Overview Screen Recordings
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Hitachi ID Password Manager Screen Recordings

Self Service Anywhere™


Play movie

Content:

  • A user forgot his primary Windows login password.
  • The user is away from the office and the corporate AD password is cached locally.
  • The video shows how the user can reset the forgotten password -- from the PC login screen, over WiFi+VPN and get back to work.

Key concepts:

  • Users are increasingly mobile.
  • Mobile users sign into their corporate laptops with cached domain credentials.
  • If a user forgets his Windows password while away from the corporate network, the IT help desk cannot help him, as they cannot access the cached password.
  • Using Self-Service, Anywhere, Hitachi ID Password Manager allows mobile users to reset forgotten passwords even while away, enabling them to get back to work before they return to the office.
  • Without this technology, a remote user who forgot his password cannot user his PC until he returns -- a major business interruption.

Locked out Windows 7 user resets own password


Play movie

Content:

  • A user has either forgotten his password or triggered an intruder lockout.
  • The user's PC runs Windows 7.
  • The user wishes to unlock his account without calling the help desk.

Key concepts:

  • Access to SSPR is available as a credential provider (CP).
  • The CP can be installed on Windows Vista and Windows 7 workstations.

Locked out Windows XP user resets own password


Play movie

Content:

  • A user has either forgotten his password or triggered an intruder lockout.
  • The user's PC runs Windows XP.
  • The user wishes to unlock his account without calling the help desk.

Key concepts:

  • Access to SSPR is available as service installed on Windows XP workstations.
  • The service is not a GINA DLL. Instead, it adds UI elements to the native GINA on the fly.
  • This architecture is less risky than installing a DLL into the GINA DLL chain.

Locked out Windows user resets own password (no software footprint)


Play movie

Content:

  • A user has either forgotten his password or triggered an intruder lockout.
  • The user's PC runs any version of Windows.
  • The user wishes to unlock his account without calling the help desk.

Key concepts:

  • Access to SSPR is available using a secure kiosk account.
  • This approach eliminates the need to install any software on the PC.
  • The trade-off is a special domain account, typically called help which every user can sign into but which has minimal security entitlements.

Enrollment of security questions


Play movie

Content:

  • A user has been invited to fill in a form with security questions and answers.
  • This animation starts after:
    • The user has clicked a link in an e-mail, or
    • a browser window was automatically launched at PC login.
    • The user has already authenticated to Password Manager with a password, token or smart card.

Key concepts:

  • Policy is used to combine user-chosen and standardized questions.
  • Some questions may be accessible to the help desk.
  • Some questions may be suitable for telephone authentication.
  • Usually only a random subset of enrolled questions is used to authenticate a user.

Enrollment of non-standard login IDs


Play movie

Content:

  • A user has been invited to fill in a form with login IDs and passwords.
  • This animation starts after the user has been invited and has authenticated.
  • Multiple authentication steps - security questions, login IDs, biometrics, etc. are normally integrated into a single process.

Key concepts:

  • This process eliminates the need to "match" profile data on different systems (can be costly, unreliable).
  • Users don't need to know what a system is "officially" called, eliminating a common cause of misunderstanding between users and IT staff.
  • Users must "prove possession" by providing a correct password, making this process totally secure.

RSA SecurID Self-Service Token Support


Play movie

Content:

  • A user has forgotten the PIN for his RSA SecurID token.
  • Using self-service, he can choose a new PIN.

Key concepts:

  • Token PIN reset is more commonly accessed via telephone, since tokens are often used to establish a VPN connection.
  • Other self-service options include issuing emergency access codes and disabling the token (e.g., if it was lost).

Reminder to change passwords


Play movie

Content:

  • A user is reminded, via e-mail, to change passwords.

Key concepts:

  • Users never volunteer to change passwords.
  • Mobile users are not reminded to change passwords by Windows, so an e-mail helps them avoid lockouts.
  • An interactive web UI can educate users about password policy and in-scope systems, so is often preferable to the Windows "Ctrl-Alt-Del" UI.

Assisted password reset


Play movie

Content:

  • The experience of a help desk analyst resetting passwords for a user who has forgotten his password or triggered a lockout.

Key concepts:

  • Help desk staff may be forced to authenticate callers, for example by prompting them with security questions and keying in their answers.
  • Help desk staff may be empowered or required to cause new passwords to be immediately expired.
  • "Behind the scenes," a help desk ticket is normally created to record the service incident.

Login Manager: Enrollment and Login


Play movie

Content:

  • A new user signs into a series of applications.
  • Hitachi ID Login Manager notes that each application uses the same ID/password as the primary Windows login.
  • Login Manager "learns" to sign into each application automatically.

Key concepts:

  • Zero scripting required.
  • Login Manager automatically detects login screens where it can automate logins.
  • Single sign-on on the 2nd and all subsequent application logins.