Self Service Anywhere™


Content:

  • A user forgot his primary Windows login password.
  • The user is away from the office and the corporate AD password is cached locally.
  • The video shows how the user can reset the forgotten password -- from the PC login screen, over WiFi+VPN and get back to work.

Key concepts:

  • Users are increasingly mobile.
  • Mobile users sign into their corporate laptops with cached domain credentials.
  • If a user forgets his Windows password while away from the corporate network, the IT help desk cannot help him, as they cannot access the cached password.
  • Using Self-Service, Anywhere, Hitachi ID Password Manager allows mobile users to reset forgotten passwords even while away, enabling them to get back to work before they return to the office.
  • Without this technology, a remote user who forgot his password cannot user his PC until he returns -- a major business interruption.

Locked out, on-premises Windows 7 user resets own password


Content:

  • A user has either forgotten his password or triggered an intruder lockout.
  • The user's PC runs Windows 7.
  • The user wishes to unlock his account without calling the help desk.

Key concepts:

  • Access to SSPR is available as a credential provider (CP).
  • The CP can be installed on Windows Vista and Windows 7 workstations.

Unlock pre-boot password


Content:

  • A user forgot his pre-boot passwords for the McAfee ePO Drive Encryption.
  • The user can unlock his PC using Hitachi ID Password Manager.
  • Access to Password Manager is via the Hitachi ID Mobile Access app on the user's smart phone.

Key concepts:

  • Unlocking encrypted filesystems.
  • Strong authentication prior to unlock.
  • Access to self-service using a smart phone, as the PC is locked.

Enrollment of security questions


Content:

  • A user has been invited to fill in a form with security questions and answers.
  • This animation starts after:
    • The user has clicked a link in an e-mail, or
    • a browser window was automatically launched at PC login.
    • The user has already authenticated to Password Manager with a password, token or smart card.

Key concepts:

  • Policy is used to combine user-chosen and standardized questions.
  • Some questions may be accessible to the help desk.
  • Some questions may be suitable for telephone authentication.
  • Usually only a random subset of enrolled questions is used to authenticate a user.

Enrollment of non-standard login IDs


Content:

  • A user has been invited to fill in a form with login IDs and passwords.
  • This animation starts after the user has been invited and has authenticated.
  • Multiple authentication steps - security questions, login IDs, biometrics, etc. are normally integrated into a single process.

Key concepts:

  • This process eliminates the need to "match" profile data on different systems (can be costly, unreliable).
  • Users don't need to know what a system is "officially" called, eliminating a common cause of misunderstanding between users and IT staff.
  • Users must "prove possession" by providing a correct password, making this process totally secure.

RSA SecurID Self-Service Token Support


Content:

  • A user has forgotten the PIN for his RSA SecurID token.
  • Using self-service, he can choose a new PIN.

Key concepts:

  • Token PIN reset is more commonly accessed via telephone, since tokens are often used to establish a VPN connection.
  • Other self-service options include issuing emergency access codes and disabling the token (e.g., if it was lost).

Reminder to change passwords


Content:

  • A user is reminded, via e-mail, to change passwords.

Key concepts:

  • Users never volunteer to change passwords.
  • Mobile users are not reminded to change passwords by Windows, so an e-mail helps them avoid lockouts.
  • An interactive web UI can educate users about password policy and in-scope systems, so is often preferable to the Windows "Ctrl-Alt-Del" UI.

Assisted password reset


Content:

  • The experience of a help desk analyst resetting passwords for a user who has forgotten his password or triggered a lockout.

Key concepts:

  • Help desk staff may be forced to authenticate callers, for example by prompting them with security questions and keying in their answers.
  • Help desk staff may be empowered or required to cause new passwords to be immediately expired.
  • "Behind the scenes," a help desk ticket is normally created to record the service incident.