Password Services Guide
Table of Contents
Introduction
Welcome to the SysAid Password Services Module!
Password Services is a self service module for your end users that allows them to:
- Reset their own password in the event that they've forgotten it
- Unlock their own account if they have too many unsuccessful login attempts
Before Password Services, your end users would contact the helpdesk each time they forgot their password or got locked out. Now that you have Password Services, your end users can perform these actions themselves, getting immediate results and saving your helpdesk staff much time and energy.
Enabling Password Services
There are several steps you must take in order to enable Password Services:
Configuring LDAP
The first thing you must do to start using Password Services is ensure that you have configured your LDAP. Go to Preferences --> Integration --> LDAP and verify that your settings are correct. Make sure that the LDAP user you specify has administrator privileges in your LDAP.
Important: Password Services will only work over an SSL LDAP connection. If you are not sure that you configured your LDAP using SSL, please check the URL to LDAP server field. If the port number is 636, then you are connecting using SSL. If this is not the port number, then run the LDAP configuration wizard again and choose LDAP over SSL.
Enabling the Password Self Service Wizard
Once LDAP is configured, you must enable the Password Self Service Wizard for your end users.
To enable the Password Self Service Wizard:
- Go to Password Services --> Password Services.
- Choose to enable either Reset Password, Unlock Account, or both.
- Click Save. A new option now appears on the End User Portal: Password Self Service.
Note: When you click Save, SysAid checks all of your LDAP configurations and will inform you if there are any problems accessing your LDAP(s).
Registration for end users
Once the Self Service Wizard has been enabled, each of your end users must then register.
To register, each end user must:
- Open the End User Portal.
- Click on Change Your Settings.
- Select security questions and then answer them (read more about security questions below).
- Click Submit.
- Reenter his or her password.
Once this is done, the end user can access the Password Self Service Wizard using the icon on the End User Portal.
Enabling Password Self Service from the Windows login screen (optional)
You can allow your end users to access the Password Self Service Wizard from the Windows login screen (supports Windows Vista and higher).
To enable the Password Self Service Wizard from the Windows login screen on your computers, you must install version 8.5+ of the SysAid Agent and enable the SysAid Password Services Credential Provider.
You can enable the SysAid Password Services Credential Provider in the following ways:
SysAid Deployment Tool
In the Deployment Tool under Edit --> Settings, check the box Install SysAid Password Services Credential Provider. Then deploy the SysAid Agent to the desired computers.
Network Discovery
From Asset Management --> Network Discovery --> Deploy Agents, open Agent Settings and check the box Install SysAid Password Services Credential Provider. Then deploy the SysAid Agent to the desired computers.
Editing the registry
For each desired computer, change the value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Ilient\Agent\enableSysaidPS to "Y". You may create a script to do this on multiple computers at once, if you desire. This option is useful for agents that have been deployed manually or that have already been deployed.
Your end users can now access the Password Self Service Wizard from the Windows login screen. To see how this is done, please go here.
Configuring Security Questions and General Settings
Configuring Security Questions
A security question is a simple question, such as "In which city were you born," that an end user will certainly not forget the answer to. When an end user registers for Password Self Service, the end user must choose several security questions from a list and answer them. If that end user ever needs to reset a password or unlock an account, the end user reenters their answers to the questions.
It is up to you, the administrator, to choose which security questions appear in the list, and how many security questions each end user must answer.
Go to Password Services --> Security Questions to see a list of available security questions. For each security question, you may choose whether it appears in the list or not and whether an end user must answer it. You may also create your own security questions. Go here for more information.
Go to Password Services --> Settings --> Security Questions (tab) to choose how many security questions a user must answer and what the minimum answer size is. For more information, go here.
General Settings
You can configure the exact behavior of Password Services under Password Services --> Settings --> General (tab). Among the settings you can choose from are how users receives their new passwords after a password reset (e.g. e-mail, SMS, or chosen by end user) and how many attempts users have to answer their security questions before SysAid blocks them. For a full list of options, please go here.
Creating Notifications
In Password Services, there are two types of notifications: notifications to the end user, and notifications to the administrator.
Notifications to the end user
An end user receives a notification after completing the Reset Password Wizard if the reset password method is either e-mail or SMS. The notification, either an e-mail or an SMS, contains the end user's new, temporary password.
You can edit the text for the SMS and e-mail notifications from the translation file under Customize --> Translate. In the translation file, the keys related to the e-mail notification begin with user.selfService.offline.sendMessage and the keys related to the SMS notification begin with user.selfService.offline.sendSms.
Notifications to the administrator
Administrators can receive e-mail, SMS, or service record notifications when a user completes one of the Password Self Service wizards. To configure these notifications, go to Password Services --> Notifications and follow the instructions found there.
Using the Password Services Wizard
Once you've configured Password Services to your liking and your end users have registered themselves, your end users can start using Password Self Service whenever they are locked out of their accounts or forget their passwords. For full instructions for using the Password Self Service Wizard, please go here.
Congratulations! Now that you're using Password Services, you're well on your way to a smoother end user experience and a more fully automated helpdesk!
Password Services Reports
Password Services contains five reports you can use to keep up-to-date on all activities in the Password Services Module. You may access these reports from the Analyzer, or from Manager Portal --> Reports.
Reset Password Audit Report |
Shows you a list of all activities related to the Reset Password Wizard. |
Unlock Account Audit Report |
Shows you a list of all activities related to the Unlock Account Wizard. |
Failed Attempts Report |
Shows a list of failed attempts to use one of the Password Services wizards. |
Enrolled Users Report |
Shows you a list of all users who've answered their security questions for Password Services. |
Non-enrolled Users Report |
Shows you a list of all users who have not answered their security questions for Password Services. |
