Skip to main content

Supported User Interfaces - Hitachi ID Password Manager

Hitachi ID Password Manager supports several user interface mechanisms:

  • Transparent password synchronization is initiated from a native password change on a variety of existing systems, including Windows server or Active Directory (32-bit, 64-bit), Sun LDAP, IBM LDAP, Oracle Internet Directory, Unix (various), z/OS and iSeries (AS/400).

  • Password Manager can invite users to register and notify users of events relating to their profiles, by sending e-mails, by opening a web browser from a network login script or by sending Windows popup messages to users who have signed into a domain.

  • Users can manage their passwords and authentication profiles using any web browser (desktop, smart phone, tablet, etc.), using an HTML web interface. The Password Manager web interface is compatible with reverse web proxies and can be load balanced across a replicated Password Manager servers.

  • Users who forget their passwords can dial an IVR system with any telephone and initiate a password reset. Authentication is typically either with touch-tone input of answers to security questions, whose answers are numeric, or by asking the user to speak the answer to a security question and performing a biometric voiceprint match.

    The call flow in an existing IVR system can be extended to handle this type of self-service, integrating with Password Manager via its API to effect password or PIN resets. Alternately, relevant calls can be rerouted to Hitachi ID Telephone Password Manager, which can handle the entire call flow itself.

  • Users who forget their network login password can launch a kiosk-mode web browser from the desktop login screen. This can be done using any of several methods:
    • A domain secure kiosk account (SKA): is an Active Directory user, normally called "help", with an easy-to-remember or blank password. A security policy (GPO) is applied to this user, to launch a locked down full-screen web browser instead of the usual Windows desktop. The SKA does not require a client software deployment. It is supported on any version of Windows.

    • A LSKA: is a variant of the domain SKA, but where the special user is defined on each user's PC rather than the domain. The LSKA has the added capability of launching a temporary VPN connection, to enable remote users to access self-service password reset despite being off-site and off-line initially.

    • A credential provider DLL: this is a service installed on Windows Vista~10 clients, which adds elements to the login screen. This allows users who forgot their password or triggered an intruder lockout to access self-service password reset.

      A temporary VPN option is available to assist off-site users.

    • For Windows XP (really, still?) a GINA service: this is a service installed on Windows XP clients, which adds elements to the login screen. This includes both an "I forgot my password" button on the main login dialog and a "Reset password / clear intruder lockout" button on error dialogs. Note that a GINA DLL is not installed, but instead the native GINA UI is extended on the fly. This makes the GINA service a much less dangerous component than GINA DLLs.

      A temporary VPN option is available to assist off-site users.

Read More:

  • Included Connectors:
    Systems on which Password Manager can manage passwords.
  • Integrations:
    Integrations between Password Manager and other parts of an IT infrastructure.
  • Supported User Interfaces:
    Supported Password Manager user interfaces: web browser, workstation login prompt, mobile phone and telephone call.
  • Helping Locked Out Users:
    Enabling users who forgot their primary password or locked themselves out of their PC to access self-service.
  • Helping Mobile Users:
    Assisting mobile users who forgot their primary password (cached on their PC) while away from the corporate network.
  • Network architecture:
    How users, existing systems and applications and Password Manager servers interact on the network.
  • Scalability:
    How Password Manager can scale to manage passwords across millions of login IDs.
  • Mapping User IDs:
    How Password Manager maps user IDs on different systems back to their human users, both automatically and with human assistance.
  • Language Support:
    Languages supported by the Password Manager user interface.
  • Single Sign-on Without a Password Wallet:
    Hitachi ID Login Manager can automatically sign users into their applications without having to store IDs and passwords in a "password wallet."
  • Password Manager server requirements:
    Sizing, configuration and number of servers on which to deploy Password Manager.
page top page top