Chat now with support
Chat with Support

Password Manager 5.14.3 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring Access to the Administration Site Configuring Access to the Password Manager Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Password Manager Self-Service Site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Glossary

Display CAPTCHA

Use this activity to display a CAPTCHA image on the Self-Service Site and require users to enter the displayed characters before beginning a workflow. This feature provides enhanced protection against automated attacks.

This activity has the following settings:

  • Number of characters: Specify the number of characters that will be displayed on a CAPTCHA image.

  • Noise level: Select the noise level for a CAPTCHA image. The higher the level the more difficult it will be to read the characters.

Display reCAPTCHA

Use this activity to display a reCAPTCHA image on the Self-Service Site and require users to enter the displayed characters before beginning a workflow. This feature provides enhanced protection against automated attacks.

reCAPTCHA is a free CAPTCHA service provided by Google.

To start using reCAPTCHA you need to sign up and get reCAPTCHA keys on the following Web site: http://www.google.com/recaptcha.

When getting the keys, provide the DNS name of the domain where Password Manager Self-Service Sites are installed. If the Self-Service Sites are installed in different domains, select the Enable this key on all domains check box to create a global key.

To learn more about using and configuring reCAPTCHA, go to http://www.google.com/recaptcha/learnmore.

This activity has the following settings:

  • Public key: Specify the public key you received when configuring reCAPTCHA.

  • Private key: Specify the private key you received when configuring reCAPTCHA.

  • Theme: Select a color theme for the reCAPTCHA widget.

Authentication methods

Use this activity to select which authentication methods to display in the User site. The three types of authentication methods available to select for the administrator are as follows:

  • Security Questions

  • Corporate Authentication

  • Personal Email

IMPORTANT: The administrator can select any of the activities selected in the registration method, to make it default mode for authentication for the users on the User site. Select one of the settings radio buttons from the right side to make it default authentication method.

NOTE: Consider the following when selecting an authentication method:

  • When the administrator select registration method(s), only the respective authentication methods are visible to the administrator in Authentication methods.

  • If the Administrator has selected Allow user to edit corporate details in corporate authentication of registration mode, a user cannot update the corporate email and corporate mobile number, if they are already populated.

Security Questions

Use this activity to authenticate a user with the personal Questions and Answers profile. In this activity, the administrator can specify how many questions from the Questions and Answers profile the user must answer for authentication.

  • Authenticate with Q&A Profile (Random Questions): See Authenticate with Q&A profile (random questions).

  • Authenticate with Q&A Profile (Specific questions): See Authenticate with Q&A Profile (specific questions).

  • Authenticate with Q&A profile (user-selected questions): See Authenticate with Q&A Profile (User-selected questions).

Corporate Authentication

Use this activity to authenticate a user with a mobile device. There are two methods to authenticate the users using a mobile device.

  • Authenticate with RADIUS Two-Factor Authentication: See Authenticate with RADIUS Two-Factor Authentication.

  • Authenticate via Phone: See Authenticate via Phone.

Personal Authentication

Use this activity to authenticate a user with email or SMS. The email address and phone number used is registered by the user in Register or in Manage My Profile workflow.

Authenticate via Passcode: Use this activity to authenticate the users with a passcode. The administrator can configure passcode length and expiry time limit for the passcode.

NOTE: If Authenticate with personal phone and Authenticate with personal email are both selected, the user will be prompted to choose one of these options.

Authenticate with Password

Use this activity to authenticate users by their passwords when running a workflow.

This activity has the following settings:

  • Authenticate users with expired passwords: Select this check box to grant access to the Self-Service Site to users who are required to change their passwords at next logon. If you clear this check box, users will be denied any access to Password Manager functionality when their passwords are expired or should be changed at next logon.

  • Authenticate users with disabled accounts: If you select this check box, Password Manager will allow users whose accounts are disabled to unlock and re-enable their accounts, reset and manage passwords by using their Q&A profiles.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating