Chat now with support
Chat with Support

Password Manager 5.8.2 - Administrator Guide (AD LDS edition)

About Password Manager Getting Started Upgrading Password Manager to 5.8.1 Password Manager Architecture Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings Password Policies One Identity Hybrid Subscription One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Extensibility Features Overview

Extensibility Features Overview

Custom activities are activities whose behavior is defined by a PowerShell script. You can create a custom activity from scratch or convert a built-in activity to a custom one. For more information, see Custom Activities and refer to the Password Manager SDK.

Built-in web service allow a third-party system to access a whole workflow or a specific activity using HTTP and data exchange in XML and JSON formats. You can use the built-in web service to execute a workflow and to interfere in a workflow execution process. For more information refer the Password Manager SDK.

Custom web services allow you to further extend the Password Manager functionality and enable scenarios that cannot be implemented using custom activities and the built-in web service. For example, you can create a custom web service that assigns passcodes to users employing the assign passcode functionality in Password Manager. For more information refer the Password Manager SDK.

Import/export of activities and workflows allows you to copy and share custom activities and workflows. For more information, see Importing and Exporting Workflows and Importing and Exporting Custom Activities.

The troubleshooting mode provides you additional information about workflows and activities and their execution. When this mode is enabled, on the Administration site you can view identifiers of workflow and activities; you can use these identifiers in PowerShell scripts. On the Self-Service site, you can view the PowerShell output that allows you to troubleshoot the scripts.

RADIUS Two-Factor Authentication

RADIUS Two-Factor Authentication

Password Manager provides two-factor authentication using RADIUS Two-Factor Authentication. RADIUS Two-Factor Authentication uses RADIUS protocol for authentication. To use RADIUS Two-Factor Authentication, you have to configure the RADIUS server details (IP address, port number and shared secret) in the General Settings tab for authentication.

To configure RADIUS Two-Factor Authentication:

  1. On the home page of the Administration site, click General Settings, and then click the Radius Two-Factor tab.
  2. In the RADIUS Server (IP address) text box, enter the IP address of the RADIUS server.
  3. In the Port number text box, enter the port number, which RADIUS server will be using to receive authentication requests. The default port is 1812.
  4. In the RADIUS Shared Secret text box, enter the secret key that Password Manager has to use when attempting to establish a connection with the RADIUS server. Password Manager and RADIUS server must have the same shared secret.
  5. Select the checkbox, if Radius server requires two-step authentication like Azure MFA.

    NOTE: The Administrator can choose which user’s active directory attributes to be used for authentication from the Specify user's AD attribute to authenticate the user dropdown box. The administrator can also specify other user’s active directory attribute to use for authentication apart from the list.
  1. Click Save.

 

Email Templates

Email Templates

Password Manager provides option to set the default template for confirmation e-mail. To send an auto generated email to user if workflow succeeds or fails, configure the email template from the General Settings tab for authentication.

To configure default e-mail template:

  1. On the home page of the Administration site, click General Settings, and then click the Email Template tab.

  2. Select the desired language from the Select language to customize template drop down menu, to customize the email template.

  3. Click the + sign before the desired workflow to edit the template. Edit the subject and body of the notification template in the default language as required. When editing the notification template, you can use the parameters available in the notification editor, for example #USER_ACCOUNT_NAME#, #WORKFLOW_RESULT#, and others.

  4. In the Message format box, select the format to use for the notifications. You can select from two options: either HTML or Plain text.

  5. Select the default language from the Select default language for email drop down menu, to select the default email template to send to the user.

  6. In the User notification settings, select one of the following options for user notification subscription:

    • Subscribe users to this notification. Allow users to unsubscribe.
    • Subscribe users to this notification. Do not allow users to unsubscribe.
    • Do not subscribe users to this notification. Allow users to subscribe to this notification.
  7. Click Save, to save the settings

Password Policies

Related Documents