Skip to main content

Access to Self-Service

Hitachi ID Password Manager can be accessed through a variety of user interfaces:

  • Transparent password synchronization is initiated from a native password change on a variety of existing systems, including Windows server or Active Directory (32-bit, 64-bit), Sun LDAP, IBM LDAP, Oracle Internet Directory, Unix (various), z/OS and iSeries (AS/400).

  • Password Manager can invite users to enroll and notify users of events relating to their profiles, by sending e-mails, by opening a web browser from a network login script or by sending Windows popup messages to users who have signed into a domain.

  • Users can manage their passwords and authentication profiles using any web browser (desktop, smart phone, tablet, etc.), using a web portal. The web portal is compatible with reverse web proxies and can be load balanced across multiple, replicated Password Manager servers.

  • Users who forget their passwords can dial an IVR system with any telephone and initiate a password reset. Authentication is typically either with touch-tone input of answers to security questions, whose answers are numeric, or by prompting the user to speak the answer to a security question and performing a biometric voiceprint match.

    The call flow in an existing IVR system can be extended to handle this type of self-service, integrating with Password Manager via its API to effect password or PIN resets. Alternately, relevant calls can be rerouted to Hitachi ID Telephone Password Manager, which can handle the entire call flow itself.

  • Users who forget their network login password can launch a kiosk-mode web browser from the desktop login screen. This can be done using multiple methods:
    • The Hitachi ID Login Assistant Credential Provider: this is a client installed on Windows PCs, which adds elements to the login screen. This allows users who forgot their password or triggered an intruder lockout to access self-service password reset.

      A temporary VPN option is available to assist off-site users.

    • A domain secure kiosk account (SKA): is an Active Directory user, normally called "help", with an easy-to-remember or blank password. A security policy (GPO) is applied to this user, to launch a locked down full-screen web browser instead of the usual Windows desktop. The SKA does not require a client software deployment but does not work for off-site users.

page top page top