Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Authentication Manager Self Service Password Request Administration Guide

Password_reset_through_E

Password reset through EAM Portal

If Authentication Manager is not installed on the workstation, users can reset their passwords through EAM Portal, as shown below. There are two ways to reset their passwords:

  • By answering questions.
  • By retrieving an OTP received by e-mail or SMS.

This mode requires a network connection. It does not support PIN reset and you cannot make the help desk verify the identity of users when they reset their passwords.

 

Phase

Description

Configuration phase

The administrator configures security profiles to enable password reset from EAM Portal.

Initialization phase

The user records his answers and questions through the portal, according to the configuration set by the administrator.

Password reset phase

To reset his password, the user connects to EAM Portal and answers to the series of personal questions asked by the system.

QRentry_emergency_access

QRentry emergency access

One Identity QRentry allows you to use your mobile device as an emergency access solution. In this mode, the mobile device authentication method must be enabled. When a user forgets his password or PIN, he can still open his Windows session by flashing a QR code. Depending on his rights, he can also reset his forgotten password or PIN.

The following figure illustrates the emergency access mechanism when Authentication Manager is installed on the workstation. In this mode, mobile users can reset their access even if they are not connected.

 

Phase

Description

Configuration phase

The administrator configures security profiles to enable authentication with QRentry.

Initialization phase

The user enrolls his mobile device with Authentication Manager, according to the configuration set by the administrator.

Authentication phase

To authenticate, the user enters the OTP.

Questions_and_Answers_em

Questions and Answers emergency access

One Identity SSPR allows you to use the questions/answers mechanism as an emergency access solution. In this mode, the password authentication method must be enabled. When a user forgets his password or PIN, he can still open his Windows session by answering questions, but he cannot reset his forgotten password or PIN and he cannot access applications for which an authentication is needed.

 

Phase

Description

Configuration phase

The administrator configures security profiles to enable questions and answers emergency access.

Initialization phase

The first time the user opens his Windows session, Authentication Manager prompts him to record answers and questions according to the configuration set by the administrator.

Authentication phase

To authenticate, the user answers to the series of personal questions asked by Authentication Manager.

Temporary_Password_Acces

Temporary Password Access authentication method

This temporary authentication method is useful within company using strong multi-factor authentication. When tokens or biometric devices are used, you may need to provide a temporary password access in the following cases:

  • A user who has a faulty device (smart card reader or biometric device) can use the temporary password authentication method while waiting for a new device.
  • To force the use of token or biometric devices during the deployment of strong authentication within the company: you disable the password authentication method for all users and activate the temporary password access so that users who do not have their smart card or biometric device can authenticate.
Related Documents