If Authentication Manager is not installed on the workstation, users can reset their passwords through EAM Portal, as shown below. There are two ways to reset their passwords:
This mode requires a network connection. It does not support PIN reset and you cannot make the help desk verify the identity of users when they reset their passwords.
Phase |
Description |
|
Configuration phase The administrator configures security profiles to enable password reset from EAM Portal. |
|
Initialization phase The user records his answers and questions through the portal, according to the configuration set by the administrator. |
|
Password reset phase To reset his password, the user connects to EAM Portal and answers to the series of personal questions asked by the system. |
One Identity QRentry allows you to use your mobile device as an emergency access solution. In this mode, the mobile device authentication method must be enabled. When a user forgets his password or PIN, he can still open his Windows session by flashing a QR code. Depending on his rights, he can also reset his forgotten password or PIN.
The following figure illustrates the emergency access mechanism when Authentication Manager is installed on the workstation. In this mode, mobile users can reset their access even if they are not connected.
Phase |
Description |
|
Configuration phase The administrator configures security profiles to enable authentication with QRentry. |
|
Initialization phase The user enrolls his mobile device with Authentication Manager, according to the configuration set by the administrator. |
|
Authentication phase To authenticate, the user enters the OTP. |
One Identity SSPR allows you to use the questions/answers mechanism as an emergency access solution. In this mode, the password authentication method must be enabled. When a user forgets his password or PIN, he can still open his Windows session by answering questions, but he cannot reset his forgotten password or PIN and he cannot access applications for which an authentication is needed.
Phase |
Description |
|
Configuration phase The administrator configures security profiles to enable questions and answers emergency access. |
|
Initialization phase The first time the user opens his Windows session, Authentication Manager prompts him to record answers and questions according to the configuration set by the administrator. |
|
Authentication phase To authenticate, the user answers to the series of personal questions asked by Authentication Manager. |
This temporary authentication method is useful within company using strong multi-factor authentication. When tokens or biometric devices are used, you may need to provide a temporary password access in the following cases:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy