Preface
Preface
| Subject | This guide describes how to configure and administer the features offered by Self Service Password Request (SSPR). | ||||||
| Audience | This guide is intended for Authentication Manager administrators. | ||||||
| Required Software | EAM 9.0 evolution 2 and later versions. For more information about the versions of the required operating systems and software solutions quoted in this guide, please refer to One Identity EAM Release Notes. | ||||||
| Typographical Conventions |
Bold Indicates:
| ||||||
| Italics - Indicates references to other guides. | |||||||
| Code - Indicates portions of program codes, command lines or messages displayed in command windows. | |||||||
| CAPITALIZATI ON Indicates specific objects within the application (in addition to standard capitalization rules). | |||||||
| < > Identifies parameters to be supplied by the user. | |||||||
|
Legend
| |||||||
| Documentation support | The information contained in this document is subject to change without notice. As our products are continuously enhanced, certain pieces of information in this guide can be incorrect. Send us your comments or suggestions regarding the documentation on the One Identity support website. |
Overview
The One Identity Self Service Password Request (SSPR) feature reduces usage costs by allowing users to reset their primary password or PIN by themselves. When this feature is enabled, users can:
- Select personal questions and answers, then if they forget their means of access, they answer questions, either to reset their primary password or PIN, or to open directly their Windows session. This feature works even if the user is not connected to the corporate network.
- Request an OTP sent to their mobile device/email to reset their primary password. This feature works only if the user is connected to the corporate network.
One Identity SSPR offers the following benefits:
- It relieves the support service from having to reset the user’s password or PIN.
- It offers an emergency access solution, based on questions and answers or an OTP.
- It provides an alternative authentication method for users using strong authentication methods (tokens, biometric devices), by allowing them to open temporarily a Windows session using a password.
Password_and_PIN_reset_
Password and PIN reset through Authentication Manager
Reset with Q&A
The following figure illustrates the password/PIN reset mechanism when Authentication Manager is installed on the workstation. In this mode, mobile users can reset their access even if they are not connected.
|
Phase |
Description |
|
|
Configuration phase The administrator configures security profiles to enable the password/PIN reset from Authentication Manager. |
|
|
Initialization phase The first time the user opens his Windows session, Authentication Manager prompts him to record answers and questions according to the configuration set by the administrator. |
|
|
Password/PIN reset phase To reset his password or PIN, the user answers to the series of personal questions asked by Authentication Manager. The administrator can make the help desk verify the identity of users when they reset their passwords. For PIN reset, this is mandatory. |
Reset_with_OTP
Reset with OTP
One Identity SSPR allows you to use the OTP mechanism as an emergency access solution. In this mode, the password authentication method must be enabled. When a user forgets his password or PIN and he is connected to the network, he can still open his Windows session by receiving and entering an OTP. He can then reset his forgotten password or PIN and access applications for which an authentication is needed.
|
Phase |
Description |
|
|
Configuration phase The administrator configures security profiles to enable OTP emergency access. |
|
|
Password/PIN reset phase The user requests an OTP sent to his email address and/or mobile device. To reset his password or PIN, the user enters the OTP and enters a new password/PIN. |