Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Advanced Login Self Service Password Request Administrator Guide

1 Overview 2 Configuring and Using the Password/PIN Reset Function 3 Forcing the Use of Tokens or Biometrics with the Temporary Password Access Function 4. Authorizing the Q&A-based Authentication

2.1 Allowing Users to Reset Their Password or PIN

2.1.1 Allowing Users to Reset Their Password or PIN with Advanced Login

You must activate and configure the Self Service Password Request function from Quest ESSO Console so that users can be able to reset their password or PIN.
This feature runs only with the LDAP configuration storage mode.
1.
In Quest ESSO Console, click the user security profile for which you want to activate the Password/PIN reset feature.
2.
Click the Self Service Password Request tab:
3.
In the Availability area, select Always available (disconnected mode). More information on the feature availability level is explained in 2.1.1.1 Configuring the Self Service Password Request Feature Availability.
4.
In the Questions area, define the number of questions to ask to the end-user and manage a list of available questions, as explained in 2.1.1.2 Defining the List of Self Service Password Request Questions.
5.
In the Security area, define the Self Service Password Request security policy, as explained in 2.1.1.3 Setting the Self Service Password Request Security Parameters.
6.
Click Apply.

2.1.1.1 Configuring the Self Service Password Request Feature Availability

The Availability area allows you to decide whether the user can the Self Service Password Request feature even if the Self Service Password Request server is not available.
We recommend to set this parameter as Always available (disconnected mode). This way, users can reset their password and/or PIN from the Advanced Login authentication window.
If a user can access the disconnected mode, this automatically implies that he/she can access the connected mode.
User must contact the help-desk to gain password access check box
This check box allows you to define whether the user must call the help desk to reset his/her password (for PIN reset, the help-desk call is mandatory):
Check box cleared
The user answers to Self Service Password Request questions (set with Advanced Login); he/she is then automatically prompted to reset his password on his own (correct answers to questions are sufficient to decrypt the password stored in the cache).
Check box selected
The user answers to Self Service Password Request questions (set with Advanced Login), which allows him to obtain a challenge (unlock code). He/she is then prompted to give this challenge to the helpdesk, which will have to give him a challenge in exchange (see 2.2 Administering the Self Service Password Request Feature) that will allows him to reset his password (or PIN).
Enables the Self Service Password Request feature only when the Self Service Password Request server is available.
In this case, the user workstation is connected to the corporate network and users can reset their password but not their PIN. The new password is then directly updated in the directory.

2.1.1.2 Defining the List of Self Service Password Request Questions

The Questions area allows you to configure the questions displayed in the Self Service Password Request wizard that end-users run to reset their password or PIN.
Self Service Password Request question that users enter themselves.
You can set constraints on the length of the question the user must enter.
D:\EKA_QS_workes\1344_Quesso\!_Shemes\Schema_SSPRQstionsDefProcess_US_1.tif
1.
In the Questions area, in the Number of questions to configure field, set the number of questions you want to ask to the user.
2.
Click the Select button.
3.
Click Manage questions.
The Existing Questions area displays the list of question texts that have been already configured, and that can be added to the questions asked to users.
a)
Click the New button.
The Question Properties area is activated.
b)
Set the Question Type: select either Predefined Question to specify a question that cannot be modified by the end user or User-supplied question to allow the end user to define his/her own question.
Click Translations.
Click Add.
b)
Set the Answer constraints:
Fill in Must match regular expression, to set restrictions on the string corresponding to the answer entered by the end user. For details on the syntax of regular expressions, see Quest ESSO Console Administrator Guide.
c)
Click Apply.
The question appears in the Existing Questions area.
a)
In the list of questions drop down list, select the Question number, click the Add button.
b)
Select a question text in the Select a Question window and click OK.
c)
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating