Deploying and configuring Secure Password Extension (4379868)

This article aims to provide updated information on how to deploy and configure Secure Password Extension for One Identity Manager.

One Identity Manager - Configuration of Secure Password Extension.

1. Configuring the Web Designer Password Reset Portal. Please note, this page can be ignored, this is not required for the configuration to work.
   1. Instead, on the Windows host, please do the following:
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\One Identity\Password Manager, create a new DWORD value 'Allow', with 1 for value data.
2. Deploying Secure Password Extension.
   1. Copy the required installation package (SecurePasswordExtension_x86.msi or SecurePasswordExtension_x64.msi) from the installation medium to a network share accessible from all domain controllers where Secure Password Extension can be deployed from. The MSI packages are located in the Modules\ADS\dvd\AddOn\SecurePasswordExtension folder of the installation medium.
   2. Create a GPO and link it to all computers, sites, domains, or organizational units where the Secure Password Extension will be used. It is also possible to choose an existing GPO to use with the Secure Password Extension.
   3. Open the GPO in the Group Policy Management Editor, and perform the following actions:
      1. Expand Computer Configuration > Policies > Software Settings.
      2. Right-click Software installation and select New > Package.
      3. Browse for the MSI package you have copied in step 1, and click Open.
      4. In the Deploy Software window, select a deployment method and click OK.
      5. (Optional) Verify and configure the properties of the installation.
3. Configuring Secure Password Extension - Specifying the Password Reset Portal location on a computer running Windows Server 2012 R2 or later.
   1. In Windows, click Start and open the Run application.
   2. In the Run dialog, enter mmc and click OK.
   3. In the Console window in the File menu, click Add/Remove Snap-in.
   4. In the Add or Remove Snap-ins dialog in the list of available snap-ins, double-click Group Policy Management Editor.
   5. In the Group Policy Wizard window, click Browse, select Default Domain Policy, and click OK.
   6. Click Finish.
   7. In the Add or Remove Snap-ins dialog, click OK.
   8. In the Console window in the left pane, expand Default Domain Policy > Computer Configuration.
   9. Right-click the Administrative Templates node and select Add/Remove Templates.
   10. In the Add/Remove Templates dialog, click Add.
   11. In the file browser, browse for the prm_gina.admx file, select it, and then click Open.
   12. In the Add/Remove Templates dialog, click Close.
   13. In the Console window under Computer Configuration, select the Administrative Templates node and then, on the right pane, double-click the One Identity Password Manager template.
   14. Double-click Generic Settings.
   15. Double-click Specify URL path to the Self-Service site.
   16. In the Specify URL path to the Self-Service site window in the Settings tab, select the Enabled option.
   17. In the field, enter the URL path to the Password Reset Portal. (An example URL is https://myserver.mydomain.com/ApiServer/html/qer-app-pwdportal/)
   18. Click OK.
   19. Double-click Override URL path to the Self-Service site.
   20. In the Settings tab, select the Enabled option.
   21. Click OK.
   22. Apply the updated policy to the computers in the managed domain. (Application of the updated policy to the computers in the managed domain may take some time to complete.)
4. Review this page for other Generic Settings.

Support does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986 “Description of the Microsoft Windows registry” at Microsoft Support.