Chat now with support
Chat with Support

Password Manager 5.7.1 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings Upgrading Password Manager Secure Password Extension Password Policies Reporting Password Manager Integration Appendixes Glossary About us

Enforcing Password History When Resetting Password

When you use Password Manager to reset your password, Active Directory does not automatically check the new password against the password history. As a result, the “Enforce password history” policy setting may have no effect. To ensure that this password policy settings is applied in Active Directory when your password is reset by using Password Manager, the Enforce password history option must be selected in the Reset password in Active Directory and Reset password in Active Directory and connected systems activities.

Password Manager uses two slots from the password history every time a password is reset. For example, if the password history value defines that users cannot reuse any of the last 10 passwords, then Password Manager checks only the last five passwords. Therefore, it is advised that you double the password history value for all managed domains.

When the password history is enforced for resetting passwords, Password Manager resets user’s old password to an automatically generated password that complies with password policies, and then changes this password to the one provided by the user. Note, that if an error occurs when changing the password, users may end up with the automatically generated password they do not know.

For more information, see Reset Password in Active Directory.

Replicating Password Changes

You can manage how password-related changes are replicated in your environment. If you want to force password changes and resets in the required Active Directory sites, select the corresponding sites on the Advanced settings tab of the Edit Domain Connection dialog, and select the Replicate password-related changes check box.

Data Replication

This section provides information on how Password Manager stores and replicates data.

Storing Data

There are two types of data stored by Password Manager: Password Manager configuration data and users’ Questions and Answers profiles. Password Manager configuration data contains all settings you configure in Password Manager. Users’ Questions and Answers profiles are stored apart from the configuration data.

Q&A profiles are stored in the attribute of a user account in Active Directory that you specify during instance initialization. By default, it is the comment attribute. You can also change it after initializing a Password Manager instance; for more information, see Instance Reinitialization.

Password Manager configuration data is stored in the C:\ProgramData\One Identity\Password Manager folder. This folder contains two files (Shared.storage and Local.storage) and the LocalizationStorage folder.

The Shared.storage file contains configuration data that is shared among all instances of a realm: Management Policies, general settings, domain connections, custom activities and workflows, instance settings, etc.

The Local.storage file contains the instance-specific settings, such as the instance name and statistics about scheduled tasks.

The LocalizationStorage folder contains the user interface texts localized in several languages.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating