Password Services Guide

 

Table of Contents

 

    Introduction
    Enable Password Services
    Configure security questions and general settings
    Create notifications
    Use the Password Services wizard
    Password Services reports
    Contact us

 

 

Introduction

 

Welcome to the SysAid Password Services Module!

 

Password Services is a self service module for your end users that allows them to:

 

Before Password Services, your end users would contact the helpdesk each time they forgot their password or got locked out. Now that you have Password Services, your end users can perform these actions themselves, getting immediate results and saving your helpdesk staff much time and energy.

 

 

 

Enable Password Services

 

There are several steps you must take in order to enable Password Services:

 

Configure LDAP

 

The first thing you must do to start using Password Services is ensure that you have configured your LDAP. Go to Settings > Integration > LDAP and verify that your settings are correct. Make sure that the LDAP user you specify has permission to manage domain passwords in your LDAP.

 

 

In addition, it is important that in the Active Directory properties of the specified LDAP user, the Primary Group is NOT set to Domain Admins. If that is the primary group, you must revert that setting to the default primary group.

Click here for instructions on how to check this setting

 

To check your primary group in Active Directory

  1. Access Active Directory Users and Computers.
  2. Navigate to the properties of the specified LDAP user.
  3. Click the Member Of tab.
  4. Check the Primary Group field. If the Primary group is not "Domain Admins" you can exit Active Directory and proceed with setting up Password Self Service.

  1. If the Primary Group is set as "Domain Admins", select another group and click Set Primary Group.
  2. Click OK.
  3. Exit Active Directory.

 

Important: Password Services will only work over an SSL LDAP connection. If you are not sure that you configured your LDAP using SSL, please check the URL to LDAP server field. If the port number is 636, then you are connecting using SSL. If this is not the port number, then run the LDAP configuration wizard again and choose LDAP over SSL.

 

Enable the Password Self Service wizard

 

Once LDAP is configured, you must enable the Password Self Service wizard for your end users.

 

To enable the Password Self Service wizard:

  1. Go to Tools > Password Services > Main.
  2. Choose to enable either Reset Password, Unlock Account, or both.
  3. Click Save. A new option now appears on the End-User Portal: Password Self Service.
  4. Note: When you click Save, SysAid checks all of your LDAP configurations and will inform you if there are any problems accessing your LDAP(s).

 

Registration for end users

 

Once the Self Service Wizard has been enabled, each of your end users must then register.

 

To register, each end user must:

  1. Open the End-User Portal.
  2. Click on Change Your Settings.
  3. Select security questions and then answer them (read more about security questions below).
  4. Click Submit.
  5. Reenter his or her password.

 

Once this is done, the end user can access the Password Self Service Wizard using the icon on the End-User Portal.

 

Enable Password Self Service from the Windows login screen (optional)

 

You can allow your end users to access the Password Self Service Wizard from the Windows login screen (supports Windows Vista and higher).

 

To enable the Password Self Service Wizard from the Windows login screen on your computers, you must install version 8.5+ of the SysAid Agent and enable the SysAid Password Services Credential Provider.

 

You can enable the SysAid Password Services Credential Provider in the following ways:

 

SysAid Deployment Tool

In the Deployment Tool under Edit > Settings, check the box Install SysAid Password Services Credential Provider. Then deploy the SysAid Agent to the desired computers.

 

Network Discovery

From Settings > Network Discovery > Deploy Agents, open Agent Settings and check the box Install SysAid Password Services Credential Provider. Then deploy the SysAid Agent to the desired computers.

 

Manually (for agents that have already been deployed, or deployed manually)

 

SysAid Agent 9.1 and above

For each desired computer, open the AgentConfigurationFile.xml file located at ...\SysAid\Configuration.

  1. Search for the following section:
  2. <Handler Name="CredentialProviderHandler" Enable="1">
       <property Name="InstalledState" value="UnInstall" Enable="0" />
       <property Name="Guild" value="{FC205E00-2E7C-4624-906B-C9F440E669A2}" Enable="0" />
       <property Name="CredentialProviderLibraryFileName" value="SysAidUnlckRstPasswd_08501.dll" Enable="1" />
    </Handler>

     

  3. Change the UnInstall value to Install
  4. Save changes to AgentConfigurationFile.xml.

 

You may create a script to do this on multiple computers at once, if you desire.

 

SysAid Agent 8.5 to 9.0

For each desired computer, change the value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Ilient\Agent\enableSysaidPS to "Y". You may create a script to do this on multiple computers at once, if you desire.

 

Your end users can now access the Password Self Service Wizard from the Windows login screen. To see how this is done, please go here.

 

 

 

Configure security questions and general settings

 

Configure security questions

A security question is a simple question, such as "In which city were you born," that an end user will certainly not forget the answer to. When an end user registers for Password Self Service, the end user must choose several security questions from a list and answer them. If that end user ever needs to reset a password or unlock an account, the end user reenters their answers to the questions.

 

It is up to you, the administrator, to choose which security questions appear in the list, and how many security questions each end user must answer.

 

Go to Tools > Password Services > Security Questions to see a list of available security questions. For each security question, you may choose whether it appears in the list or not and whether an end user must answer it. You may also create your own security questions. Go here for more information.

 

Go to Settings > Password Services > General to choose how many security questions a user must answer and what the minimum answer size is. For more information, go here.

 

General settings

You can configure the exact behavior of Password Services under Settings > Password Services > General. Among the settings you can choose from are how users receives their new passwords after a password reset (e.g. email, SMS, or chosen by end user) and how many attempts users have to answer their security questions before SysAid blocks them. For a full list of options, please go here.

 

 

 

Create notifications

 

In Password Services, there are two types of notifications: notifications to the end user, and notifications to the administrator.

 

Notifications to the end user

An end user receives a notification after completing the Reset Password Wizard if the reset password method is either email or SMS. The notification, either an email or an SMS, contains the end user's new, temporary password.

 

You can edit the text for the SMS and email notifications from the translation file under Settings > Customize > Translation. In the translation file, the keys related to the email notification begin with user.selfService.offline.sendMessage and the keys related to the SMS notification begin with user.selfService.offline.sendSms.

 

Notifications to the administrator

Administrators can receive email, SMS, or service record notifications when a user completes one of the Password Self Service wizards. To configure these notifications, go to Settings > Password Services > Notifications and follow the instructions found there.

 

 

 

Use the Password Services wizard

 

Once you've configured Password Services to your liking and your end users have registered themselves, your end users can start using Password Self Service whenever they are locked out of their accounts or forget their passwords. For full instructions for using the Password Self Service Wizard, please go here.

 

Congratulations! Now that you're using Password Services, you're well on your way to a smoother end user experience and a more fully automated helpdesk!

 

 

 

Password Services reports

 

Password Services contains five reports you can use to keep up-to-date on all activities in the Password Services Module. You may access these reports from Analytics > Overview > Reports.

 

Password Services Reports

Reset Password Audit Report

Shows you a list of all activities related to the Reset Password Wizard.

Unlock Account Audit Report

Shows you a list of all activities related to the Unlock Account Wizard.

Failed Attempts Report

Shows a list of failed attempts to use one of the Password Services wizards.

Enrolled Users Report

Shows you a list of all users who've answered their security questions for Password Services.

Non-enrolled Users Report

Shows you a list of all users who have not answered their security questions for Password Services.

 

 

 

 

Contact us

 

SysAid welcomes your questions and suggestions. We can be reached via phone and email:

Toll Free phone center (U.S): 800-686-7047

Tel (U.S): +1 617-231-0124

Fax (U.S): +1 617 507 2559

Tel (Israel): +972 3 533 3675

Fax (Israel): +972 3 761 7205

Email: helpdesk@sysaid.com

SysAid community: http://www.sysaid.com/Sysforums/forums/home.page

You can also view our full support page at http://www.sysaid.com/contact_support.htm.