Chat now with support
Chat with Support

Password Manager 5.14.3 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring access to the Administration Site Configuring access to the Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Glossary

Running the Migration Wizard

NOTE: In the Shared.storage file in ProgramData folder of primary instance, verify whether AESEncryption value is true in all hosts. After installing Password Manager 5.14.3 and importing the configuration file into secondary instances, replication from all Password Manager instances takes time to update the hosts’ information and to set AESEncryption value to true. If the AESEncryption value is not true, when you run the Migration Wizard 5.14.3, it displays the error message with the list of hosts which are not updated with Password Manager 5.14.3 configuration.

NOTE: Set AESEncryption value to true in all the hosts and run the Migration Wizard 5.14.3 under Password Manager Service account.

To run the Migration Wizard 5.14.3, see To update users’ Q&A profiles with new instance settings and clear old Q&A data for user objects in Active Directory.

NOTE: In older version Password Manager, if you are using an existing database, after installing the Password Manager 5.14.3, disconnect SQL connection and reconnect with the same or a new database.

NOTE: After installing Password Manager 5.14.3, if service account has to be modified, see Modifying the service account.

Modifying the service account

Service accounts are used to install Password Manager. This section describes how to modify your service account.

NOTE: If you want to modify the service account after installing Password Manager 5.14.3, you cannot modify it by changing the account on Password Manager service because the new account will not be able to read the current configuration.

To modify the service account after installing Password Manager 5.14.3

  1. On the menu bar, click General Settings, then click the Import/Export tab and export the configuration file of the primary instance of Password Manager.

    NOTE: Due to security enhancements, a complex password is generated while exporting the configuration. You must remember the password or store it in a secure place, to use while importing the configuration.

  2. Stop the Password Manager Service.

  3. At the command prompt, type services.msc and select Password Manager Service in the console and change the log on details.

  4. Start the Password Manager Service.

    NOTE: Before you continue, it is recommended to back up the One Identity folder at C:\ProgramData.

  5. Delete the One Identity folder at C:\ProgramData.

  6. Restart the computer.

  7. Open the Administration Site.

  8. On the Instance Initialization page, select Unique instance and click Save.

  9. On the menu bar, click General Settings, then click the Import/Export tab and import the configuration file, which was exported before changing the service account.

Converting Q&A Profiles

After you have configured Password Manager 5.14.3, you can convert users’ Q&A profiles to make it compatible with the latest Password Manager version. To convert Q&A profiles, you must use the Migration Wizard.

When converting users’ Q&A profiles, specify whether to convert profiles of all users belonging to the user scope, users in a specified group or users of a Management policy. You can also select whether to convert Q&A profiles in test or production mode.

IMPORTANT:

  • Before converting users’ Q&A profiles it is recommended to prevent users from accessing the Self-Service Site. For more information, see To specify groups or OUs that are denied access to the Self-Service Site.

  • To avoid bad data error during user migration, run the migration wizard in test mode. View the report to check if the user information have been migrated successfully.

To convert Q&A profiles

  1. On the computer where Password Manager is installed, run the Migration Wizard from the Password Manager autorun window. It is recommended to run the Migration Wizard under the Password Manager Service account.

  2. On the Welcome page, select the Convert users’ Q&A profiles task.

  3. In the Select management policy drop-down box, select the Management Policy to convert Q&A profiles of users from its user scope and click Next.

  4. On the second page, do one of the following and click Next:

    • Click All users from the user scope to convert Q&A profiles of all users from the user scope of the selected Management Policy.

    • Click The following groups to specify the groups of users whose Q&A profiles will be converted. To select groups, click Add and do the following:

      • In the Add Groups dialog, enter the group name, select the domain from the list and click Search.

      • Select the required groups in the list and click Save.

  5. On the third page, do one of the following and click Next:

    • Click Convert Q&A profiles in test mode to covert profiles in test mode. The existing profiles will not be replaced.

    • Click Convert Q&A profiles in production mode to convert profiles in production mode. All existing profiles will be replaced.

  6. On the status page, click View the report for detailed information to view a detailed account of profile conversion. If you converted Q&A profiles in test mode, click Convert Q&A profiles in production mode.

  7. Click Finish to close the wizard.

    IMPORTANT: After profile conversion, some users may not be able to edit their Q&A profiles. Such users will be able to reset their passwords and unlock accounts on the Self-Service Site, but if they want to edit their Q&A profiles, they will be forced to create new Q&A profiles.

    If users’ Q&A profiles have been skipped during profile conversion, such users will not be able to use Password Manager 5.14.3 until they create new Q&A profiles.

Upgrading Secure Password Extension

You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.

To remove the existing and assign a latest-version package

  1. Remove the assigned package (Quest One Secure Password Extension x86.msi or Quest One Secure Password Extension x64.msi) from the list of software to be installed.

  2. Add the latest-version MSI packages to the list of software to be installed.

When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.admx administrative template with the one located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation media.

During the upgrade of prm_gina.admx administrative template, the previously made template settings are preserved and picked up by newer versions.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating