Unlock Windows 7 user:

A Hitachi ID Password Manager credential provider can be installed on Windows Vista and Windows 7 workstations. This adds a UI element, shown here, which users can click to access self-service password reset and/or unlock right from the login screen.


Unlock user - no client software:

Using a domain-level secure kiosk account (SKA) access to SSPR can be extended to locked out users without deploying any software on user PCs. In this example, user PCs did get a "light touch" - a replacement wallpaper image was pushed out using a group policy object, which includes the corporate logo and instructions for users who forgot their password.


Authenticate with security questions:

Users who forgot their password can authenticate by correctly answering security questions. Multiple sets of questions may be presented to the user, with a random selection of the user's security questions in each one.


Choose a new password:

Users choose a new password using a friendly UI that explains the password policy and displays a list of systems where the new password will be applied.


Immediate feedback:

Password Manager shows the user which password changes succeeded and which (if any) failed. In the event of a problem, users can see the error code and may ask Password Manager to keep trying and send them an e-mail when the password in question is finally changed. Behind the scenes, e-mails can be sent and help desk ticket created.


Enrollment - security questions:

Password Manager includes a sophisticated system for inviting users to complete their profiles of security questions. Besides a registration screen (shown here) there is a mechanism to send invitation e-mails, automatically launch the user's web browser to the enrollment page and more.


Enrollment - login IDs:

The managed enrollment system extends beyond security questions. For example, users with different login IDs on different systems can be asked to "claim" those IDs -- attaching them to their profiles. Users are incented to do this because it helps them to synchronize passwords.


Token management:

Password Manager can manage more than just passwords. In this example, a user is resetting a forgotten PIN on an RSA SecurID token. Smart card PIN resets are also possible.


Help desk view:

IT support staff can use Password Manager to assist users -- resetting their passwords and or token PINs. The first step is to find the user profile for the caller, as shown here.


Assisted password reset:

Once the user's profile has been found, the support analyst can authenticate the caller -- also through the Password Manager UI before resetting and expiring the caller's password. A ticket is normally generated "behind the scenes."


Dashboard:

A simple dashboard shows the Hitachi ID Password Manager administrator which products are installed, how many users have been licensed, how many user profiles actually exist in the environment and the number of users who have completed every type of enrollment step (security questions, ID mapping, etc.).


Enrollment:

Show how many users have completed various types of enrollment steps.