Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Password Manager 5.7.1 - Administration Guide

Table of Contents

About Password Manager

Password Manager Overview

Getting Started

Different Site for Different Roles Password Manager Components Licensing

Installing the License Updating the License Telephone Verification Feature License

Checklist: Installing Password Manager Installing Password Manager

Configuring Password Manager Service Account and Application Pool Identity Enabling HTTPS Steps to Install Password Manager Instance Initialization Installing Self-Service and Helpdesk Sites on a Standalone Server Installing Multiple Instances of Password Manager

Specifying Custom Certificates for Authentication and Traffic Encryption Between Password Manager Service and Web Sites

Step 1: Obtain and Install Custom Certificates From a TrustedWindows-Based Certification Authority Step 2: Provide Certificate Issued for Server Computer to Password Manager Service Step 3: Provide Certificate Issued for Client Computers to Self-Service and Helpdesk Sites

Configuring Management Policy

Configuring User Scope

Configuring Permissions for Domain Management Account Adding Domain Connection Specifying Advanced Options for Domain Connection

Domain Controller Active Directory Sites Changes Propagation

Propagating account-related changes Propagating Q&A profile-related changes Propagating password-related changes

Changing Domain Management Account Removing a Domain Connection

Adding Secret Questions

Password Manager Architecture

Password Manager Components and Third-Party Solutions

Password Manager Service and Administration Site Self-Service Site Helpdesk Site Password Policy Manager Secure Password Extension Offline Password Reset Migration Wizard Telesign SQL Server Database and SQL Server Reporting Services One Identity Quick Connect Sync Engine Defender Starling Two-Factor Authentication RADIUS Two-Factor Authentication Quest Enterprise Single Sign-On

Typical Deployment Scenarios

Simple Deployment Deployment of the Self-Service and Helpdesk Sites on Standalone Servers Realm Deployment Multiple Realm Deployment

Password Manager in Perimeter Network

Installing Password Manager in Perimeter Network with Read-Only Domain Controllers Installing Password Manager in Perimeter Network with Reverse Proxy Installing Password Manager in Perimeter Networ kwithout AD DS

Management Policy Overview

Management Policy Components Management Policy and Other Password Manager Settings

Password Policy Overview

Using One Identity Password Policies Using Fine-Grained Password Policies Applying Multiple Password Policies Using Password Policy Manager

Secure Password Extension Overview

Locating Self-Service Site

Obtaining Self-Service Site URL from Service Connection Point Changing Self-Service Site URL on the Administration Site

Launching User Notification

reCAPTCHA Overview

How It Works How to Use reCAPTCHA on Password Manager Sites System Requirements for Using reCAPTCHA References

User Enrollment Process Overview Questions and Answers Policy Overview

Q&A Policy and Authentication Q&A Policy and User Enforcement

Password Change and Reset Process Overview

Resetting and Changing Password in Connected Systems Enforcing Password History When Resetting Password Replicating Password Changes

Data Replication

Storing Data Replicating Data Changing Replication Settings

Phone-Based Authentication Service Overview

How It Works How to Use Phone-Based Authentication System Requirements

Management Policies

Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site

Specifying Advanced Options for Domain Connection

Active Directory Sites

Changes Propagation

Changing Domain Management Account Removing a Domain Connection

Configuring Questions and Answers Policy

Creating Secret Questions Configuring Q&A Profile Settings

Workflow Overview

Workflow Structure Workflow State Workflow Settings

Custom Workflows

Importing and Exporting Workflows

Custom Activities

Custom Activity Settings Creating Custom Activities Importing and Exporting Custom Activities Removing Custom Activities

Self-Service Workflows

My Questions and Answers Profile Forgot My Password Manage My Passwords Unlock My Account My Notifications I Have a Passcode Self-Service Activities Overview

Authentication Activities

Display CAPTCHA Display reCAPTCHA Authenticate with Password Authenticate with Q&A Profile (Random Questions) Authenticate with Q&A Profile (Specific Questions) Authenticate with Defender Authenticate with Starling Two-Factor Authentication Authenticate with RADIUS Two-Factor Authentication Authenticate via Phone Authenticate with Passcode

Action Activities

Edit Q&A Profile Reset Password in Active Directory Change Password in Active Directory Reset Password in Active Directory and Connected Systems Change Password in Active Directory and Connected Systems Unlock Account Enable Account Force User to Change Password at Next Logon Subscribe to Notifications Lock Q&A Profile Display User Agreement Restart Workflow if Error Occurs Issue BitLocker Recovery Key

Notification Activities

Customizing Notifications Email User if Workflow Succeeds Email User if Workflow Fails Email Administrator if Workflow Succeeds Email Administrator if Workflow Fails

Helpdesk Workflows

Verify User Identity Assign Passcode Reset Password Unlock Account Unlock Q&A Profile Enforce Update of Q&A Profile Helpdesk Activities Overview

Authentication Activities

Authenticate with Q&A Profile Authenticate via Phone Authenticate with Defender Authenticate with Starling Two-Factor Authentication Authenticate with RADIUS Two-Factor Authentication

Action Activities

Reset Password in Active Directory Reset Password in Active Directory and Connected Systems Unlock Account Enable Account Force User to Change Password at Next Logon Assign Passcode Unlock Q&A Profile Enforce Update of Q&A Profile Restart Workflow if Error Occurs

Notification Activities

Customizing Notifications Email User if Workflow Succeeds Email User if Workflow Fails Email Administrator if Workflow Succeeds Email Administrator if Workflow Fails

User Enforcement Rules

Invite Users to Create/Update Q&A Profiles Remind Users to Create/Update Q&A Profiles

Forced Enrollment

Disable account Enable Account

Remind Users to Change Password

General Settings

General Settings Overview Search and Logon Options

Configuring Account Search Options Configuring Security Options

Import/Export Configuration Settings

Exporting Configuration Settings Importing Configuration Settings

Outgoing Mail Servers Diagnostic Logging Scheduled Tasks

Invitation to Create/Update Q&A Profile Task Reminder to Create/Update Q&A Profile Task Reminder to Change Password Task Maximum Password Age Policy Task User Status Statistics Task Environment Health Checker Task

Web Interface Customization Instance Reinitialization

Modifying Service Connection Settings Modifying Advanced Settings

Realm Instances Domain Connections

Using Domain Connections Specifying Access Account for Domain Connections Changing Access Account for Domain Connections Specifying Advanced Options for Domain Connection

Active Directory Sites

Changes Propagation

Propagating account-related changes Propagating Q&A profile-related changes Propagating password-related changes

Removing a Domain Connection

Extensibility Features

Extensibility Features Overview

Starling Two-Factor Authentication RADIUS Two-Factor Authentication Email Templates

Upgrading Password Manager

Upgrading from Password Manager 4.x

Upgrading from Password Manager from 4.x to 5.6.3

Upgrade Requirements

Side-by-Side Upgrade

Enabling Secure Password Extension Connection to Self-Service Site 4.x Upgrading Secure Password Extension Upgrading Password Policy Manager Exporting Configuration Settings from Password Manager 4.x Installing Password Manager 5.x.x Importing Configuration Settings to Password Manager 5.6.3 Configuring Password Manager 5.6.3 Verifying Password Manager 5.6.3 Configuration Upgrading Multiple Instances of Password Manager 5.6.3 Converting Q&A Profiles Disabling Secure Password Extension Connection to Self-Service Site 4.x Uninstalling Password Manager 4.x

In-Place Upgrade

Uninstalling Password Manager 4.x

Upgrading from Password Manager 5.5.3 or later versions

Upgrading Password Manager to 5.7.1 Upgrading from Password Manager 5.6.2 (if security patch is not installed)

Important notes for upgrading to Password Manager 5.7.1 Running the Migration Wizard Modifying the service account

Upgrading from Password Manager 5.6.3 (if security patch is not installed)

Upgrading Secure Password Extension Upgrading Password Policy Manager

Secure Password Extension

Configuring Access to Self-Service Site from Windows Logon Screen

Introducing Secure Password Extension Understanding How Secure Password Extension Works

Locating Self-Service Site Obtaining Self-Service Site URL from Service Connection Point Changing Self-Service Site URL on the Administration Site Changing Self-Service Site URL in the Administrative Template Launching User Notification

Deploying and Configuring Secure Password Extension

Deploying Secure Password Extension Configuring Secure Password Extension

Overriding Automatic Self-Service Site Location Password Manager Realm Affinity Customizing the Logo for Secure Password Extension Customizing Position of the Secure Password Extension Window

Managing Secure Password Extension UsingAdministrative Templates

Generic Settings Pre-Windows Vista Settings Windows 8 Settings

Uninstalling Secure Password Extension

Logging in Secure Password Extension

Password Policies

About Password Policies

Password Policy Manager Password Policy Rules

Installing Password Policy Manager Uninstalling Password Policy Manager Creating and Configuring a Password Policy

Configuring Password Policy Rules

Password Compliance Password Age Rule Length Rule Complexity Rule Required Characters Rule Disallowed Characters Rule Sequence Rule User Properties Rule Dictionary Rule Symmetry Rule Custom Rule

Managing Password Policy Scope

Applying Password Policies Changing Policy Priority

Deleting a Password Policy

Reporting and User Action History Overview

Setting Up Reporting Environment Using Reports User Action History Managing Connections to SQL Server and Report Server

Best Practices for Configuring Reporting Services

Reporting Services Default Configuration Reporting Services Firewall Issues

Password Manager Integration

Active Roles Web Interface

Basic Integration Requirements Customizing Active Roles Home Page Password Manager Self-Service Site Integration Password Manager Helpdesk Site Integration

Quest Enterprise Single Sign-On (QESSO)

Appendix A: Accounts Used in Password Manager

Password Manager Service Account Application Pool Identity Domain Management Account Password Policy Account Account for Using One Identity Quick Connect

Appendix B: Open Communication Ports for Password Manager Appendix C: Customization Options Overview

Customization of Steps in Self-Service and Helpdesk Tasks Email Notification Customization User Agreement Customization Account Search Options Customization Web Interface Customization Customization of URLs to Self-Service Site from Other Applications Customization of Password Policies List Customization of Password Strength Meter Customization of User Name

Glossary About us

Starling Two-Factor Authentication

Password Manager Architecture > Password Manager Components and Third-Party Solutions > Starling Two-Factor Authentication

Starling Two-Factor Authentication

Starling Two-Factor Authentication is a SaaS application that enables two-factor authentication on Password Manager. Starling Two-Factor Authentication uses the token response (OTP) received through SMS, phone call or Starling 2FA app for authentication. It also supports push notifications for authentication. To use push notification, you must install Starling 2FA app on your device and register your phone number while installing the app. In this option, you can authenticate by accepting the notification received on Starling 2FA app.

For more information regarding Starling Two-Factor Authentication, see Authenticate with Starling Two-Factor Authentication.

To configure Starling Two-Factor Authentication in Password Manager, you have to subscribe to Starling Two-Factor Authentication. For more information, visit One Identity Starling site.

RADIUS Two-Factor Authentication

General Settings > RADIUS Two-Factor Authentication

RADIUS Two-Factor Authentication enables two-factor authentication on Password Manager. RADIUS Two-Factor Authentication uses one-time passwords to authenticate users on the Self-Service site and Helpdesk site.

To configure RADIUS Two-Factor Authentication in Password Manager, you have to configure the RADIUS server details in Password Manager.

For more information, see Authenticate with RADIUS Two-Factor Authentication.

Quest Enterprise Single Sign-On

Password Manager Architecture > Password Manager Components and Third-Party Solutions > Quest Enterprise Single Sign-On

Quest Enterprise Single Sign-On

Quest Enterprise Single Sign-on is a One Identity product that provides users with the ability to access all applications on their desktop using a single user ID and password. After users have logged in, they can access password-protected applications on their desktop without the need to enter any further account details.

The account details for password-protected applications are encrypted by using user logon password. When user resets or changes this password, the encrypted data is lost. To prevent data loss, Password Manager should be configured to notify QESSO about password changes and QESSO will re-encrypt the data using new password.

For more information, see Quest Enterprise Single Sign-On (QESSO).

Typical Deployment Scenarios

Password Manager Architecture > Typical Deployment Scenarios

This section describes typical deployment scenarios for Password Manager, including scenarios with installation of the Self-Service and Helpdesk sites on standalone servers, using realms, and others.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy