Chat now with support
Chat with Support

Password Manager 5.14 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring access to the Administration Site Configuring access to the Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Third-party contributions Glossary

Authenticate via phone

Use this activity to include phone-based authentication in a self-service workflow. If your license includes phone-based authentication service, you will be able to configure and use this activity.

IMPORTANT: To enable users to use phone-based authentication, configure the user scope for this feature. For more information, see Telephone verification feature license.

If your Password Manager license does not include phone-based authentication service and you want to use this service, contact One Identity Software Support to obtain the necessary license at https://support.oneidentity.com/.

Before enabling phone-based authentication, make sure that users’ phone numbers stored in Active Directory are in a correct format. The phone number must meet the following requirements:

  • The number starts with either 00 or +, followed by the country code and the subscriber’s number. For example: +1 555-789-1314 or 00 1 5554567890.

  • The number can have extensions. For example: + 555 123-45-67 ext 890.

  • Digits within the number can be separated by a space, hyphen, comma, period, plus and minus signs, slash (/), backslash (\), asterisk (*), hash (#), or tab character.

  • The number can contain the following brackets: parentheses (), curly braces {}, square brackets [], and angle brackets <>. Only one set of brackets is allowed within the number. The opening bracket must be in the first half of the number. For example, the number +15551234(567) will be considered invalid.

The USA numbers may not start with 00 or + sign, if they comply with all other requirements and contain 11 digits. For example, the number 1-555-123-3245 will be considered valid.

This activity has the following settings:

  • Authentication method: You can specify whether you want users to receive a call or an SMS with a one-time PIN code by selecting the corresponding option. You can also allow users to choose the authentication method on the Self-Service Site by selecting the Allow users to choose between an automated voice call and SMS option.

  • SMS template: Enter the text message that will contain a one-time PIN code and will be sent to users during phone authentication.

  • telephoneNumber, homePhone, mobile and other attributes: Select one or several attributes of a user account from which telephone numbers will be used during phone-based authentication. You can also specify other attributes.

You can test the configured settings by clicking Test settings and entering the phone number to which a one-time PIN code will be sent.

Authenticate with passcode

Use this activity to allow users to use a passcode for creating or updating their Questions and Answers profile. The users need to register an email address using Register or Manage My Profile workflow to receive the generated passcode, in case they forget their password and are not registered with Password Manager or have forgotten their answers to secret questions.

The Administrator must create a workflow to generate passcode for the users. When the user clicks the Get Passcode option on the Self-Service Site, an auto-generated passcode is sent to their registered email address.

You do not need to configure any settings for this activity.

Use this authentication activity in the I Have a Passcode workflow only.

Action activities

This section describes activities that provide core actions of the self-service workflows, such as Reset password in Active Directory, Unlock account, and so on.

Register

Use this workflow to select which registration methods to display on the User site.

Select registration mode allows the administrator to configure which registration methods are allowed for registration to the users. The following are the three methods available for the users to register:

  • Corporate authentication

  • Security questions

  • Personal contact method: Email and Mobile

The selected options is added in the Password Manager User site.

NOTE: When the administrator selects registration method(s), only the respective authentication methods are visible to the administrator in Authentication methods.

Select one of the radio buttons to set the method as mandatory registration method. The administrator can set a method mandatory from Select the registration method that must be set as the mandatory registration method for users in the User site. When the administrator selects a method as mandatory, it is compulsory for users for registration in the User site. To set as mandatory registration method for the users in the Password Manager User site, select one of the following options:

  • Corporate authentication

  • Security questions

  • Personal contact method: Email and Mobile

  • Allow user to choose

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating