Chat now with support
Chat with Support

We are currently conducting maintenance on our telephony system. If you are experiencing an issue calling Support and you have a product issue requiring technical assistance, please login to submit or update your Service Request. If additional assistance is needed, please leave a voicemail for a response from Customer Service.

Password Manager 5.9.5 - How to Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies One Identity Hybrid Subscription One Identity Starling Reporting Password Manager Integration Appendixes Glossary

Management Policy Overview

Management Policy overview

A Management Policy is a core concept in Password Manager. Management Policies allow you to organize and group settings for dedicated users and helpdesk operators.

Management Policy Components

The following diagram illustrates the Management Policy components.


User scope defines user groups from specified domains that can access the Self-Service site and use the corresponding workflows. you can add multiple domains to a single user scope. You can also use the same domain connection in the user and Helpdesk scopes.

Helpdesk scope defines groups of Helpdesk operators from specified domains that can access the Helpdesk site and manage users from the user scope using the Helpdesk workflows. You can add multiple domain connections to a single Helpdesk scope. You can also use the same domain connection in the user and Helpdesk scopes.

Self-Service and helpdesk workflows define the tasks that are available to users and Helpdesk operators on the Self-Service and Helpdesk sites: for example, Forgot My Password, Assign Passcode, Unlock Account, and so on.

Questions and Answers policy comprises a list of secret questions (in the default and additional languages) that users must answer to authenticate themselves, and Q&A profile settings that specify various settings for questions and answers, such as a minimum length of an answer or a question, a number of required user-defined questions, and so on.

User enforcement rules define how users should be enforced to register with Password Manager and reminded to change their password. For each enforcement rule, a corresponding scheduled task exists. For example, the Invitation to Create/Update Profile scheduled task corresponds to the Invite Users to Create/Update Q&A Profiles enforcement rule. By default, the enforcement rules are not configured. To start notifying users to create/update their Q&A profiles and change password, you need to configure the rules after Password Manager installation.

Management Policy and Other Password Manager Settings

The following diagram illustrates how several Management Policies interact with other Password Manager settings.

In a single Password Manager instance, you can create multiple Management Policies. Different Management Policies may use the same domain connections (specified in the user and Helpdesk scopes). If a user is included in the user scopes of both Management Policies, the settings from the first Management Policy in which scope the user is found will be applied to the user.

Settings from each Management Policy use the same scheduled tasks and password policies.

The Invitation to Create/Update Profile, Reminder to Create/Update Profiles, Reminder to Change Password scheduled tasks allow notifying users from scopes of user enforcement rules configured in Management Policies. For more information, see Scheduled Tasks and User Enforcement Rules.

To set password policies for users from user scopes of Management Policies, you need to configure password policies and include corresponding users to the password policy scope. For more information about password policies, see Creating and Configuring a Password Policy.

Password Policy Overview

Password Manager provides the opportunity to apply and manage custom One Identity password policies and Windows fine-grained password policies.

The following diagram shows available password policies and their structure.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating