Chat now with support
Chat with Support

Password Manager 5.9.7 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Password Policies One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Realm Deployment


In this scenario, you install several Password Manager Services on separate servers. If all the instances of Password Manager share the same configuration (Management Policies, general settings, password policies, encryption algorithm, encryption key length, hashing algorithm, attribute for storing configuration data, and realm affinity ID), they are referred to as a realm.

The realm provides for high availability of the service, load balancing and fault tolerance.

For Password Manager Service instances installed on separate servers you can use a load balancer to enhance service availability.

To create Password Manager realm you need to create replicas of an existing instance by exporting settings from this instance and importing the settings to a new instance.

For more information on how to create realms, see Import/Export Configuration Settings.

Multiple Realm Deployment


In this scenario, you deploy several Password Manager realms in your environment. You can use this scenario in complex environment, when several Password Manager configurations are required.

For example, a service provider can deploy two Password Manager realms, one realm to service company A, and the other - company B.

You can also use this scenario for a test deployment of Password Manager. In this case, the first realm is a production deployment of Password Manager, and the second realm can be used for testing purposes.

Password Manager in Perimeter Network

Password Manager in Perimeter Network

When deploying Password Manager in a perimeter network (also known as DMZ), it is recommended to install the Password Manager Service and the sites in a corporate network at first (i.e. use the Full installation option in the Password Manager setup), and then install only the Self-Service and Helpdesk sites in the perimeter network.


When you use this installation scenario, only one port should be open in the firewall between the corporate network and the perimeter network (by default, port number 8081 is used).

For more information on installing the Self-Service and Helpdesk site separately from the Password Manager Service, see Installing Legacy Self-Service, Password Manager Self-Service, and Helpdesk Sites on a Standalone Server.

Installing Password Manager in Perimeter Network with Reverse Proxy

Installing Password Manager in Perimeter Network with Reverse Proxy

A reverse proxy is a proxy server that is typically deployed in a perimeter network to enhance security of the corporate network. By providing a single point of access to the servers installed in the intranet, the reverse proxy server protects the intranet from an external attack.


If you have the reverse proxy deployed in the perimeter network in your environment, it is recommended to install the Password Manager Service and the Self-Service and Helpdesk sites in the intranet and configure the reverse proxy to redirect requests from external users to the correct intranet URLs of the Password Manager sites.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating