Chat now with support
Chat with Support

Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

Password Manager 5.10 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances Domain Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies One Identity Starling Reporting Password Manager Integration Appendixes Glossary

Workflow settings

For each workflow, you can set 2 options:

  • Language settings specify a custom name and description for the selected workflow on the Password Manager Self-Service Site or Helpdesk Site, either in the default language, or in additional languages.

  • Availability settings specify if the workflow must appear in the Password Manager Self-Service Site or in the Helpdesk Site.

NOTE: You can specify custom names and descriptions only for the languages for which localization is available in the Password Manager Self-Service Site and Helpdesk Site.

To set the language settings

  1. On the Password Manager Administration Site, under Home > <management-policy>, click the workflow of a management policy you want to configure.

  2. On the page of the configured workflow, click Workflow settings.

  3. Under Workflow Settings > Languages, edit the workflow name and the workflow descriptions in the default language, then click OK.

  4. To edit the workflow name and the workflow description in other languages, click Add new language, select a language, then enter the workflow name and workflow descriptions in the selected language.

  5. To apply your changes, click OK.

To set the availability settings

  1. On the Password Manager Administration Site, under Home > <management-policy>, click the workflow of a management policy you want to configure.

  2. On the page of the configured workflow, click Workflow settings.

  3. Under Workflow Settings > Availability > Enable the workflow, select the availability option of your workflow:

    • Always: The workflow is always enabled for users on the Password Manager Self-Service Site or for operators on the Helpdesk Site.

    • Never: The workflow is always disabled on the Password Manager Self-Service Site or Helpdesk Site.

    • Depending on the current user status: The availability of the configured workflow depends on the user status.

      The default criteria for enabling or disabling workflows on the Password Manager Self-Service Site are the following:

      • For unregistered users, only the Register workflow is enabled.

      • For registered users, the Forgot My Password and Manage My Passwords workflows are enabled.

      • Both for registered and unregistered users, the I Have a Passcode workflow is enabled only if a helpdesk user performs an Assign Passcode workflow for them.

      • For registered users with a locked account, only the Forgot My Password and Unlock My Account workflows are enabled.

      • For users with a locked Q&A profile, no workflows are enabled on the Password Manager Self-Service Site. Users must contact the helpdesk in this case.

      The default criteria for enabling or disabling workflows on the Password Manager Helpdesk Site are the following:

      • For unregistered users, the Reset Password, Unlock Account and Assign Passcode workflows are enabled.

      • For registered users with a locked Q&A profile, all Helpdesk workflows are enabled.

      IMPORTANT: If an unregistered user registers the first time, and enters an incorrect password beyond the specified limit, their profile will be locked. The user then must wait for the duration configured with the Reset lockout account setting.

  4. Under Show the workflow, specify the visibility of the configured workflow on the Password Manager Self-Service Site or Helpdesk Site for users:

    • Always: The workflow is always visible, regardless of whether it is enabled or disabled for the current user.

    • Never: The workflow is always hidden, regardless of whether it is enabled or disabled for the current user.

    • Only if the workflow is enabled: The workflow appears only if it is enabled for the current user.

  5. To apply your changes, click OK.

NOTE: Custom workflows appear on the Password Manager Self-Service Site for users even if the Enable the workflow setting is set to Depending on the current user status and the Show the workflow setting is set to Only if the workflow is enabled.

To force these settings for custom workflows

  1. Stop the Password Manager Service.

  2. Open the C:\ProgramData\One Identity\Password Manager\Shared.storage file.

  3. Replace the <DisabledReasons /> line with the following entry:

    <disabledReasons>
       <reason name="userRegistered" value="DisableIfFalse" />
    </disabledReasons>
  4. Save the file, then restart the Password Manager Service.

Custom workflows

To extend and customize the functionality provided by built-in workflows for your organization, create custom workflows. Similar to the built-in workflows, you can create 2 types of custom workflows: Self-Service and Helpdesk workflows.

To create a custom workflow

  1. To open the Add New Workflow dialog, in the Password Manager Administration Site, under Home > <management-policy>, click New Workflow at the heading of the management policy for which you want to configure the new workflow.

  2. In the Select the workflow type drop-down list, select the site where the workflow must appear (Self-Service Site or Helpdesk Site).

  3. Enter the Workflow name.

  4. Enter a Workflow description.

  5. To apply your changes, click Save.

TIP: Consider the following when creating a new workflow:

  • When you add a new custom workflow, it does not contain any activities. To add activities, click the workflow to open the Workflow Designer.

  • You must specify the name and description for each workflow in the default language used on the Self-Service Site or Helpdesk Site. However, in addition, you can also specify the workflow name and description in other languages, as long as localization for those languages is available in the Self-Service Site and Helpdesk Site). For more information on configuring language settings, see Workflow settings.

NOTE: Custom workflows appear on the Password Manager Self-Service Site for users even if the Enable the workflow setting is set to Depending on the current user status and the Show the workflow setting is set to Only if the workflow is enabled.

To force these settings for custom workflows

  1. Stop the Password Manager Service.

  2. Open the C:\ProgramData\One Identity\Password Manager\Shared.storage file.

  3. Replace the <DisabledReasons /> line with the following entry:

    <disabledReasons>
       <reason name="userRegistered" value="DisableIfFalse" />
    </disabledReasons>
  4. Save the file, then restart the Password Manager Service.

Importing and exporting workflows

To share your configured workflows among management policies, import and export the workflows between them.

Prerequisites

Importing and exporting workflows between management policies is available only if you enable extensibility features.

To enable extensibility features

  1. On the Password Manager Administration Site, navigate to General Settings > Extensibility.

  2. Select Extensibility on.

  3. To apply your changes, click Save.

To export a workflow

  1. On the Password Manager Administration Site, under Home > <management-policy>, click the workflow of a management policy you want to export.

  2. On the page of the workflow, click Export workflow. Depending on the browser settings, the workflow is then either downloaded to the default download folder, or you can specify the download location.

To import a workflow

IMPORTANT: Before importing a workflow, consider the following:

  • If you import a workflow, Password Manager will replace existing workflows with the same name. To avoid accidental overwrites, One Identity recommends backing up existing workflows by exporting them when prompted.

  • One Identity strongly recommends auditing scripts of custom activities in imported workflows before using them in a production environment. This is required because attackers could potentially access sensitive information via PowerShell scripts in a custom activity. Make sure you import workflows from a trusted source only.

  • If the imported workflow contains activities that are missing from the current configuration, import the missing activities first (from the same workflow archive file), then import the workflow.

  1. On the Password Manager Administration Site, under Home > <management-policy>, navigate to the management policy for which you want to import a new workflow, then click Import Workflow.

  2. To select the workflow archive file, in the Import Workflow dialog, click Upload, then click OK.

  3. To perform the import, click OK. If the import procedure would overwrite an existing workflow with the same name, click the link to export the affected workflow.

Custom Activities

Custom activities

There are two options to create a custom activity. You can create a custom activity from scratch or convert a built-in activity to custom.

For any custom activity, you can specify a display name, a short name (used to address the activity in scripts), a description (used on the Administration site), and add PowerShell script to the activity. When you create the custom activity from scratch, you can also select user interface elements and enter the main instruction for the page of the Self-Service or Helpdesk site that will be displayed when the activity is executed.

Note that you cannot specify any user interface elements for custom activities converted from built-in ones. If you want set user interface elements for your custom activity, create it from scratch.

For more information on writing PowerShell scripts for custom activities, refer to the Password Manager SDK.

IMPORTANT: Note, you can create custom activities only after you turn on the extensibility features. You can turn on the extensibility features on the General Settings tab of the Administration site.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating