Chat now with support
Chat with Support

Password Manager 5.13.1 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Legacy Self-Service Site and Password Manager Self-Service site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Legacy Self-Service or Password Manager Self-Service site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Feature imparities between the legacy and the new Self-Service Sites Glossary

Working with Power BI templates

Microsoft Power BI is an analytics service that is used to visualize large data with business intelligence. You can generate multiple interactive reports and customize dashboards with data insights and plot them on graphs to simplify data visualization.

IMPORTANT: The existing reporting in Password Manager is retained for the current release, after which it will be deprecated and replaced by Power BI reporting service.

The predefined Password Manager PowerBI template is available in Password Manager\Setup\Template\PowerBI Template of the installation media. You can extend the functionality by exporting the predefined template using the PowerBI Desktop software. The template provides the following reports by default:

  • User Status

  • Actions by Users

  • Actions by Number of Users

  • Users actions by Month

  • Email Notification by Type and User

  • Helpdesk usage by Actions

  • Helpdesk usage by Operators

  • Helpdesk usage by Users

  • Registration by Month

To import the predefined PowerBI template

  1. Download and install the Power BI Desktop software from the Microsoft Download Center.

  2. Provide the credentials to login to the Power BI Desktop software.

  3. Navigate to File > Import > Power BI template.

  4. Select the predefined Power BI template and click Open.

    The SQL Server database window is displayed.

  5. The PowerBI Desktop initiates the process to connect to the database from which the template is created. Click Cancel.

  6. The Refresh window is displayed. Click Cancel.

  7. Navigate to the Data Source settings in the Power BI Desktop.

    The Data source settings window is displayed.

  8. Click Change Source.

  9. Provide the SQL Server name in the Server field and the Database name in the Database field.

  10. Click OK.

  11. Click Apply changes in the warning message to apply the latest changes.

    The Power BI Desktop is connected to the database and all the updates are displayed.

Alternative option

As an alternative to generating reports using predefined Power BI templates, you can use the Reporting feature. For more information, see Reporting and User Action History Overview.

Password Manager Credential Checker

The Password Manager Credential Checker is based on PowerShell scripts used to check if the user’s password is compromised. Credential Checker deals with actions related to change in password in Active Directory, reset password in Active Directory, change password in Active Directory and connected systems, or reset password in Active Directory and connected systems. By default, the Credential Checker PowerShell script implements VeriClouds CredVerify functionality for leaked password with hash segment.

IMPORTANT: If you prefer to use other credential checker service, modify the Credential Checker PowerShell script appropraitely.

To configure the Password Manager credential checker

  1. To enable the Password Manager credential checker, after the Password Manager is installed, on the Password Manager Administrator portal, navigate to General settings > Extensibility and select Turn the credential checker mode on or off.

  2. On the Password Manager installation path, open the compromised_password_checker script. It is available in the <installation location\One Identity\Password Manager\Service\Resources\CredentialChecker> location.

  3. Edit the script to provide the Vericlouds credentials:

    $url=<valid URL>
    $api_key=<valid Key>
    $api_secret=<valid api secret>
  4. Save the file.

When you enter a new password on the Self-Service site using any of the workflows, such as, Forgot Password or Manage My Passwords, the Credential Checker validates the new password and check if it matches with the passwords listed in the VeriClouds. If the password matches, Provided password is compromised, type another password. If you've ever used it anywhere before, change it! is displayed.

This feature is not applicable if the user changes the password using Ctrl + Alt + Delete on the Windows logon screen.

Typical Deployment Scenarios

This section describes typical deployment scenarios for Password Manager, including scenarios with installation of the Self-Service and Helpdesk sites on standalone servers, using realms, and so on.

Simple Deployment

In this scenario, you install all main Password Manager components, that is, the Password Manager Service, Administration, Self-Service and Helpdesk sites on a single server. This is the simplest deployment scenario, which can be used in small environments and for demonstration purposes.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating