Hitachi ID Password Manager can be accessed through a variety of user interfaces:
- Transparent password synchronization is initiated from a native
password change on a variety of existing systems, including
Active Directory, Windows servers, OID,
Linux and Unix (various), iSeries and z/OS (optional component).
- Password Manager can invite users to enroll and notify users of
events relating to their profiles, by sending e-mails, by
opening a web browser from a network login script or by
sending Windows popup messages to users who have signed into
a domain.
- Users can manage their passwords and authentication profiles
using any web browser (desktop, smart phone, tablet, etc.).
The web UI is compatible with reverse web proxies and can be
load balanced across multiple, replicated Password Manager servers.
-
Users who experience a login problem can dial an interactive voice response (IVR) system with
any telephone and reset a forgotten or locked password or PIN, clear
an intruder lockout or resolve a problem pre-boot or with a hardware
token. There are several options for identifying callers, including
touch-tone input of login IDs or speech-to text. Similarly, there are
several options for authenticating callers, including touch-tone or
text-to-speech input of answers to security questions, voice biometrics
and input of a PIN sent via SMS to a user's mobile phone.
The call flow in an existing IVR system can be extended to handle this type of self-service, integrating with Password Manager via its API to access user profiles and initiate self-service operations. Alternately, relevant calls can be rerouted to Hitachi ID Telephone Password Manager, which can handle the entire call flow itself. Telephone Password Manager is an included, self-contained IVR system designed for use with Password Manager.
Note that there are some types of problems that cannot (physically) be resolved via a phone call. In particular, an IVR system cannot update any locally cached passwords on the user's device. For users who forgot their locally cached OS login password and are off-site, a self-service mechanism launched from the OS login screen is required.
- Users who forget their PC login password can launch a
kiosk-mode web browser from their PC login screen. This
can be done using multiple methods:
- The Hitachi ID Login Assistant Credential Provider (CP) : this is a client installed on
Windows PCs, which adds elements to the login screen. This allows
users who forgot their password or triggered an intruder lockout
to access self-service password reset.
A temporary VPN option is available to assist off-site users.
- An equivalent MacOSX client enables access from the login
screen of domain-joined Mac's, while on-premises.
- A domain secure kiosk account (SKA): is an Active Directory user,
normally called "help", with an easy-to-remember or blank password.
A security policy (GPO) is applied to this user, to launch
a locked down full-screen web browser instead of the usual Windows
desktop. This option enables access to password reset from
Windows PC login screens without deploying any client software
at all.
- The Hitachi ID Login Assistant Credential Provider (CP) : this is a client installed on
Windows PCs, which adds elements to the login screen. This allows
users who forgot their password or triggered an intruder lockout
to access self-service password reset.
- The Hitachi ID Mobile Access app for Android or iOS enables users to access self-service using their smart phone, even if Password Manager is not configured with a public URL. Note that this cannot address issues related to credentials cached on user PCs.