Features Managed User Enrollment
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Managed User Enrollment - Hitachi ID Password Manager

User Enrollment Overview

Hitachi ID Password Manager includes built-in infrastructure to securely and automatically manage the user enrollment process:

The enrollment system in Password Manager includes schedule controls. For example, the maximum number of invitations to send daily can be limited, as can the frequency of invitations per user. Days-of-week during which to send invitations are identified as are holidays during which no invitations should be sent.

Security Question Enrollment in Detail

Enrollment of of security questions and answers using the Password Manager web form works as follows:

  1. Password Manager server: extracts a user list from one or more target systems nightly.

  2. Password Manager server: compares the total list of users to those that are fully registered.

  3. Password Manager server: e-mails unregistered users (up to a certain number of users per run) a request to register, with an embedded URL.

  4. User: receives notification in e-mail, clicks on URL.

  5. Password Manager web server: asks the user to type his network login ID.

  6. User: types his network login ID.

  7. Password Manager web server: asks the user to type his current NOS password.

  8. User: types his current password.

  9. Password Manager web server: validates the password against the indicated system.

    ... repeat if authentication failed, lockout if too often.

  10. Password Manager web server: asks the user to answer a set of personal questions.

  11. User: fills in the blanks.

  12. Password Manager web server: validates completeness, adequacy of data.

  13. Password Manager web server: notifies the user of success.

Watch a Movie

Enrollment of security questions


Play movie

Content:

  • A user has been invited to fill in a form with security questions and answers.
  • This animation starts after:
    • The user has clicked a link in an e-mail, or
    • a browser window was automatically launched at PC login.
    • The user has already authenticated to Password Manager with a password, token or smart card.

Key concepts:

  • Policy is used to combine user-chosen and standardized questions.
  • Some questions may be accessible to the help desk.
  • Some questions may be suitable for telephone authentication.
  • Usually only a random subset of enrolled questions is used to authenticate a user.

Notes - Other Profile Data

Password Manager can be used to collect other information from users, such as demographic data that is not used in authentication processes (e.g., home phone number, application preferences, etc.), and biometric voice print samples. All registration is handled through the same, integrated enrollment system.