Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Authentication Manager Self Service Password Request Administration Guide



Subject This guide describes how to configure and administer the features offered by Self Service Password Request (SSPR).
Audience This guide is intended for Authentication Manager administrators.
Required Software EAM 9.0 evolution 2 and later versions. For more information about the versions of the required operating systems and software solutions quoted in this guide, please refer to One Identity EAM Release Notes.
Typographical Conventions

Bold Indicates:

  • Interface objects, such as menu names, buttons, icons and labels.
  • File, folder and path names.
  • Keywords to which particular attention must be paid.
  Italics - Indicates references to other guides.
  Code - Indicates portions of program codes, command lines or messages displayed in command windows.
  CAPITALIZATI ON Indicates specific objects within the application (in addition to standard capitalization rules).
  < > Identifies parameters to be supplied by the user.


Warning: A WARNING icon indicates a potential for property damage, personal injury, or death.

Caution: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
Documentation support The information contained in this document is subject to change without notice. As our products are continuously enhanced, certain pieces of information in this guide can be incorrect. Send us your comments or suggestions regarding the documentation on the One Identity support website.


The One Identity Self Service Password Request (SSPR) feature reduces usage costs by allowing users to reset their primary password or PIN by themselves. When this feature is enabled, users can:

  • Select personal questions and answers, then if they forget their means of access, they answer questions, either to reset their primary password or PIN, or to open directly their Windows session. This feature works even if the user is not connected to the corporate network.
  • Request an OTP sent to their mobile device/email to reset their primary password. This feature works only if the user is connected to the corporate network.

One Identity SSPR offers the following benefits:

  • It relieves the support service from having to reset the user’s password or PIN.
  • It offers an emergency access solution, based on questions and answers or an OTP.
  • It provides an alternative authentication method for users using strong authentication methods (tokens, biometric devices), by allowing them to open temporarily a Windows session using a password.


Password and PIN reset through Authentication Manager

Reset with Q&A

The following figure illustrates the password/PIN reset mechanism when Authentication Manager is installed on the workstation. In this mode, mobile users can reset their access even if they are not connected.





Configuration phase

The administrator configures security profiles to enable the password/PIN reset from Authentication Manager.

Initialization phase

The first time the user opens his Windows session, Authentication Manager prompts him to record answers and questions according to the configuration set by the administrator.

Password/PIN reset phase

To reset his password or PIN, the user answers to the series of personal questions asked by Authentication Manager.

The administrator can make the help desk verify the identity of users when they reset their passwords. For PIN reset, this is mandatory.


Reset with OTP

One Identity SSPR allows you to use the OTP mechanism as an emergency access solution. In this mode, the password authentication method must be enabled. When a user forgets his password or PIN and he is connected to the network, he can still open his Windows session by receiving and entering an OTP. He can then reset his forgotten password or PIN and access applications for which an authentication is needed.




Configuration phase

The administrator configures security profiles to enable OTP emergency access.

Password/PIN reset phase

The user requests an OTP sent to his email address and/or mobile device. To reset his password or PIN, the user enters the OTP and enters a new password/PIN.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents