Chat now with support
Chat with Support

Password Manager 5.7.1 - Administrator Guide (AD LDS edition)

About Password Manager Getting Started Password Manager Architecture Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings Password Policies Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary About us

Self-Service Workflows

By configuring the self-service workflows you can specify what tasks will be available for users on the Self-Service site, and configure options for each available task. Preconfigured self-service workflows are available out of the box. You can always customize the workflow, add activities to or remove them from the workflow. You can also create custom activities and custom workflows. For more information, see Custom Workflows and Custom Activities.

The following built-in self-service workflows are available:

  • My Questions and Answers Profile
  • Forgot My Password
  • Manage My Passwords
  • Unlock My Account
  • My Notifications
  • I Have a Passcode

All built-in workflows have required activities and are ready-to-use.

The self-service workflows correspond to the tasks on the Self-Service site. If you enable a self-service workflow, the corresponding task will be available to users on the Self-Service site.

The self-service workflows provide the ability to combine different authentication options in a single workflow. For example, you can configure the authentication activities so that all secret questions are displayed on a single page, or only one secret question is displayed at a time. You can combine different authentication options such as authentication with Questions and Answers profile, Defender and phone-based authentication in a single workflow.

My Questions and Answers Profile

You can use this workflow to configure the My Questions and Answers Profile task for the Self-Service site. Users perform this task to register with Password Manager by creating Q&A profiles and later to update their Questions and Answers profiles if necessary.

The default configuration of this workflow is the following:

  1. Display CAPTCHA.
  2. Authenticate with password.
  3. Edit Q&A profile.
  4. Restart workflow if error occurs.
  5. Email user if workflow succeeds.
  6. Email user if workflow fails.

Forgot My Password

You can use this workflow to configure the Forgot My Password task for the Self-Service site. The Forgot My Password task allows users to reset passwords for their accounts in AD LDS and in connected data sources (if integration with One Identity Quick Connect Sync Engine is configured) by using the Self-Service site. For more information on using One Identity Quick Connect Sync Engine, see Reset Password in AD LDS and Connected Systems.

IMPORTANT: To display password policies on the Self-Service site when users reset passwords, add connections to AD LDS instances on the Password Policies tab of the Administration site. For more information see Creating a Password Policy.

The default configuration of this workflow is the following:

  1. Display CAPTCHA.
  2. Authenticate with Q&A profile (random questions).
  3. Lock Q&A profile.
  4. Reset password in AD LDS.
  5. Restart workflow if error occurs.
  6. Email user if workflow succeeds.
  7. Email user if workflow fails.

Manage My Passwords

You can use this workflow to configure the Manage My Passwords task for the Self-Service site. By using this task, users can manage passwords for their accounts in AD LDS and in connected data sources (if integration with One Identity Quick Connect Sync Engine is configured), by using the Self-Service site. For more information on using One Identity Quick Connect Sync Engine, see Change Password in AD LDS and Connected Systems.

IMPORTANT: To display password policies on the Self-Service site when users change passwords, add the required application director partitions on the Password Policies tab of the Administration site. For more information see Creating a Password Policy.

The default configuration of this workflow is the following:

  1. Display CAPTCHA.
  2. Authenticate with password.
  3. Change password in AD LDS.
  4. Restart workflow if error occurs.
  5. Email user if workflow succeeds.
  6. Email user if workflow fails.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating