Chat now with support
Chat with Support

Password Manager 5.7.1 - Administrator Guide (AD LDS edition)

About Password Manager Getting Started Password Manager Architecture Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings Password Policies Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary About us

Customization of URLs to Self-Service Site from OtherApplications

Customization of URLs to Self-Service Site from Other
Applications

You can create special URLs that direct a specified user to beginning of a specified task when accessing the Self-Service site from other applications.

The URL must be in the following format:

http://COMPUTER_NAME/PMUserADLDS/EntryPoint/?<parameters>,

Where <parameters> is a list of names and values, i.e. name1=value1&name2=value2.

COMPUTER_NAME is the DNS name or IP address of the server where Password Manager resides.

You can use the following parameters:

  • The Integratedparameter specifies whether the integrated mode is on.
  • The PortalHomePage parameter specifies an URL for the Home page link on the Self-Service site.
  • The CurrentLanguage is the identifier of the preferred user interface language: a two-letter lowercase culture code with or without a two-letter uppercase subculture code. This parameter is optional. If the specified language is not available, the user interface will be displayed in the default language. The default language is either English or any other language selected by the user on the Self-Service site from the list of available languages.
  • The IdentificationDomain is the name of the application directory partition to which a user belongs.
  • The IdentificationAccount is the name of a user.
  • The IdentificationAccountId is the GUID of a user account.
  • The WorkflowId and WorkflowShortName parameters identify a workflow. You can view the workflow identifier and name on the Administration site when the troubleshooting mode is on. For more information see Extensibility Features Overview.

The URL example:

<http://localhost/PMUserADLDS/EntryPoint/?ActionName=ResetPassword&IdentificationDomain=CN%3DAPP_01&IdentificationAccount=jsmith&CurrentLanguage=en-US

Customization of Password Policies List

When a user changes or resets password on the Self-Service site, the password policy rules specified for the user's application directory partition can be displayed on the page where the user is required to enter a new password.

To modify the list of password policy rules displayed on the Self-Service site, edit the rules specified for the application directory partition on the Password Policies tab of the Administration site.

For more information, see Configuring Password Policy Rules.

Customization of Password Strength Meter

You can customize the Password strength meter on the Helpdesk site and Self-Service site.

To enable Password strength meter:

  • In the web.config file, set the value of PasswordStrengthMeterEnable to true as follows:

<appSettings>

<add key="PasswordStrengthMeterEnable" value="true"/>

</appSettings>

To disable Password strength meter, set the value of PasswordStrengthMeterEnable to false.

You can customize the text displaying the strength of the Password strength meter.

To customize the text:

  • In the Common.xml file present in the LocalizationStorage folder, you can modify values in the Resource Ids to display the required text:

<Resource Id="PasswordStrengthMeter.Text">

<Value><![CDATA[Password strength:]]></Value>

</Resource>

 

<Resource Id="PasswordStrengthMeter.VeryWeak">

<Value><![CDATA[Very weak]]></Value>

</Resource>

 

<Resource Id="PasswordStrengthMeter.Weak">

<Value><![CDATA[Weak]]></Value>

</Resource>

 

<Resource Id="PasswordStrengthMeter.Good">

<Value><![CDATA[Good]]></Value>

</Resource>

 

<Resource Id="PasswordStrengthMeter.Strong">

<Value><![CDATA[Strong]]></Value>

</Resource>

 

<Resource Id="PasswordStrengthMeter.VeryStrong">

<Value><![CDATA[Very strong]]></Value>

</Resource>

For more information, see Password Compliance .

Glossary

A
Account

A record that consists of all the information that defines a user to Active Directory or AD LDS. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the computer and network and accessing their resources.

Administration site

A website for Password Manager administrators. On this website, they can configure Management Policies by adding managed application directory partitions, creating question lists, specify Q&A policy, etc.

Application directory partition alias

Enter the name that will be used to address the application directory partition on the Self-Service and Helpdesk sites.

Application log

The log that lists all actions performed by Password Manager.

Attribute

A piece of data that stores information that is specific to an object. A set of attributes stores the data that defines an object.

C
Certificate

A certificate is used to encrypt traffic and provide authentication between Password Manager Service and web sites installed on different servers. View more.

Configuration storage account

An account used by Password Manager for storing its configuration data i.e. settings configured in Password Manager, for example Management Polices, general settings, etc. The configuration storage account is automatically created in the Users container of a managed application directory partition when the managed partition is added. The configuration storage account is named QPMStorageContainer.

Custom activity

Custom activity is an activity with PowerShell handlers. Create custom activities from scratch or convert built-in activities to custom. View more.

Custom password policy rule

This rule does not check the password compliance with the configured password policy. Configure the rule to display your custom message instead of or together with other policy messages.

E
Encryption algorithm

This algorithm is used to encrypt users’ answers to secret questions. Users’ answers will be encrypted if the “Store answers using reversible encryption” option is selected in the Q&A profile settings. Otherwise, the answers will be hashed.

G
Group Policy

An administrator’s tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization.

H
Hashing algorithm

This algorithm is used to hash users’ answers to secret questions if reversible encryption is not used to store the answers.

Helpdesk site

A website for helpdesk operators. On this website, they can reset users’ passwords, unlock accounts, assign temporary passcodes, etc.

L
Locked Questions and Answers Profile

A Questions and Answers Profile that temporarily cannot be used.

A Questions and Answers Profile can become locked after a number of unsuccessful attempts to answer the questions.

M
Mailbox

The delivery location for all incoming mail messages addressed to a designated owner. Information in a user's mailbox is stored in the private information store on a Microsoft® Exchange server computer. A mailbox can contain received messages, message attachments, folders, folder hierarchy, and more. Server applications for Microsoft® Exchange server are often designed with a mailbox for communication.

Mandatory question

A question, the same for all users in an application directory partition, that users must answer in order to authenticate themselves using Password Manager.

Management Policy

Management Policy allows you to configure workflows and secret questions for specified groups of users, and select helpdesk operators to manage these users. See Management Policy Components.

O
Optional question

A question that users should select from a list of pre-defined questions and answer to authenticate themselves using Password Manager.

P
Password Manager realm

Realm is a set of Password Manager Service instances sharing realm settings and configuration. You can use the realm to provide enhanced availability and load balancing.

Password Manager Service Account

An account used to install Password Manager. The Password Manager Service account must be a member of the Administrators group on the Web Server where Password Manager is installed.

Password Policy Manager

A component of Password Manager that enforces password policies configured in Password Manager, when users change their passwords using tools other than Password Manager.

Q
Questions and Answers Profile (Q&A Profile)

A set of questions selected by a user from the Question list and user's answers to them. A Questions and Answers Profile is used to authenticate a person using Password Manager.

Question list

A set of questions used in creating users' Questions and Answers profiles. The list is defined by the administrator and contains a series of questions in a certain language that users from a specific application directory partition must answer in order to create or update their personal Questions and Answers profiles. A question list defines the number of questions of each type and the wording of mandatory and optional questions.

S
Self-Service site

A website for Password Manager end-users. On this site, end-users can create their Questions and Answers Profiles and manage their passwords.

Special character

A character that is neither alphabetic nor numeric.

U
User-defined question

A question that users must provide along with the answer in order to authenticate themselves using Password Manager.

W
Workflow availability (helpdesk)

If a user is not registered, then only Reset Password, Unlock Account, and Assign Passcode workflows are enabled. For more information, see Workflow Settings.

Workflow availability (self-service)

If a user is not registered, only My Questions and Answers Profile and I Have a Passcode workflows are enabled. For more information, see Workflow Settings.

 

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating