One Identity offers two means of fast user switching: the Fast User Switching (FUS) and the Multi-User Desktop (MUD).
The Fast User Switching (FUS) feature allows a user to load his/her SSO configuration without closing the current Windows session.
When the user logs on to the workstation, all the running applications are closed and Enterprise SSO restarts with the user SSO configuration.
The Multi-User Desktop (MUD) is an advanced feature of the FUS. Indeed, the MUD enables a high number of users to work on a single station with simultaneous Windows sessions.
When one of the users logs on to the workstation, all the applications of the user are opened and Enterprise SSO restarts with the user SSO configuration.
|
NOTE:For more information on the FUS and the MUD, refer to Authentication Manager Session Management Administrator’s Guide. |
This section explains how to modify your own password or the password of another user (if you are allowed to).
If you have authenticated with your:
The change password window appears.
|
NOTE:
|
Windows 10 |
Windows 7 |
|
|
The following window appears:
The password is modified in the LDAP directory.
If you authenticate with your User name and Primary Password, you can choose a new Primary Password.
Your Primary Password has been changed.
|
NOTE: If you are offline when your Primary Password is about to expire, you will be asked to change it the next time you log on. |
If allowed by your security administrator, you can reset your primary password after logging on to Windows with your mobile device.
For more information on this authentication method, refer to the QRentry - Guide de l’utilisateur.
This section explains how to change the PIN of your smart card.
The change PIN window appears.
The smart card PIN is modified.
This section explains how to modify the PIN of your RFID badge.
The change PIN window appears.
The RFID badge PIN is modified.
When your PIN expires, you must change it.
|
NOTE: Your new PIN must comply with the PIN control policy. |
Your PIN has been modified.
|
NOTE: If you are offline when your PIN is about to expire, you will be asked to change it the next time you log on. |
When your RFID badge is blocked because you entered too many wrong PINs, you can reset your PIN with your primary password.
Your PIN is reset.
|
NOTE:
|
The emergency access (SSPR) enables you to authenticate and reset your password or PIN, whether you are connected or not to the network. If you are:
|
IMPORTANT: If you are not connected to the network, you must answer the questions if it has been configured. |
The following schema illustrates the tasks you have to perform to reset your password or PIN by answering a series of personal questions. These tasks are described in this section.
|
NOTE: This PIN reset method is not compatible with the RFID+PIN authentication method. |
You must initialize the Self Service Password Request (SSPR) feature to save your answers to a set of questions. Then, to reset your password or PIN, you must answer the questions you have chosen.
You can perform this task every time you want to update or change your questions and answers.
When the SSPR is enabled, you can define your questions (optional) and answers the first time that your Authentication Manager is activated. Then you may need to modify this information in the following cases:
You can initialize the SSPR through the EAM portal (see One Identity EAM Portal - Guide de l’utilisateur) or through the Authentication Manager icon as detailed in the following procedure.
The authentication window appears.
The Self Service Password Request wizard appears.
|
NOTE: You may have restrictions to define your questions/answers, as for example a minimum/maximum number of characters, or words that you cannot use. If you do not know why your questions/answers are not accepted, contact your EAM administrator. |
The Reset Password feature allows you to reset your password to open your Windows session even if you have forgotten your smart card or cannot remember your password.
You can reset your password through the EAM portal (see One Identity EAM Portal - Guide de l’utilisateur) or upon session opening as detailed in the following procedure.
|
NOTE: If you have not initialized the Self Service Password Request feature and therefore cannot reset your password by yourself, the administrator can still modify your primary password from EAM Console. |
Windows version |
Action |
Windows 10
|
Check or enter your user name. Click the Questions and answers tile. |
Windows 7
|
Click the Password forgotten tile. Check or enter your user name. |
|
IMPORTANT: Replace this text with a notation that requires the reader's attention. |
|
IMPORTANT: If the Questions and answers/Password forgotten option does not appear on the screen, it means that your administrator has disabled it or that you do not own the license. |
The Self Service Password Request wizard appears.
|
NOTE: Click Help me to choose a valid password to check that your new password is in accordance with the Password Format Control Policy. |
The help desk gives you back another challenge.
|
NOTE: The challenge that the help desk gives you can only be used once. |
Your password is reset and your session opens. You can then use the new password for next logons.
|
NOTE: If the password has been reset in disconnected mode, you will be asked to change it the next time you connect to the network. |
The Reset PIN feature allows you to reset your PIN (either being online or offline) in case you have forgotten it.
|
IMPORTANT: If the I have forgotten my PIN option does not appear on the screen, it means that your administrator has disabled it or that you do not own the license. |
The Self Service Password Request wizard appears.
The following window appears:
The help desk gives you back another challenge.
|
NOTE: The challenge that the help desk gives you can only be used once. |
When the Wizard terminates, your PIN is reset and a session opens. You can then use the new PIN for next logons.
The Reset Password feature allows you to reset your password to open your Windows session even if you cannot remember your password.
You can reset your password through the EAM portal (see One Identity EAM Portal - Guide de l’utilisateur) or upon session opening as detailed in the following procedure.
Authentication Manager must be installed on your workstation.
Windows version |
Action |
Windows 10
|
|
Windows 7
|
|
|
IMPORTANT: If the Questions and answers/Password forgotten option does not appear on the screen, it means that your administrator has disabled it or that you do not own the license. |
An OTP is sent to your mobile device/email.
|
NOTE: Click Help me to choose a valid password to check that your new password is in accordance with the Password Format Control Policy. |
Your password is reset and your session opens. You can then use the new password for next logons.
During authentication, if you enter too many successive wrong PINs, your smart card blocks itself and the following window appears:
You are asked to enter your unblocking PIN, or PUK, to unblock your smart card.
|
NOTE:
|
Providing your unblocking PIN, or PUK, enables you to unblock your smart card if you have entered too many successive wrong PINs.
The Collect unblocking code window appears.
|
IMPORTANT: If you enter too many successive wrong PUKs, your Smart Card blocks itself. |
You PUK has been provided.
You can unblock your smart card only if it has an external CMS.
If you:
The Unblock Smart Card window appears.
Your smart card is now unblocked.
The Unblock Smart Card window appears.
Your smart card is now unblocked.
The following procedure only applies to smart cards that can store several SSO accounts.
You can delete all the accounts stored on the smart card, even the one you used to log on with. In this case, after the account deletion, the session stays open.
|
IMPORTANT: Do not lock the session as you will not be able to unlock it. We recommend you to log off the session after the account deletion. |
The Manage Primary Accounts window appears and lists the accounts stored on the smart card.
The account is created/removed on/from the smart card.
A set of certificates can be stored on you smart card. When these certificates are about to expire and upon a successful smart card authentication, Authentication Manager displays a warning message with the list of these certificates. To renew them, execute the following procedure.
Compatible only with Windows Smartlogon cards.
The Automatic Certificate Renewal window appears.
Your certificate(s) has(have) been renewed and added to your smart card.
|
NOTE: If your click Not now, your certificate is not renewed and the window will appear each time you log on until your renew the certificate(s). |
If your password was forced by a directory administrator or if you have changed smart cards, you can recover your SSO data by providing your old password or by answering questions.
You authenticated at least once on your workstation connected to the network or an EAM directory is available.
Your SSO data has been recovered.
SSPRForSelfSSORecovery
registry key (see Password Management) must be enabled.
The Self Service Password Request wizard appears.
If you answered all the questions correctly, your SSO data is recovered.
If you did not answer all the questions correctly , you can restart the procedure or enter your old password.
By clicking Cancel, the Enterprise SSO - Data Migration window appears.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy