Chat now with support
Chat with Support

Password Manager 5.7.1 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings Upgrading Password Manager Secure Password Extension Password Policies Reporting Password Manager Integration Appendixes Glossary About us

Configuring Password Manager 5.6.3

After importing configuration settings, you need to manually configure the settings that have not been imported:

  • User email notifications
  • Administrator email notifications
  • Email notification templates
  • Profile update policy
  • User enforcement settings
  • Password expiration notifications
  • SQL Server and Report Server settings
  • Integration with One Identity Quick Connect Sync Engine, Defender, QESSO

Integration with QESSO is available in Password Manager starting from version 5.0.2

To configure user email notifications and email notification templates, you need to configure the Email user if workflow succeeds and Email user if workflow fails activities in all created workflows. For more information on the user notification activities, see Notification Activities.

To configure administrator email notifications, you need to add to created workflows the Email administrator if workflow succeeds and Email administrator if workflow fails activities and configure them. For more information on the administrator notification activities, see Notification Activities.

To configure profile update policy, user enforcement settings and password expiration notifications, you need to configure the user enforcement rules and reminders. For more information, see User Enforcement Rules.

You need to configure SQL Server and Report Server settings to use Password Manager reporting functionality. For more information, see Setting Up Reporting Environment.

To configure integration with One Identity Quick Connect Sync Engine, to need to add the Reset password in Active Directory and connected systems activity to the Forgot My Password workflow and the Change password in Active Directory and connected systems to the Manage My Passwords workflow. For more information on these activities, see Reset Password in Active Directory and Connected Systems and Change Password in Active Directory and Connected Systems.

Verifying Password Manager 5.6.3 Configuration

Before you continue the upgrade process and convert users’ Q&A profiles, it is recommended to verify the upgraded configuration by performing the following steps:

  • Specify a test group of users from the user scope of the created Management Policy.
  • Convert the users’ Q&A profiles in test mode, review the results.
  • Convert the Q&A profiles in production mode.
  • Verify that all configured workflows work correctly.

To make Q&A profiles compatible with Password Manager 5.6.3, you need to convert the Q&A profiles using the Migration wizard 5.6.3. The Migration wizard 5.6.3 allows you to specify a group of users whose Q&A profiles you want to convert, and convert the Q&A profiles in test and production modes.

Converting Q&A profiles in test mode allows you to preview the results of profile conversion: you can convert Q&A profiles without replacing old profiles with new ones.

To convert Q&A profiles

  1. On the computer where Password Manager 5.6.3 is installed, run the Migration Wizard 5.6.3 from the Password Manager autorun window. It is recommended to run the Migration Wizard 5.6.3 under the Password Manager Service account.
  2. On the Welcome page, select the Convert users’ Q&A profiles task.
  3. In the Select Management Policy drop-down box, select the Management Policy to convert the Q&A profiles of users from its user scope and click Next.
  4. On the second page, do one of the following and click Next:
    • Click All users from the user scope to convert Q&A profiles of all users from the user scope of the selected Management Policy.
    • Click The following groups to specify the groups of users whose Q&A profiles will be converted. To select groups, click Add and do the following:
      • In the Add Groups dialog box, enter the group name, select the domain from the list and click Search.
      • Select the required groups in the list and click Save.
  5. On the third page, do one of the following and click Next:
    • Click Convert Q&A profiles in test mode to covert profiles in test mode. The existing profiles will not be replaced.
    • Click Convert Q&A profiles in production mode to convert profiles in production mode. All existing profiles will be replaced.
  6. On the status page, click View the report for detailed information to view a detailed account of profile conversion. If you converted Q&A profiles in test mode, click Convert Q&A profiles in production mode.
  7. Click Finish to close the wizard.

    IMPORTANT: After profile conversion, some users may not be able to edit their Q&A profiles. Such users will be able to reset their passwords and unlock accounts on the Self-Service site, but if they want to edit their Q&A profiles, they will be forced to create new Q&A profiles.

    If users’ Q&A profiles have been skipped during profile conversion, such users will not be able to use Password Manager 5.x.x until they create new Q&A profiles.

After you have converted users’ Q&A profiles in production mode, you need to verify that all configured workflows work correctly for these users.

Upgrading Multiple Instances of Password Manager 5.6.3

This step is optional. It should be performed only if you have installed multiple instances of Password Manager.

To upgrade multiple instances of Password Manager 5.6.3, you need to export the configuration settings from the first configured instance of Password Manager 5.6.3 and then import the settings to other instances. You should upgrade all instances of Password Manager before converting users’ Q&A profiles.

To export configuration settings

  1. Connect to the Administration site of the configured instance.
  2. On the menu bar, click General Settings, then click the Import/Export tab and select the Export configuration settings option and click Export.

    IMPORTANT: Remember the password that is generated while exporting the configuration file. You should enter this password when importing the configuration file for a new instance you want to join to the target realm.

To import configuration settings

  1. Open the Administration site of the target instance.
  2. On the menu bar, click General Settings, then click the Import/Export tab and select the Import configuration settings option.
  3. Click Upload to select the configuration file that you exported earlier.
  4. Enter the password and click Import.
  5. Repeat steps 1-4 for other instances of Password Manager.

Converting Q&A Profiles

After you have configured Password Manager 5.6.3, you can covert users’ Q&A profiles to make the profiles compatible with Password Manager 5.6.3. To convert Q&A profiles, you must use the Migration Wizard 5.6.3.

IMPORTANT: If you upgrade Password Manager from version 4.6.x, before converting users’ Q&A profiles make sure you stop the scheduled tasks (“Quest Password Manager” and “Quest Password Manager Publisher”) and stop the QPM application pool in IIS console on a computer running Password Manager 4.6.x.

When converting users’ Q&A profiles, you can specify whether you want to convert profiles of all users belonging to the user scope, users in a specified group or users of a Management policy, you can also select whether to convert Q&A profiles in test or production mode.

IMPORTANT: Before converting users’ Q&A profiles it is recommended to prevent users from accessing the Self-Service site. For more information, see To specify groups or OUs that are denied access to the Self-Service site.

To convert Q&A profiles

  1. On the computer where Password Manager 5.6.3 is installed, run the Migration Wizard 5.6.3 from the Password Manager autorun window. It is recommended to run the Migration Wizard 5.6.3 under the Password Manager Service account.
  2. On the Welcome page, select the Convert users’ Q&A profiles task.
  3. In the Select management policy drop-down box, select the Management Policy to convert Q&A profiles of users from its user scope and click Next.
  4. On the second page, do one of the following and click Next:
    • Click All users from the user scope to convert Q&A profiles of all users from the user scope of the selected Management Policy.
    • Click The following groups to specify the groups of users whose Q&A profiles will be converted. To select groups, click Add and do the following:
      • In the Add Groups dialog box, enter the group name, select the domain from the list and click Search.
      • Select the required groups in the list and click Save.
  5. On the third page, do one of the following and click Next:
    • Click Convert Q&A profiles in test mode to covert profiles in test mode. The existing profiles will not be replaced.
    • Click Convert Q&A profiles in production mode to convert profiles in production mode. All existing profiles will be replaced.
  6. On the status page, click View the report for detailed information to view a detailed account of profile conversion. If you converted Q&A profiles in test mode, click Convert Q&A profiles in production mode.
  7. Click Finish to close the wizard.

    IMPORTANT: After profile conversion, some users may not be able to edit their Q&A profiles. Such users will be able to reset their passwords and unlock accounts on the Self-Service site, but if they want to edit their Q&A profiles, they will be forced to create new Q&A profiles.

    If users’ Q&A profiles have been skipped during profile conversion, such users will not be able to use Password Manager 5.6.3 until they create new Q&A profiles.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating