立即与支持人员聊天
与支持团队交流

Password Manager 5.10.1 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances Domain Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies One Identity Starling Reporting Password Manager Integration Appendixes Glossary

Authenticate with Q&A Profile (Specific Questions)

Use this activity to authenticate a user with the personal Questions and Answers profile. In this activity, you can select specific questions from user’s Q&A profile that the user must answer to be authenticated.

You can configure this activity to display all questions on a single page or only one or specified number of questions at a time, so that users will not be able to see next questions before they answer the current ones. To display all questions on a single page, use this activity one time in a workflow and select the required questions. To display questions consecutively on several pages, use this activity several times in a workflow (place several Authenticate with Q&A profile (specific questions) activities in a row).

This activity has the following settings:

  • Mandatory questions: Specify mandatory questions from users’ Q&A profiles that users will answer during authentication.
  • Optional questions: Specify optional questions from users’ Q&A profiles that users will answer during authentication.
  • User-defined questions: Specify user-defined questions from users’ Q&A profiles that users will answer during authentication.
  • Allow users to see what questions were answered incorrectly: Select this check box to allow users to see to what questions they have provided incorrect answers during authentication.

IMPORTANT: Note that if the questions you selected in this activity cannot be found in user’s Q&A profile, the user will not be authenticated and the workflow containing this activity will not be performed for this user. The user will have to update their Q&A profile to answer the required secret questions.

Authenticate with Defender

You can use this activity to configure Password Manager to use Defender to authenticate users.

Defender is a two-factor authentication solution that authenticates users without forcing them to remember another new password. Defender uses one-time passwords (OTP) generated by special hardware or software tokens. Even if an attacker captures the password, there will be no security violation, since the password is valid only for one-time-use and can never be re-used.

You can use the Defender authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.

Before configuring the settings in this activity, install and configure Defender as described in the Defender documentation.

IMPORTANT: To make Password Manager use the Defender authentication, you must install the Defender Client SDK on the server on which Password Manager Service is installed.

This activity has the following settings:

  • Defender Server: Specify the IP address of the computer running the Defender Server.
  • Port number: Type the port number that the Defender Access Node uses to establish a connection with the Defender Server.
  • Server timeout: Specify Defender Server timeout (in minutes).
  • Defender shared secret: Provide the secret that the Defender Access Node will share when it attempts to establish a connection with the Defender Server.

Authenticate with Starling Two-Factor Authentication

Use this activity to configure Password Manager to use Starling Two-Factor Authentication to authenticate users.

You can use Starling Two-Factor Authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.

Before using Starling Two-Factor Authentication for authentication, administrators have to configure it on One Identity Starling page of the Administration site. For more information, see One Identity Starling.

For authentication, you have to enter the Starling Two-Factor Authentication OTP that you have received through SMS, phone call, or from the Starling 2FA app, or accept the notification received in your phone. To use Starling 2FA app for push notification or to generate OTP, you must install Starling 2FA app on your device and register your phone number.

This activity requires authentication using one of the following options:

  • OTP generated on Starling 2FA app. Open the Starling 2FA app, click the token, and copy the OTP. Enter the OTP in the Starling Two-Factor token response field.
  • SMS. Click SMS. Enter the OTP received through SMS in the Starling Two-Factor token response field.
  • Phone call. Click Phone Call. Enter the OTP received through phone call in the Starling-Two factor token response field.
  • Push notification. Click Push Notification. Accept the notification received in your phone.

IMPORTANT: To authenticate with Starling Two-Factor Authentication, the user's email address and mobile number is mandatory. If the mobile number is not present in users active directory attribute, through the self-service site users can update the mobile number from the Manage My Profile page The email address should be present in users active directory attribute, if not, the email address must be configured by the administrator in the AD to authenticate successfully.

Authenticate with RADIUS Two-Factor Authentication

Use this activity to configure Password Manager to use a RADIUS server for two-factor authentication.

It uses one-time passwords (OTP) generated by hardware or software tokens for authentication.

You can use RADIUS Two-Factor Authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.

Before using RADIUS Two-Factor Authentication for authentication, users have to configure it in General Settings tab on the home page of the Administration site. For more information, see RADIUS Two-Factor Authentication

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级