Password_reset_through_E
Password reset through EAM Portal
If Authentication Manager is not installed on the workstation, users can reset their passwords through EAM Portal, as shown below. There are two ways to reset their passwords:
- By answering questions.
- By retrieving an OTP received by e-mail or SMS.
This mode requires a network connection. It does not support PIN reset and you cannot make the help desk verify the identity of users when they reset their passwords.
|
Phase |
Description |
|
|
Configuration phase The administrator configures security profiles to enable password reset from EAM Portal. |
|
|
Initialization phase The user records his answers and questions through the portal, according to the configuration set by the administrator. |
|
|
Password reset phase To reset his password, the user connects to EAM Portal and answers to the series of personal questions asked by the system. |
QRentry_emergency_access
QRentry emergency access
One Identity QRentry allows you to use your mobile device as an emergency access solution. In this mode, the mobile device authentication method must be enabled. When a user forgets his password or PIN, he can still open his Windows session by flashing a QR code. Depending on his rights, he can also reset his forgotten password or PIN.
The following figure illustrates the emergency access mechanism when Authentication Manager is installed on the workstation. In this mode, mobile users can reset their access even if they are not connected.
|
Phase |
Description |
|
|
Configuration phase The administrator configures security profiles to enable authentication with QRentry. |
|
|
Initialization phase The user enrolls his mobile device with Authentication Manager, according to the configuration set by the administrator. |
|
|
Authentication phase To authenticate, the user enters the OTP. |
Questions_and_Answers_em
Questions and Answers emergency access
One Identity SSPR allows you to use the questions/answers mechanism as an emergency access solution. In this mode, the password authentication method must be enabled. When a user forgets his password or PIN, he can still open his Windows session by answering questions, but he cannot reset his forgotten password or PIN and he cannot access applications for which an authentication is needed.
|
Phase |
Description |
|
|
Configuration phase The administrator configures security profiles to enable questions and answers emergency access. |
|
|
Initialization phase The first time the user opens his Windows session, Authentication Manager prompts him to record answers and questions according to the configuration set by the administrator. |
|
|
Authentication phase To authenticate, the user answers to the series of personal questions asked by Authentication Manager. |
Temporary_Password_Acces
Temporary Password Access authentication method
This temporary authentication method is useful within company using strong multi-factor authentication. When tokens or biometric devices are used, you may need to provide a temporary password access in the following cases:
- A user who has a faulty device (smart card reader or biometric device) can use the temporary password authentication method while waiting for a new device.
- To force the use of token or biometric devices during the deployment of strong authentication within the company: you disable the password authentication method for all users and activate the temporary password access so that users who do not have their smart card or biometric device can authenticate.