Third–Party Self–Service Password Reset

Configuring third-party (external) self-service password reset (SSPR) lets you redirect Imprivata Enterprise Access Management users to an external third-party web portal for self-service password reset. If you wish to link to a third-party SSPR solution, contact your service representative to purchase the Imprivata SSPR Connector.

Users can access the external provider to reset their domain password through the following:

  • The Forgot Password link on the Imprivata login screen.

  • The Imprivata self-services home page.

NOTE: Configuring support for external SSPR applies to the entire Imprivata enterprise. You cannot use Imprivata SSPR in combination with a third-party solution.

Before You Begin

Review the following requirements and considerations before you begin.

  • While enabling Imprivata SSPR requires that users policies be enabled to Allow users to reset their primary authentication password.

  • If your user policies are configured to let users to reset their password, disable the setting before redirecting users to the third-party web portal.

To ensure that the passwords are reset correctly, all Imprivata sites must communicate with the same domain controller as the external SSPR solution.

  • Mozilla Firefox must be installed on all ProveID Embedded enabled Linux thin clients. Firefox must be the default browser.

  • By default, Imprivata Enterprise Access Management launches a browser with limited navigational elements to redirect the user to the third-party SSPR web portal. Limiting the navigational elements maintains focus on the SSPR web portal, and subsequently the Imprivata login window, after the user resets their domain password.

    The following controls are not available:

    • Navigational buttons, such as maximize and minimize.

    • The URL bar.

    • The ability to open a contextual menu by right-clicking.

BEST PRACTICE: Imprivata recommends that you test the third-party SSPR web portal before implementing this feature in production. Make sure that the SSPR web portal does not impose additional requirements that are incompatible with Imprivata Enterprise Access Management.

Configuring Third-Party Self-Service Password Reset

To ensure that passwords are reset correctly, all Imprivata sites must communicate with the same domain controller as the external SSPR solution.

Verify external server settings for each site in the enterprise.

  1. In the Imprivata Admin Console, go to the gear icon menu > Sites page.

  2. Click on a name to open the Imprivata site record.

  3. Go to the External Servers section.

    Entries under User Directory Server represent the domain controllers to which the appliances in this site communicate.

  4. Do one of the following:

    • If a single domain controller is listed, verify that it is the domain controller that is responding to the external SSPR password change requests.

    • If more than one domain controller is listed, select the domain controller that is responding to the external SSPR password change requests and click Save.

NOTE:

Password synchronization delays occur if you do not configure the appliances in the site to communicate with the same domain controller as the third-party SSPR solution.

To ensure there is no end-user disruption, ensure the Use TLS for secure communication and Validate stored domain credentials before authenticating settings are enabled in the Directories settings page.

While there are no specific user policy requirements to enable an external SSPR solution, verify that user policies are not enabled for Imprivata SSPR. If your user policies are configured to Allow users to reset their primary authentication password, disable it before redirecting users to the third-party web portal.

You can find this setting on the Self-Service Password/Imprivata PIN Reset tab.

Configuring the web portal URL lets you redirect Imprivata OneSign users to an external third-party web portal for self-service password reset. Configure the URL for each appliance in the Imprivata enterprise.

  1. In the Imprivata Admin Console, go to the gear icon menu > Settings page.

  2. Go to the Self-service section, select Use your own self-service utility, and then enter the URL of the external third-party web portal.

  3. Click Save.