Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Advanced Login Self Service Password Request Administrator Guide

1 Overview 2 Configuring and Using the Password/PIN Reset Function 3 Forcing the Use of Tokens or Biometrics with the Temporary Password Access Function 4. Authorizing the Q&A-based Authentication

2.1.1.3 Setting the Self Service Password Request Security Parameters

The Security area allows you to define the Self Service Password Request security policy, as explained in the following procedure.
1.
In the Security area, set the following fields:
Number of questions to ask: the number of questions to which the end-users must answer to reset their password or PIN. This number cannot be greater than the number of questions configured in 2.1.1.2 Defining the List of Self Service Password Request Questions.
Minimum number of correct answers: the minimum number of correct answers that the end-user must enter to be able to reset his/her password or PIN.
2.
Click the Advanced button to define other security parameters.
3.
Configure the policy parameters, as explained in the following ""Self Service Password Request Policy" Window Description" section.
4.
This parameter is only available if you have selected the Always available (disconnected mode) option in 2.1.1.1 Configuring the Self Service Password Request Feature Availability.
To try the use of the Self Service Password Request server before using the disconnected mode.
This parameter is only available if you have selected the Always available (disconnected mode) option in 2.1.1.1 Configuring the Self Service Password Request Feature Availability.
If this option is selected, the temporary password will never be resynchronized with the directory. This allows you to force the user to use his/her own password and not his/her temporary password when he/her reconnects to the network.
This parameter is only available if you have selected the Always available (disconnected mode) option in 2.1.1.1 Configuring the Self Service Password Request Feature Availability.
To set the maximum number of attempts to use the Self Service Password Request feature in disconnected mode.

2.1.2 Allowing Users to Reset Their Password with the Self Service Admin Portal

If Advanced Login is not installed on users’ workstations, you can make them access the SSPR feature from a web portal to reset their password only, not their PIN.

2.1.2.1 Setting the SSPR Administrator Account and Installing an SSPR Server

If the security data of this dedicated administrator is protected by the hardware protection mode, a smart card must be permanently connected to the Self Service Password Request server, so that the user password can be modified.
If the security data is protected by the software protection mode, the Self Service Password Request administrator credentials (securely stored on the server) are sufficient to perform the user password change.
For more information on Quest ESSO protection modes, see Quest ESSO Console Administrator Guide.
2.
If the security data of the dedicated administrator is protected by the hardware protection mode, let the smart card permanently connected to the Self Service Password Request server, so that the user password can be modified.

2.1.2.2 Declaring the Self Service Password Request Servers

1.
In Quest ESSO Console, click the access point profile for which you want to declare Self Service Password Request servers.
2.
Click the Self Service Password Request tab.
5.
Click Apply.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating