Chat now with support
Chat with Support

Password Manager 5.9.7 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Password Policies One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Password Manager Service and Administration Site

Password Manager Service and Administration Site

Password Manager Service and the Administration site are a core component of Password Manager.

Password Manager Service is a Windows service that provides core functionality and runs under the Password Manager Service account, which is specified during Password Manager installation.

The Administration site provides all the necessary settings for an administrator to configure and use Password Manager. Using the Administration site, the administrator can configure user and helpdesk scopes, Management Policies, password policy rules, etc.

Note, that the Administration site cannot be installed separately from Password Manager Service.

When installing the Administration site and Password Manager Service, the Self-Service and Helpdesk sites are also installed.

Self-Service Site

Legacy Self-Service Site

The Legacy Self-Service site provides users with the ability to easily and securely manage their passwords, thus eliminating the need for assistance from high-level administrators and reducing helpdesk workload.

The Legacy Self-Service site can be installed on the same server as the Administration Site and Password Manager Service, or on a stand-alone server, for example, if you want to install the Legacy Self-Service site in a perimeter network (DMZ).

Password Manager Self-Service site

The Password Manager Self-Service site provides functionality similar to the Legacy Self-Service site. The Password Manager Self-Service site includes enhancements to the user interface to improve the usability of the site.

Limitations & restrictions of the Password Manager Self-Service site

  • The Password Manager Self-Service site can co-exist along with the Legacy Self-Service site.
  • It is possible to revert to the Legacy Self-Service site at any time
  • The Password Manager Self-Service site is available only in English.


Alternative option

  • As an alternative to using the Password Manager Self-Service site, use the Legacy Self-Service site.

Helpdesk Site

Helpdesk Site

The Helpdesk site handles typical tasks performed by helpdesk operators, such as resetting passwords, unlocking user accounts, assigning temporary passcodes, and managing users' Questions and Answers profiles.

The Helpdesk site can be installed either on the same server as the as the Administration Site and Password Manager Service, or on a stand-alone server.



TeleSign is a service that provides phone-based authentication for Password Manager users. To enable the TeleSign service, it must be covered by your license and the administrator must configure the Authenticate via Phone activity and include the activity in corresponding workflows. If TeleSign is enabled, when performing a task on the Self-Service or Helpdesk site, users will prompted to select their phone number to which a one-time code will be sent by TeleSign and then enter the code on the site for verification.

TeleSign service is available anywhere where users can receive calls or text messages. To receive verification codes, users do not need to install any applications on their phones.

To communicate with TeleSign Password Manager uses REST API.

For more information, see Phone-Based Authentication Service Overview.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating