • If you want to upgrade to 5.13.2, it is recommended to reinstall the license file from the Administration Site once the upgrade is complete. Before installing the license, delete the existing SoftLicense binary value from [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Quest Software] registry key.

  • Any workflows that are customized in the previous versions of Password Manager should be manually merged with the workflow of the latest version of the Password Manager to avoid any end user data corruption.

    For example, changes made to the Register workflow (Self-Service workflows) such as addition/update of any authentication steps to the default configuration, should be manually recreated after upgrade to Password Manager 5.13.2.

  • To update storage files with new encryption mechanism, all realm instances must be updated with the Password Manager 5.13.2 configuration and must have the same encryption key.

    To perform the same, login to the Administration Site from the primary server, Navigate to General Settings > Import/Export > Export. Copy and Save the password securely. Import this configuration data in all the Password Manager secondary replication instances by selecting the exported configuration data and providing the password.

  • If the secondary instances are not updated with new configuration, a notification will be displayed in Administration Site as 'Import configuration settings from primary instance”.

    In the replication instances, Navigate to General Settings > Import/Export > Import, select the exported data from the primary server and input the password saved.

  • Shared.storage file will be encrypted and copied to Active Directory only when all replication instances are updated with Password Manager 5.13.2 configuration and encryption key.

  • When all the realm instances are updated with Password Manager 5.13.2, Q&A profiles of users will be updated with new encryption key when one of the following is performed:

    • User updates Q&A profile

    • Run Migration wizard to update all the user profiles automatically

This section consists of the following topics:

To export configuration settings from Password Manager for AD LDS 5.7.1 or later versions to 5.13.2

  1. Connect to the Administration Site by typing the Administration Site URL in the address bar of your Web browser. By default, the URL is http://<ComputerName>/PMAdminADLDS/.

    NOTE: When prompted to log in, provide your domain user name in a domainname\username format.

  2. On the left pane, click General Settings, and click the Import/Export tab and select the Export configuration settings option, and then click Export.

After you have exported configuration settings from Password Manager 5.13.2 or later versions, you can uninstall it.

To uninstall Password Manager for AD LDS 5.7.1 or later versions

  1. Click Start, click Run, type appwiz.cpl, then press Enter.

  2. Select One Identity Password Manager for AD LDS x86/x64 in the list, then click Uninstall.

After you uninstall Password Manager 5.7.1 or later versions, install Password Manager 5.13.2 on the same computer. All configuration settings will be automatically detected by the new version.

In-place upgrade from 5.8.2 or later versions to 5.13.2

This section describes how to perform an in-place upgrade from version 5.8.2 or later to version 5.13.2.

To in-place upgrade from version 5.8.2 or later versions to version 5.13.2

  1. From the autorun window of the installation media, click Install against Password Manager x64 option. Read the content and click Next.

  2. Read the content in the Risk of data loss! window and select I acknowledge the above instructions ,and then click Next.

  3. Select I accept the terms in License Agreement, then click Next.

  4. In the Configuration Backup window, provide the File Location and set a new password, and then click Next.

    NOTE: Do not forget to store the password securely as it is required to import the configuration post upgrade. The backup of the configuration data is now saved in the provided file location.

  5. In the Password Manager Service Account Information window, enter the account name and the password details, and then click Next.

  6. In the Specify Web Site and Application Pool Identity window, choose the website name, enter the account name and the password, and then click Next.

  7. After completing the above process, click Install.

Upon successful installation, the Password Manager installs the following sites:

  • Administration Site

  • Helpdesk Site

  • Password Manager Self-Service Site

  • Legacy Self Service Site

NOTE: The above mentioned upgrade steps are not applicable for 5.7.1 or other lower versions.

Manual upgrade from 5.9.x or later versions

Uninstall Password Manager 5.9.x or later versions, then install Password Manager 5.13.2 on the computer where Password Manager 5.9.x or later versions was installed. For more information, see Upgrading Password Manager.

To manually upgrade from 5.9.x or later versions to version 5.13.2

  1. From the autorun window of the installation media, click Install against Password Manager x64 option. Read the content and click Next.

  2. Select I accept the terms in License Agreement check box, and then click Next.

  3. In the User Information page, enter the user details such as the username and the organization to which the user belongs to, and then click Next.

    • To verify licenses information, click Licenses…, then check the statuses of the license.

    NOTE: If the license has expired, click Browse license… and select the appropriate license to continue the Password Manager service.

  4. In the Custom Setup page, click the respective option that needs to be installed, and then click Next.

  5. In the Password Manager Service Account Information page, the account name appears by default. Enter the password, and then click Next.

    NOTE: To change the account name, click Browse… and select the appropriate Password Manager service account name.

  6. In the Specify Web Site and Application Pool Identity page, choose the website name, and in the Application pool identity section, the account name appears by default. Enter the password, and then click Next .

    NOTE: To change the account name, click Browse… and select the appropriate Application Pool Identity account name.

  7. After completing the above process, click Install.

Upon successful installation, the Password Manager installs the following sites:

  • Administration Site
  • Helpdesk Site
  • Password Manager Self-Service Site

NOTE:

  • Make sure that you have taken a back up of the current configuration settings. For more information, see To export configuration settings from Password Manager 5.7.1 or later versions.

  • After you uninstall Password Manager 5.7.1 or later versions, all configuration settings will be automatically detected by the new version. For more information on how to install Password Manager, see Installing Password Manager for AD LDS.

  • If you have multiple Password Manager instances installed, when upgrading them, you may experience the following issue: the Realm Instances page of the Administration Site displays an incorrect list of installed instances. After you upgrade all instances, the page will display the correct list.

IMPORTANT:

  • Switch to the Password Manager self Service site(Self-Service UI version 5.9.5 onwards) option is displayed only in case of in place upgrade.

  • In case of Manual upgrade to 5.13.2, the Self-Service Site gets replaced as Password Manager Self-Service Site. Hence, post manual upgrade, you can see only one Self service site (Password Manager Self-Service Site) and legacy Self-Service Site is not more accessible, by default.

  • In case of manual upgrade, if the Legacy Self-Service Site is required, the administrator must install it exclusively, in addition to the existing Password Manager Self Service site. In this case, the Enabling Self-Service UI 5.13.2 (Switch to Self-Service Site 5.9.5 onwards) option will not be applicable.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating