立即与支持人员聊天
与支持团队交流

Password Manager 5.14.3 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring access to the Administration Site Configuring access to the Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Glossary

Installing Password Manager in perimeter network with reverse proxy

A reverse proxy is a proxy server that is typically deployed in a perimeter network to enhance security of the corporate network. By providing a single point of access to the servers installed in the intranet, the reverse proxy server protects the intranet from an external attack.

If you have the reverse proxy deployed in the perimeter network in your environment, it is recommended to install the Password Manager Service and the Self-Service Site and Helpdesk Site in the intranet and configure the reverse proxy to redirect requests from external users to the correct intranet URLs of the Password Manager sites.

Installing Password Manager in perimeter network without AD DS

If Active Directory Domain Services (AD DS) is not deployed in a perimeter network in your environment, you may still install Password Manager in this perimeter network.

When AD DS is not deployed in the perimeter network, servers are placed in a workgroup. Password Manager allows installing the Self-Service and Helpdesk sites on servers that are not placed in any domain.

Management Policy overview

A Management Policy is a core concept in Password Manager. Management Policies allow you to organize and group settings for dedicated users and helpdesk operators.

Management Policy components

The following diagram illustrates the Management Policy components.

User scope defines user groups from specified domains that can access the Self-Service Site and use the corresponding workflows. you can add multiple domains to a single user scope. You can also use the same domain connection in the user and Helpdesk scopes.

Helpdesk scope defines groups of Helpdesk operators from specified domains that can access the Helpdesk Site and manage users from the user scope using the Helpdesk workflows. You can add multiple domain connections to a single Helpdesk scope. You can also use the same domain connection in the user and Helpdesk scopes.

Self-Service and helpdesk workflows define the tasks that are available to users and Helpdesk operators on the Self-Service and Helpdesk sites: for example, Forgot My Password, Assign Passcode, Unlock Account, and so on.

Questions and Answers policy comprises a list of secret questions (in the default and additional languages) that users must answer to authenticate themselves, and Q&A profile settings that specify various settings for questions and answers, such as a minimum length of an answer or a question, a number of required user-defined questions, and so on.

User enforcement rules define how users should be enforced to register with Password Manager and reminded to change their password. For each enforcement rule, a corresponding scheduled task exists. For example, the Invitation to Create/Update Profile scheduled task corresponds to the Invite Users to Create/Update Q&A Profiles enforcement rule. By default, the enforcement rules are not configured. To start notifying users to create/update their Q&A profiles and change password, you need to configure the rules after Password Manager installation.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级