Skip to main content

Hitachi ID Password Manager Screen Recordings

Self Service Anywhere™


Play movie

Content:

  • A user forgot his primary Windows login password.
  • The user is away from the office and the corporate AD password is cached locally.
  • The video shows how the user can reset the forgotten password -- from the PC login screen, over WiFi+VPN and get back to work.

Key concepts:

  • Users are increasingly mobile.
  • Mobile users sign into their corporate laptops with cached domain credentials.
  • If a user forgets his Windows password while away from the corporate network, the IT help desk cannot help him, as they cannot access the cached password.
  • Using Self-Service, Anywhere, Hitachi ID Password Manager allows mobile users to reset forgotten passwords even while away, enabling them to get back to work before they return to the office.
  • Without this technology, a remote user who forgot his password cannot user his PC until he returns -- a major business interruption.

Locked out Windows 7 user resets own password


Play movie

Content:

  • A user has either forgotten his password or triggered an intruder lockout.
  • The user's PC runs Windows 7.
  • The user wishes to unlock his account without calling the help desk.

Key concepts:

  • Access to SSPR is available as a credential provider (CP).
  • The CP can be installed on Windows Vista and Windows 7 workstations.

Locked out Windows XP user resets own password


Play movie

Content:

  • A user has either forgotten his password or triggered an intruder lockout.
  • The user's PC runs Windows XP.
  • The user wishes to unlock his account without calling the help desk.

Key concepts:

  • Access to SSPR is available as service installed on Windows XP workstations.
  • The service is not a GINA DLL. Instead, it adds UI elements to the native GINA on the fly.
  • This architecture is less risky than installing a DLL into the GINA DLL chain.

Locked out Windows user resets own password (no software footprint)


Play movie

Content:

  • A user has either forgotten his password or triggered an intruder lockout.
  • The user's PC runs any version of Windows.
  • The user wishes to unlock his account without calling the help desk.

Key concepts:

  • Access to SSPR is available using a secure kiosk account.
  • This approach eliminates the need to install any software on the PC.
  • The trade-off is a special domain account, typically called help which every user can sign into but which has minimal security entitlements.

Enrollment of security questions


Play movie

Content:

  • A user has been invited to fill in a form with security questions and answers.
  • This animation starts after:
    • The user has clicked a link in an e-mail, or
    • a browser window was automatically launched at PC login.
    • The user has already authenticated to Password Manager with a password, token or smart card.

Key concepts:

  • Policy is used to combine user-chosen and standardized questions.
  • Some questions may be accessible to the help desk.
  • Some questions may be suitable for telephone authentication.
  • Usually only a random subset of enrolled questions is used to authenticate a user.

Enrollment of non-standard login IDs


Play movie

Content:

  • A user has been invited to fill in a form with login IDs and passwords.
  • This animation starts after the user has been invited and has authenticated.
  • Multiple authentication steps - security questions, login IDs, biometrics, etc. are normally integrated into a single process.

Key concepts:

  • This process eliminates the need to "match" profile data on different systems (can be costly, unreliable).
  • Users don't need to know what a system is "officially" called, eliminating a common cause of misunderstanding between users and IT staff.
  • Users must "prove possession" by providing a correct password, making this process totally secure.

RSA SecurID Self-Service Token Support


Play movie

Content:

  • A user has forgotten the PIN for his RSA SecurID token.
  • Using self-service, he can choose a new PIN.

Key concepts:

  • Token PIN reset is more commonly accessed via telephone, since tokens are often used to establish a VPN connection.
  • Other self-service options include issuing emergency access codes and disabling the token (e.g., if it was lost).

Reminder to change passwords


Play movie

Content:

  • A user is reminded, via e-mail, to change passwords.

Key concepts:

  • Users never volunteer to change passwords.
  • Mobile users are not reminded to change passwords by Windows, so an e-mail helps them avoid lockouts.
  • An interactive web UI can educate users about password policy and in-scope systems, so is often preferable to the Windows "Ctrl-Alt-Del" UI.

Assisted password reset


Play movie

Content:

  • The experience of a help desk analyst resetting passwords for a user who has forgotten his password or triggered a lockout.

Key concepts:

  • Help desk staff may be forced to authenticate callers, for example by prompting them with security questions and keying in their answers.
  • Help desk staff may be empowered or required to cause new passwords to be immediately expired.
  • "Behind the scenes," a help desk ticket is normally created to record the service incident.

Login Manager: Enrollment and Login


Play movie

Content:

  • A new user signs into a series of applications.
  • Hitachi ID Login Manager notes that each application uses the same ID/password as the primary Windows login.
  • Login Manager "learns" to sign into each application automatically.

Key concepts:

  • Zero scripting required.
  • Login Manager automatically detects login screens where it can automate logins.
  • Single sign-on on the 2nd and all subsequent application logins.

Read More:

  • Self-Service, Anywhere:
    With self-service, anywhere technology, users can resolve problems with their passwords, smart cards, tokens or full disk encryption software both at the office and mobile, from any endpoint device.
  • Features:
    Password Manager features -- including password synchronization and reset, single sign-on, token and smart card PIN reset, encryption key recovery and more.
  • Business Case:
    Password Manager improves service for users, who experience fewer password and login problems. It reduces help desk call volume by eliminating password problems through synchronization and diverting password problem resolution to self-service. Password Manager strengthens security through use of better passwords, stronger authentication prior to password resets, clear audit trails and the ability to delegate support privileges without having to give help desk staff full administrative access to systems.
  • Screen Shots:
    Snapshots of the Password Manager web user interface.
  • Screen Recordings:
    Recordings of user interaction with Password Manager.
  • Concept Animations:
    Animated demonstrations illustrating user interaction with Password Manager and data flow between components on the network.
  • Slide Decks:
    A variety of slide presentations about password management in general and Password Manager in particular.
page top page top