Chat now with support
Chat with Support

Password Manager 5.14.3 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in a perimeter network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring Access to the Administration Site Configuring Access to the Password Manager Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Password Manager Self-Service Site workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Password Policies Enable 2FA for Administrators and Enable 2FA for HelpDesk Users Reporting Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Customization Options Overview Glossary

Action Activities

This section describes built-in activities that provide core actions of the self-service workflows, such as Reset password, Unlock account, and so on.

Edit Q&A Profile

This activity is a core activity of the My Questions and Answers Profile workflow. Use this activity to enable users to create and update their Questions and Answers profiles.

You can also use this activity in the Forgot My Password and Unlock My Account workflows, if you want to force users to update their Q&A profiles after they reset passwords or unlock their accounts. When you use this activity in the Forgot My Password and Unlock My Account workflows, select the Run this activity only if user’s Q&A profile should be updated check box to make users update their Q&A profiles only if the profiles are not compliant with the current requirements.

The activity has the following settings:

  • Run this activity only if user’s Q&A profile should be updated: When you use this activity in workflows other than My Questions and Answers Profile, for example, in Forgot My Password and Unlock My Account workflows, select this check box to make users update their Q&A profiles only if the profiles are not compliant with the current Q&A policy.

Reset Password in AD LDS

This is a core activity of the Forgot My Password workflow. The activity allows users to reset passwords in AD LDS instances. If you want to enable users to reset passwords in several systems, configure the Reset password in AD LDS and connected systems activity. For more information on configuring this activity and using One Identity Quick Connect Sync Engine, see Reset Password in AD LDS and Connected Systems.

In this activity you can configure the Enforce password history option. Password history determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.

Before selecting this option, you should consider the following by-design behavior of Password Manager when that the Enforce password history option is enabled:

  • Password Manager uses two slots from the password history every time a password is reset. For example, if the password history value defines that users cannot reuse any of the last 10 passwords, then Password Manager checks only the last five passwords. Therefore, One Identity recommends that you double the password history value. For example, if you want to prevent users from using the last 10 passwords, enter the value 20.

  • Having entered a new password that is not policy compliant, users may end up with a randomly generated password that they do not know.

The Use auto generated password option enables HelpDesk users to generate a new password during password reset process.

The Use manual password option enables HelpDesk users to reset the password manually.

Change Password in AD LDS

This is a core activity of the Manage My Passwords workflow. The activity allows users to change passwords in AD LDS instances. If you want to enable users to change passwords in several systems, configure the Change password in AD LDS and connected systems activity. For more information on configuring this activity and using One Identity Quick Connect Sync Engine, see Change Password in AD LDS and Connected Systems.

Run this activity only when user must change password at next logon: Select this check box when you use this activity in workflows other than Manage My Passwords. By using this option you can force users who are required to change password at next logon to change password while performing other tasks on the Self-Service Site.

For example, if you add the Change password in AD LDS activity with this option selected to the My Questions and Answers Profile workflow, you will force users who are required to change password at next logon to change password when creating or updating their Q&A profiles.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating