Chat now with support
Chat with Support

Password Manager 5.11.3 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Working with Redistributable Secret Management account Email Templates
Password Policies Enable S2FA for Administrators and Enable S2FA for HelpDesk Users Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Appendix D: Feature imparities between the legacy and the new Self-Service Sites Glossary

Authenticate with Passcode

Authenticate with Passcode

Use this activity to allow users to use passcode for creating or updating Questions and Answers profile. Passcodes are assigned by helpdesk operators to users who have forgotten their passwords and at the same are not registered with Password Manager or have forgotten their answers to secret questions.

You do not need to configure any settings for this activity.

By default, this authentication activity is used in the I Have a Passcode workflow.

For more information on configuring settings for assigning passcodes, see Assign Passcode.

Action Activities

This section describes built-in activities that provide core actions of the self-service workflows, such as Reset password, Unlock account, etc.

Edit Q&A Profile

Edit Q&A Profile

This activity is a core activity of the My Questions and Answers Profile workflow. Use this activity to enable users to create and update their Questions and Answers profiles.

You can also use this activity in the Forgot My Password and Unlock My Account workflows, if you want to force users to update their Q&A profiles after they reset passwords or unlock their accounts. When you use this activity in the Forgot My Password and Unlock My Account workflows, select the Run this activity only if user’s Q&A profile should be updated check box to make users update their Q&A profiles only if the profiles are not compliant with the current requirements.

The activity has the following settings:

  • Run this activity only if user’s Q&A profile should be updated. When you use this activity in workflows other than My Questions and Answers Profile, for example, in Forgot My Password and Unlock My Account workflows, select this check box to make users update their Q&A profiles only if the profiles are not compliant with the current Q&A policy.

Reset Password in AD LDS

Reset Password in AD LDS

This is a core activity of the Forgot My Password workflow. The activity allows users to reset passwords in AD LDS instances. If you want to enable users to reset passwords in several systems, configure the Reset password in AD LDS and connected systems activity. For more information on configuring this activity and using One Identity Quick Connect Sync Engine, see Reset Password in AD LDS and Connected Systems.

In this activity you can configure the Enforce password history option. Password history determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.

Before selecting this option, you should consider the following by-design behavior of Password Manager when that the Enforce password history option is enabled:

  • Password Manager uses two slots from the password history every time a password is reset. For example, if the password history value defines that users cannot reuse any of the last 10 passwords, then Password Manager checks only the last five passwords. Therefore, it is advised that you double the password history value.
  • Having entered a new password that is not policy compliant, users may end up with a randomly generated password they do not know.

The Use auto generated password option enables HelpDesk users to generate a new password during password reset process.

The Use manual password option enables HelpDesk users to reset the password manually.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating