Get Live Help
Using the advanced settings you can specify the following:
|Caution: If you change encryption settings and the attribute for storing Q&A profiles, the current instance will be excluded from a realm it belongs to and users may lose their Q&A profiles.
When you change these settings, do the following to keep users’ Q&A profiles:
If you do not use the Migration wizard to update users’ Q&A profile after changing the settings, users will have to re-register with Password Manager.
|IMPORTANT: If you change the hashing algorithm, the selected algorithm will be applied to newly created Q&A profiles only. Existing Q&A profiles will be hashed with the previously selected algorithm.|
To modify the advanced settings
From the Hashing algorithm drop-down list, select the algorithm that will be used to hash users’ authentication answers.
Once you click Save, Reinitialize Instance dialog box appears.
Use one of the following methods to clear old hives from AD user objects.
To update users’ Q&A profiles with new instance settings and clear old Q&A data for user objects in Active Directory
|NOTE: For production mode, select Clear old Q&A data for user objects in Active Directory checkbox to clear old user Q&A data.|
Once you have updated the Q&A profiles with new instance settings, join other instances to this realm by exporting the configuration from the current instance and importing it to other instances. For more information on how to import and export configuration settings, see Import/Export Configuration Settings .
Clear old Q&A data for user objects in Active Directory
If you want to clear the old Q&A profiles of users from the user scope of a Management Policy, select the required policy in the Select Management Policy drop-down box and click Next.
If you want to clear the old Q&A profiles of a user in a user group, select The following groups. To select groups, click Add and do the following:
In the Add Groups dialog box, enter the group name, select the domain from the list and click Search.
Select the required groups in the list and click Save.
If you want to clear the old Q&A profiles of a user in an OU, select The following OUs. To select OUs, click Add and do the following:
In the Add OUs dialog box, enter the OU name, select the domain from the list and click Search.
Select the required OUs in the list and click Save.
On the status page, click View the report for detailed information to view a detailed account of updating profiles. Click Finish.
|NOTE: The latest version of Q&A, which is currently in use will not be deleted.|
On the Administration site you can view a list of installed Password Manager instances belonging to one realm. This information is available on the Realm Instances page.
To open the Password Manager Service Instances page, on the Administration site click General Settings. On the General Settings page, click the Realm Instances tab.
For each Service instance the Self-Service site URL is specified. If necessary, you can edit the URL by clicking Edit under the corresponding Service instance. In Realm instances, the Primary instance is in red for easy identification.
All Password Manager Service instances belonging to one realm share the following settings: certificate name, port number, encryption algorithm, encryption key length, hashing algorithm, attribute for storing Q&A profile data, and realm affinity ID. These options are configured when initializing a Password Manager Service instance. To change any of these settings, see Instance Reinitialization .
A Redistributable Secret Management Service (rSMS) user must be created in all the Password Manager realm instances. An rSMS user is automatically created if the imported configuration file has the rSMS account details.
This section provides information on creating, modifying, and using domain connections.
On the General Settings|Domain Connections tab of the Administration site, you can view a list of available domain connections.
To register a domain with Password Manager you need to create a connection to the required domain. When adding a domain connection you can select an existing connection or create a new one. It is possible to use the same domain connection in different sections: user and helpdesk scopes, and password policies.
The same domain connection can also be used in different Management Policies.
You can add a domain connection either on the Domain Connections tab or from the User scope, Helpdesk scope, and Password Policies pages.
Note, that when you modify the domain connection on the User scope, Helpdesk scope or Password Policies pages, you can select how you want to apply the updated connection settings: either for the specified section only or everywhere where this domain connection is used. If you choose to update settings for the specified section only, a copy of the domain connection will be created with these settings and will be added to the list of available domain connections.
But when you modify the domain connection on the Domain Connections tab, the updated settings will be automatically applied everywhere where this connection is used.
If you want to remove the domain connection from the list on the Domain Connections tab, you should first remove it from all sections where it is used, and only then remove the domain connection from the list.