Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Password Manager 5.8.2 - Administrator Guide (AD LDS edition)

Table of Contents

About Password Manager

Password Manager Overview

Getting Started

Different Site for Different Roles Licensing

Installing the License Updating the License Telephone Verification Feature License

Checklist: Installing Password Manager Installing Password Manager

Configuring Password Manager Service Account and Application Pool Identity Enabling HTTPS Steps to Install Password Manager Extending AD LDS Schema Instance Initialization Installing Self-Service and Helpdesk Sites on a Standalone Server Installing Multiple Instances of Password Manager

FailSafe support in Password Manager Specifying Custom Certificates for Authentication and Traffic EncryptionBetween Password Manager Service and Web Sites

Step 1: Obtain and Install Custom Certificates From a TrustedWindows-Based Certification Authority Step 2: Provide Certificate Issued for Server Computer toPassword Manager Service Step 3: Provide Certificate Issued for Client Computers toSelf-Service and Helpdesk Sites

Upgrading Password Manager to 5.8.1

Running the Migration Wizard

Password Manager Architecture

Password Manager Components and Third-Party Solutions

Password Manager Service and Administration Site Self-Service Site Helpdesk Site TeleSign SQL Server Database and SQL Server Reporting Services Quick Connect Sync Engine Defender Starling Two-Factor Authentication RADIUS Two-Factor Authentication

Typical Deployment Scenarios

Simple Deployment Deployment of the Self-Service and Helpdesk Siteson Standalone Servers Realm Deployment Multiple Realm Deployment

Password Manager in Perimeter Network

Installing Password Manager in Perimeter Network with Reverse Proxy

Management Policy Overview

Management Policy Components Management Policy and Other Password Manager Settings

Password Policy Overview reCAPTCHA Overview

How It Works How to Use reCAPTCHA on Password Manager Sites System Requirements for Using reCAPTCHA References

User Enrollment Process Overview Questions and Answers Policy Overview

Q&A Policy and Authentication Q&A Policy and User Enforcement

Data Replication

Storing Data Replicating Data Changing Replication Settings

Phone-Based Authentication Service Overview

How It Works How to Use Phone-Based Authentication System Requirements

Configuring Management Policy

Configuring Permissions for Access Account Connecting to AD LDS Instance Changing Access Account Removing Connection to AD LDS Instance Adding Secret Questions

Management Policies

Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site

Changing Access Account Removing Connection to AD LDS Instance

Configuring Questions and Answers Policy

Creating Secret Questions Configuring Q&A Profile Settings

Workflow Overview

Workflow Structure Workflow State Workflow Settings

Custom Workflows

Importing and Exporting Workflows

Custom Activities

Custom Activity Settings Creating Custom Activities Importing and Exporting Custom Activities Removing Custom Activities

Self-Service Workflows

Configuring country code drop-down menu

Manage My Profile Forgot My Password Manage My Passwords Unlock My Account My Notifications I Have a Passcode Overview of Built-in Self-Service Activities

Authentication Activities

Display CAPTCHA Display reCAPTCHA Authentication Methods Authenticate with Password Authenticate with Q&A Profile (Random Questions) Authenticate with Q&A Profile (Specific Questions) Authenticate with Defender Authenticate with Starling Two-Factor Authentication Authenticate with RADIUS Two-Factor Authentication Authenticate via Phone Authenticate with Passcode

Action Activities

Edit Q&A Profile Reset Password in AD LDS Change Password in AD LDS Reset Password in AD LDS and Connected Systems Change Password in AD LDS and Connected Systems Unlock Account Enable Account Force User to Change Password at Next Logon Subscribe to Notifications Lock Q&A Profile Display User Agreement Restart Workflow if Error Occurs

Notification Activities

Customizing Notifications Email User if Workflow Succeeds Email User if Workflow Fails Email Administrator if Workflow Succeeds Email Administrator if Workflow Fails

Helpdesk Workflows

Verify User Identity Assign Passcode Reset Password Unlock Account Unlock Profile Enforce Update of Profile Overview of Built-in Helpdesk Activities

Authentication Activities

Authentication Methods Authenticate with Q&A Profile Authenticate via Phone Authenticate with Defender Authenticate with Starling Two-Factor Authentication Authenticate with RADIUS Two-Factor Authentication

Action Activities

Reset Password in AD LDS Reset Password in AD LDS and Connected Systems Unlock Account Enable Account Force User to Change Password at Next Logon Assign Passcode Unlock Q&A Profile Enforce Update of Q&A Profile Restart Workflow if Error Occurs

Notification Activities

Customizing Notifications Email User if Workflow Succeeds Email User if Workflow Fails Email Administrator if Workflow Succeeds Email Administrator if Workflow Fails

User Enforcement Rules

Invite Users to Create/Update Q&A Profiles Remind Users to Create/Update Q&A Profiles Remind Users to Change Password

General Settings

General Settings Overview Search and Logon Options

Configuring Search and Security Options for the Self-Service Site

Configuring Security Options

Configuring Search Options for the Helpdesk Site

Import/Export Configuration Settings

Exporting Configuration Settings Importing Configuration Settings

Outgoing Mail Servers Diagnostic Logging Scheduled Tasks

Invitation to Create/Update Profile Task Reminder to Create/Update Profile Task Reminder to Change Password Task Maximum Password Age Policy Task User Status Statistics Task Clear Old Records from Reporting Database

Web Interface Customization Instance Reinitialization

Modifying Service Connection Settings Modifying Advanced Settings

Realm Instances AD LDS Instance Connections

Using Connections to AD LDS Instances Specifying Access Account for AD LDS Instance Connections Changing Access Account for AD LDS Instance Connections Removing Connection to AD LDS Instance

Extensibility Features

Extensibility Features Overview

RADIUS Two-Factor Authentication Email Templates

Password Policies

About Password Policies Creating a Password Policy Managing Password Policy Scope

Applying Password Policies Changing Policy Priority

Configuring Password Policy Rules

Password Compliance Password Age Rule Length Rule Complexity Rule Required Characters Rule Disallowed Characters Rule Sequence Rule User Properties Rule Dictionary Rule Symmetry Rule Custom Rule

Deleting a Password Policy

One Identity Hybrid Subscription One Identity Starling

Enable S2FA for Administrators and Enable S2FA for HelpDesk Users

Reporting and User Action History Overview

Setting Up Reporting Environment Using Reports User Action History Managing Connections to SQL Server and Report Server

Best Practices for Configuring Reporting Services

Reporting Services Default Configuration Reporting Services Firewall Issues

Appendix A: Accounts Used in Password Manager for AD LDS

Password Manager Service Account Application Pool Identity Access Account for Application Directory Partition Connection Account for Using One Identity Quick Connect

Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview

Customization of Steps in Self-Service and Helpdesk Tasks Email Notification Customization User Agreement Customization Account Search Options Customization Web Interface Customization Customization of URLs to Self-Service Site from OtherApplications Customization of Password Policies List Customization of Password Strength Meter

Defender

Password Manager Architecture > Password Manager Components and Third-Party Solutions > Defender

Defender

Defender is a One Identity product that provides two-factor authentication. Defender uses one-time passwords (OTP) generated by special hardware or software tokens. If Password Manager is integrated with Defender, users can use one-time passwords to authenticate themselves on the Self-Service site.

To use Defender with Password Manager, install the Defender Client SDK on the server on which Password Manager Service is installed.

For more information, see Authenticate with Defender.

Starling Two-Factor Authentication

Password Manager Architecture > Password Manager Components and Third-Party Solutions > Starling Two-Factor Authentication

Starling Two-Factor Authentication is a SaaS application that enables two-factor authentication on Password Manager. Starling Two-Factor Authentication uses the token response (OTP) received through SMS, phone call or Starling 2FA app for authentication. It also supports push notifications for authentication. To use push notification, you must install Starling 2FA app on your device and register your phone number while installing the app. In this option, you can authenticate by accepting the notification received on Starling 2FA app.

For more information regarding Starling Two-Factor Authentication, see Authenticate with Starling Two-Factor Authentication.

To configure Starling Two-Factor Authentication in Password Manager, you have to subscribe to Starling Two-Factor Authentication. For more details, visit One Identity Starling site.

RADIUS Two-Factor Authentication

Password Manager Architecture > Password Manager Components and Third-Party Solutions > RADIUS Two-Factor Authentication

RADIUS Two-Factor Authentication enables two-factor authentication on Password Manager. RADIUS Two-Factor Authentication uses one-time passwords to authenticate users on the Self-Service site and Helpdesk site.

To configure RADIUS Two-Factor Authentication in Password Manager, you have to configure the RADIUS server details in Password Manager.

For more information, see Authenticate with RADIUS Two-Factor Authentication.

Typical Deployment Scenarios

Password Manager Architecture > Typical Deployment Scenarios

This section describes typical deployment scenarios for Password Manager , including scenarios with installation of the Self-Service and Helpdesk sites on standalone servers, using realms, and others.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy