You can use this rule to create your own password policy message to be displayed on the Self-Service site when users change or reset their passwords. For example, use this rule to enter the settings of the local or domain password policy applied to the server on which AD LDS is running.
If you want to hide all other policy messages and display your custom message to users, enable this policy rule, enter the message text, and select the Hide messages from other policy rules and display only this message check box. If you do not select this check box, messages from all enabled policy rules will be displayed.
Note, that this rule does not check the password compliance with the configured password policy. Configure this rule to display your custom message instead of or together with other policy messages when users change or reset passwords on the Self-Service site.
To configure the custom rule
To delete a password policy
|NOTE: When you delete a password policy, the deleted policy is no longer valid for an AD LDS instance. To restore a deleted password policy, create a new policy and manually configure its settings as required.|
The newest versions of One Identity's on-premises products offer a mandatory One Identity Hybrid Subscription, which helps you transition to a hybrid environment on your way to the cloud. The subscription enables you to join Password Manager with the One Identity Starling software-as-a-service platform. This gives your organization immediate access to a number of cloud-delivered features and services, which expand the capabilities of Password Manager. When new products and features become available to One Identity Starling, the One Identity Hybrid Subscription allows you to use these immediately for Password Manager to add value to your subscription.
Password Manager5.8.2 supports integration with One Identity Starling services. The Starling Join feature in Password Manager now enables you to connect to One Identity Starling, the Software as a Service (SaaS) solution of One Identity. To use One Identity Starling, you have to purchase One Identity Starling subscription. Each One Identity Starling subscription is registered with a phone number to which the token response for authentication or the push notification is sent. The token generation method is dependent on the method (SMS, Phone call, OTP on Starling 2FA app or push notification) that is enabled for your subscription.
Before you configure Starling using the Password Manager, ensure the following:
To configure One Identity Starling for authentication
||NOTE: After join to Starling, Password Manager deletes old subscription for Starling Two-Factor Authentication.|
||NOTE: If you have a Starling account, when a subscription is created for you, you will receive a Starling invitation email. Click the link in the email and log in to the Starling account.|
||NOTE: If you do not have a Starling account, when a subscription is created for you, you will get a Starling Sign-up email to complete a registration process to create a Starling account. Complete the registration and log in using the credentials that you have provided during registration. For account creation details, see the One Identity Starling User Guide.|
Configure active directory attribute to use for user's phone number for Starling Two-factor Authentication. It can be configured in General Settings -> One Identity Starling -> Starling configurations.
Disconnecting One Identity Starling from Password Manager
To unjoin One Identity Starling, click Unjoin Starling. This deletes the joined instances from One Identity Starling services and the Starling Join information from storage. After the unjoin, the initial page displays.
Since Password Manager manages confidential Password Manager user details in both on-premises and cloud based environments, it is appropriate and safer to have an additional security measure such as the two-factor authentication. Password Manager now supports One Identity's Starling Two-Factor Authentication service.
The Starling Two-factor authentication provides enhanced security by necessitating users to provide two forms of authentication to Password Manger, namely a user name and password combination along with a token response. The token response is collected through an SMS, Phone call, or push notification received on a physical device such as a mobile or any other device other than the browser.
In order to use Starling 2FA, you must first register to the product. When you register to Starling 2FA using your mobile number, an SMS is delivered with the mobile app download link. Click on the link to access the App Store or Play Store from where you can download the Starling mobile application. Alternatively, you can go to the App Store or Play Store and search and download the Starling.
The following 2FA options are supported:
When a Starling 2FA enabled user tries to log in to the Password Manager Web interface, the user is prompted to enter the Starling Two-factor token response. Based on the option selected by the user, the token response is provided through SMS, Phone Call or Push Notifications.
On entering the token response and after successful verification the Web interface is displayed.
|NOTE: Push Notification works only if the Starling App is installed on the device with registered mobile number. The link to install the Starling App will be send to your registered mobile number at the time of registering to Starling.|