Chat now with support
Chat with Support

Password Manager 5.7.1 - How to Guide

Overview Licensing Upgrading Secure Password Extension Password Policy Manager Configuration Reinitialization Reports Troubleshooting

Configuration

The following are the common configuration recommendations:

  • Use the same Domain Connection for User Scope, Helpdesk Scope and Password Policy settings.

Example:

Figure 8:  

  • When adding in a User Scope, choose Use this connection if you already have a connection to that Domain.

Example:

Figure 9:  

Figure 10:  

Why?

The duplicate entries increase the size of the Shared.storage file, which in turn gets replicated to Active Directory, which will increase network traffic with a larger replicated data size. The duplicate entries also cause numerous duplicate connections with the Scheduled Tasks and thus increases the time it takes to complete each Scheduled Task.

For example, if you have a total of 20 Management Scopes, you should only have 20 Domain Connections. If you were to select Add domain connection for every User Scope, Helpdesk Scope and Password Policy setting you would have 60 total Domain Connections.

  • It is not possible to use Optional questions to authenticate for the Helpdesk site. Only Mandatory and Helpdesk questions can be used
  • It is recommended to use a Helpdesk question as the Helpdesk staff can see the answers which allows the Helpdesk staff to authenticate the user
  • To pre-populate and pre-register users, use the Bulk Import Wizard. Please follow solution 128944:

    https://support.oneidentity.com/password-manager/kb/128944

Common Sample Questions

  • What is the name of the street where you first lived?
  • What is your favorite movie?
  • What is your Mother's maiden name?
  • What year (YYYY) was your Mother born?
  • What is your Father's middle name?
  • What year (YYYY) was your Father born?
  • What is the year (YYYY) of your first car?
  • What is the make of your first car?
  • What is the model of your first car?
  • What was your first hire date with XXXXX (company name)?
  • What is your employee number with XXXXX (company name)?
  • Where is your favorite vacation location?
  • What is the name of your first child?
  • What is the name of your oldest niece?
  • What is the name of your first employer?
  • What is your favorite hobby?
  • What is your paternal grandfather's first name?
  • What is your paternal grandmother's first name?
  • In what city was your mother born? (Enter full name of city only)
  • In what city was your father born? (Enter full name of city only)
  • In what city was your high school? (Enter only "Charlotte" for Charlotte High School)
  • Where did you meet your spouse for the first time? (Enter full name of city only)
  • What was the name of your first pet?
  • In what year (YYYY) did you graduate from high school?
  • Who is your favorite childhood superhero?

Helpdesk scope and options

The Helpdesk site handles typical tasks performed by Helpdesk operators, such as resetting passwords, unlocking user accounts, assigning temporary passcodes, and managing users' Questions and Answers profiles.

The Helpdesk site can be installed either on the same server as the Administration Site and Password Manager service, or on a stand-alone server.

The Helpdesk site uses a form-based authentication which prompts users to logon:

Figure 11:  

Password Manager allows a Helpdesk group to be added for each Management Scope. If you require different Helpdesk groups to be able to administer different scopes of users, additional Management Scopes will have to be created to accommodate the restrictions for the Helpdesk groups.

The Scope of who can logon to the Helpdesk site can be configured in the Admin site for each Management Policy:

Figure 12:  

To select the Groups who can access the Helpdesk site, first click Helpdesk Scope, then click Add domain connection.

Figure 13:  

If you already have a Domain connection, select Use this connection:

Figure 14:  

If you do not see the desired Domain Connection, click Add domain connection and enter the required information.

Once the Domain has been added, select Edit:

Figure 15:  

Add in the Groups to be allowed access to the Helpdesk site and perform Helpdesk actions.

Reinitialization

As of version 5.5.1, Password Manager now has the ability to change the configuration options, such as the encryption level and the attribute used to store Users’ Q&A Profile settings without the need to reinstall or modify configuration files.

If you choose to perform a Reinitialization, please keep the following in mind:

When changing the Encryption algorithm within the PMAdmin site | General settings | Reinitialization section the following message occurs:

Warning: Although 5.5.x components such as the SPE and Password Policy Manager may work with the 5.6.x or later servers, it has not been fully tested and is not officially supported.

Warning: You are changing configuration and security settings. To prevent users from losing their Q&A profiles use the Migration Wizard to update the profiles.

What are the next steps?

  1. Once the setting has been changed select Save
  2. Provide a password to the new configuration file
  3. Select Export (do not click Save yet)
  4. Click Save after the Export is complete or it will not work
  5. Launch the Migration Wizard found in the Password Manager Autorun and select: Update users’ Q&A profiles with new instance settings and follow the wizard

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating