Chat now with support
Chat with Support

Password Manager 5.11 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances Domain Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Bulk Password Reset Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable S2FA for Administrators & Enable S2FA for HelpDesk Users Reporting Password Manager Integration Appendixes Glossary

Upgrade 5.7.1 or later versions

Manual upgrade from 5.7.1 or later versions

Uninstall Password Manager 5.7.1 or later versions, and then install Password Manager 5.11.0 on the computer where Password Manager 5.7.1 or later versions was installed. For more information, see To uninstall Password Manager 5.7.1 or later versions.

  1. From the autorun window of the installation CD, click Install against Password Manager x64 option. Read the content and click Next.
  2. Select I accept the terms in License Agreement check box, and then click Next.
  3. In the User Information page, enter the user details such as the username and the organization to which the user belongs to, and then click Next.
    1. To verify licenses information, click Licenses… and then check the statuses of the license.

NOTE: If the license has expired, click Browse license… and select the appropriate license to continue the Password Manager service.

  1. In the Custom Setup page, click the respective option that needs to be installed, and then click Next.
  2. In the Password Manager Service Account Information page, the account name appears by default. Enter the password, and then click Next.

NOTE: To change the account name, click Browse… and select the appropriate Password Manager service account name.

  1. In the Specify Web Site and Application Pool Identity page, choose the website name, and in the Application pool identity section, the account name appears by default. Enter the password, and then click Next .

NOTE: To change the account name, click Browse… and select the appropriate Application Pool Identity account name.

  1. After completing the above process, click Install.

Upon successful installation, the Password Manager installs the following sites:

  • Administration Site
  • Helpdesk Site
  • Password Manager Self-Service Site

NOTE:

  • Make sure that you have taken a back up of the current configuration settings. For more information, see To export configuration settings from Password Manager 5.7.1 or later versions.
  • After you uninstall Password Manager 5.7.1 or later versions, all configuration settings will be automatically detected by the new version. For more information on how to install Password Manager, see Installing Password Manager .
  • If you have multiple Password Manager instances installed, when upgrading them, you may experience the following issue: the Realm Instances page of the Administration site displays an incorrect list of installed instances. After you upgrade all instances, the page will display the correct list.

 

IMPORTANT:

  • Switch to the Password Manager self Service site(Self-Service UI version 5.9.5 onwards) option is displayed only in case of in place upgrade.

  • In case of Manual upgrade to 5.11.0, the Self-Service site gets replaced as Password Manager Self-Service site. Hence, post Manual upgrade, you can see only one Self service site (Password Manager Self-Service Site) and legacy self-service site is not more accessible, by default.

  • In case of Manual upgrade, if the Legacy Self-Service site is required, Admin has to install it exclusively, in addition to the existing Password Manager Self Service site. In this case, point to note is that the Enabling Self-Service UI 5.11.0 (Switch to Self-service site 5.9.5 onwards) option will not be applicable.

Running the Migration Wizard

 NOTE: In the Shared.storage file in ProgramData folder of primary instance, verify whether AESEncryption value is true in all hosts. After installing Password Manager 5.11.0 and importing the configuration file into secondary instances, replication from all PM instances takes time to update the hosts’ information and to set AESEncryption value to true. If the AESEncryption value is not true, when you run the Migration Wizard 5.11.0, it displays the error message with the list of hosts which are not updated with Password Manager 5.11.0 configuration.

 

 NOTE: Set AESEncryption value to true in all the hosts and run the Migration Wizard 5.11.0 under Password Manager Service account.

To run the Migration Wizard 5.11.0, see To update users’ Q&A profiles with new instance settings and clear old Q&A data for user objects in Active Directory.

 NOTE: In older version Password Manager, if you are using an existing database, after installing the Password Manager 5.11.0, disconnect SQL connection and reconnect with the same or a new database.

 

 NOTE: After installing Password Manager 5.11.0, if service account has to be modified, see Modifying the service account .

Modifying the service account

Modifying the service account

NOTE: If you want to modify the service account after installing Password Manager 5.11.0, you cannot modify it by changing the account on Password Manager service because the new account will not be able to read the current configuration.

To modify the service account after installing Password Manager 5.11.0:

  1. On the menu bar, click General Settings, then click the Import/Export tab and export the configuration file of the primary instance of Password Manager.

    		NOTE: Due to security enhancements, a complex password is generated while exporting the configuration. You must remember the password or store it in a secure place, to use while importing the configuration.
  2. Stop the Password Manager Service.
  3. At the command prompt, type services.msc and select Password Manager Service in the console and change the log on details.
  4. Start the Password Manager Service.

    		NOTE: Before you continue, it is recommended to back up the One Identity folder at C:\ProgramData.
  5. Delete the One Identity folder at C:\ProgramData.
  6. Restart the computer.
  7. Open the Administration site.
  8. On the Instance Initialization page, select Unique instance and click Save.
  9. On the menu bar, click General Settings, then click the Import/Export tab and import the configuration file, which was exported before changing the service account.

Converting Q&A Profiles

After you have configured Password Manager 5.11.0, you can convert users’ Q&A profiles to make it compatible with the latest Password Manager version. To convert Q&A profiles, you must use the Migration Wizard.

When converting users’ Q&A profiles, specify whether to convert profiles of all users belonging to the user scope, users in a specified group or users of a Management policy. You can also select whether to convert Q&A profiles in test or production mode.

IMPORTANT:

  • Before converting users’ Q&A profiles it is recommended to prevent users from accessing the Self-Service site. For more information, see To specify groups or OUs that are denied access to the Self-Service site.

  • To avoid bad data error during user migration, run the migration wizard in test mode. View the report to check if the user information have been migrated successfully.

To convert Q&A profiles

  1. On the computer where Password Manager is installed, run the Migration Wizard from the Password Manager autorun window. It is recommended to run the Migration Wizard under the Password Manager Service account.
  2. On the Welcome page, select the Convert users’ Q&A profiles task.
  3. In the Select management policy drop-down box, select the Management Policy to convert Q&A profiles of users from its user scope and click Next.
  4. On the second page, do one of the following and click Next:
    • Click All users from the user scope to convert Q&A profiles of all users from the user scope of the selected Management Policy.
    • Click The following groups to specify the groups of users whose Q&A profiles will be converted. To select groups, click Add and do the following:
      • In the Add Groups dialog box, enter the group name, select the domain from the list and click Search.
      • Select the required groups in the list and click Save.
  5. On the third page, do one of the following and click Next:
    • Click Convert Q&A profiles in test mode to covert profiles in test mode. The existing profiles will not be replaced.
    • Click Convert Q&A profiles in production mode to convert profiles in production mode. All existing profiles will be replaced.
  6. On the status page, click View the report for detailed information to view a detailed account of profile conversion. If you converted Q&A profiles in test mode, click Convert Q&A profiles in production mode.
  7. Click Finish to close the wizard.

    		IMPORTANT: After profile conversion, some users may not be able to edit their Q&A profiles. Such users will be able to reset their passwords and unlock accounts on the Self-Service site, but if they want to edit their Q&A profiles, they will be forced to create new Q&A profiles.

    If users’ Q&A profiles have been skipped during profile conversion, such users will not be able to use Password Manager 5.11.0 until they create new Q&A profiles.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating