FastPass for Active directory password management lets you start at a very low cost for an advanced and automatic platform for Windows Active Directory passwords. You can later add functionality as your requirements increase. The full functionality will satisfy mid-size and large corporations, and the starter level can be financially justified by even smaller organizations. The full functionality include:
Organizations with thousands of users and complex structure need flexible and scalable solutions.With the cost pressure on IT budgets it’s also important that you only pay for what you really need. You can choose on-premise or Cloud implementation.
First of all your rtarget must be to get a self-service success over 90%. Take a closer look at FastPass WEB based password manager for your needs.
You can however only select a secure and certified WEB-solution no matter what product or service you choose from FastPassCorp. We work to the highest standard for WEB-application security and the product is certified for WEB-application security for PCI/DSS, Owasp, SAN Cyber, please link to WEB-security
It’s a challenge to get users to enroll. Basically you can have a mailing approach or a PC-client ap…
It’s a challenge to get users to enroll. Basically you can have a mailing approach or a PC-client approach.
If you use the mailing approach it must be automatic with recurring reminders. If you depend on someone to send reminders to un-enrolled users, you will fail. Your system must automatically send invitations to new users and reminders to un-enrolled users.
If you want to force users in, you need a PC-client tool, which reacts when an un-enrolled users logs-in to Windows. The PC-client can then force the user to enroll to password self-service before the PC is released!
We suggest a combination. See more in our best practices guideHelp me choose
More info: Self-service password issues
Standard user authentication in password self-service is personal questions. They can be good and se…
Standard user authentication in password self-service is personal questions. They can be good and secure; but some users will forget the answers and call the service desk.
To reach above 90% success you must give users additional choices for authentication. Let users decide at authentication time if they want to authenticate for password reset with an SMS-code, a PIN to private e-mails or challenge questions will help your organization easily to pass 90%. The secret is Free choice for the usersHelp me choose
More info: Cloud
No matter how well we design processes and tools we will always have users who will call the service…
No matter how well we design processes and tools we will always have users who will call the service desk and ask for a password. It is essential that the service desk then can help users get back into self-service. If they give the user a password, they will call again next time!
Let the service desk have professional tools where they can authenticate users and securekly bring them back into the self-service environment.Help me choose
More info: Cloud
FastPass has a strong authentication process before the user can reset windows password. Multiple challenge questions must be answered correctly and 2-factor secure authentication can be implemented through combination with PIN codes via SMS to the user.
All communication is secured as is the FastPass database through strong encryption.
Automatic enrollment process for users
FastPass automatically invites all selected users to enroll to FastPass, and continues to send reminders to users until they enroll.
Users can be forced to enroll through FastPass Forced enrollment Client. This function is activated x days after first invitaion if the user has not enrolled. The function is envoked as a NAG service.
FastPass is available where the user sees he has forgot the Windows password, that is at windows log-in. Through a ‘Forgotten Password’ button on the Windows log-in the user can activate a ‘dead’ PC.
For users who enter your system through the internet, FastPass is available on your internet and extranet portal! For example FastPass can be accessible from the OWA log-on.
Service desk process for forgotten passwords
No matter how well you motivate your users, some users will now and then call your service desk with a forgotten password or a locked out password for Windows. Giving them a new Windows password will only mean, that they will call you again next time they forget windows passwords. With FastPass your service desk can authenticate the user and then give them access to enroll in FastPass, where they then can serve themselves – and do so next time. This is critical for a high success rate of self-service!!
For a description of FastPass see below:
reset password for windows and active directory
The FastPass Microsoft Password Manager allows end-users to securely reset their forgotten password without calling the Service Desk to reset windows password.
Windows 7 account Unlock
The FastPass Password Management solution allows your end-users to securely unlock their accounts without calling the help desk.
Employees are one-, two- or multi-factor authenticated using challenge/response, a one-time pin-code send to their mobile phone and/or use of a security card
The FastPass Password Management solution unlocks the account, if it has been locked by employee behavior. If it is locked by system administrators, the employees can’t unlock the account.
If you use 90 days password expiration employees are exposed to Password Expiration when they reset windows password. Usually it affects employees that are on maternity leave, educational or recreational leaves, long sick leaves, or, if you are in the educational sector, summer holidays can trigger password expirations problems.
With the FastPass Password Management solutions employees (or students) can reset their password themselves even in a password expirations situation.
To facilitate automated enrollment of users, the FastPass Password Management solution includes an auto Discovery Engine and a self-service Enrollment Service.
The FastPass Password Management solution includes an auto-discovery engine, which typically extracts information about employees and groups.
Employee objects on different systems are correlated automatically, by matching login IDs or other attributes to create and update employee profiles.
Login IDs on systems where it is impossible to reliably provide automatic reconciliation are stored in an "inventory" table.
Employees who must register supplementary information, such as personal authentication question-and-answer profiles, are automatically prompted to register and receive automatic reminders until they have successfully enrolled. Invitations are sent by e-mail or sms/text-messages. The text in the invitation mails and reminders are defined by the administrator.
The process can include the Forced enrollment client, which is activated from the PC-client through commands from the administration module, controlling if the user has not enrolled yet, and that now is the time to force enrollment.
Employee enrollment and administration is carried out on a secure web form.
Employees are authenticated and employee-entered data is encrypted using HTTPS.
Employees prove possession of accounts by typing ID/password pairs, which are validated against target systems.
Multi-factor authentication for Microsoft password manager
The The FastPass Password Management solution offers a secure validation of users trying to get access to reset password windows 7. For instance, one user can be asked to authenticate with SMS PIN Code and Challenge/Response when executing a Password Reset operation where another employee can be asked to authenticate with just Challenge/ Response when performing the same operation. User authentication is handled through specific authentication profiles that is taking care of the different scenarios that may exist.
The best practice advises for authentication in the “Reset Password” operation for reset windows 7 password ) is to configure four profiles:
The Authentication Profile definition consists of the following attributes:
Selected Groups: A list of groups allowed to use the profile. An employee accessing the end-user interface will be “filtered in” if he is member of one or more of the groups listed in the “Selected Groups” list. This attribute is mandatory.
Selected Deny Groups: A list of groups who are not allowed to use the profile. A employee accessing the end-employee interface will be “filtered out” if he is member of one or more of the groups listed in the “Selected Deny Groups” list and this even if he is member of a group in the “Selected Groups” list This attribute is mandatory.
Selected Networks: A list of networks defined in the “Network Settings” which will be used to filter in an employee performing the “Enroll Employee” operation. An employee accessing the end-user interface will be “filtered in” if the IP address known by the web server as REMOTE_ADDRESS is within the range of the network definition of one or more of the networks listed in the “Selected Networks” list. This attribute is mandatory.
Selected Authentications: A list of authentication methods to be used for authentication when being “filtered in” by the Authentication Profile criteria. An employee accessing the end-employee interface will be prompted to authenticate by the authentication methods in the listed order.
For the “Reset Password” operation the available authentication methods are:
If the Challenge/Response is selected the employee must have enrolled into the Password Manager solution for this profile to be applicable for the employee. If the SMS PIN Code is selected the employee must have a well-formatted mobile number in the “mobile” attribute in Microsoft Active Directory. If this is not the case the Authentication Profile will not be applicable for the employee.
SMS/Text Pin code Authentication
The SMS PIN Code Authentication Settings page can be used to show or edit the settings for the SMS PIN Code authentication method used in the Password Manager solution for reset windows 7 password.
The SMS PIN Code authentication method is an authentication method where a system will generate a PIN Code and send this to a SMS device registered as belonging to the employee and then ask the employee for the PIN Code where the employee must enter correct before being authenticated.
The Password Manager solution implements the SMS PIN Code authentication method in a way where the system collects the “mobile” attribute of an employee from AD and then uses this as target when sending a PIN Code using rules specified in the configuration.
There are a number of configurable parameters for the Challenge/Response authentication method:
Help Desk PIN Authentication for windows 7 password reset
The Help Desk PIN Code Authentication Settings page can be used to show or edit the settings for the Help Desk PIN Code authentication method used in the Password Manager solution when reset password 7 password.
The Help Desk PIN Code authentication method can be described as an authentication method where a system will generate a PIN Code that the Help Desk can provide to the employee either by speech or by SMS to a SMS device registered as belonging to the employee and then ask the employee for the PIN Code where the employee must answer correctly before being authenticated.
The Password Manager solution for windows 7 password reset implements the Help Desk PIN Code authentication method in a way where the system collects the “mobile” attribute for an employee from AD and then uses this as target when sending a PIN Code randomly generated using rules specified in the configuration.
The Challenge/Response Settings page can be used to show or edit the settings for the Challenge/Response authentication method used in the Password Manager solution. The Challenge/Response authentication method is an authentication method where a system will ask the employee for answers to one or more questions where the employee must answer correctly to all the questions being authenticated.
The Password Manager solution for windows 7 password reset implements the Challenge/Response authentication method in a way where the system offers a number of questions that employees can select among and give the answer to. This happens as part of the “Enroll Employee” and “Enroll Employee (Help Desk PIN)” operations.
There are a number of configurable parameters for the Challenge/Response authentication method:
The Password Manager solution for windows 7 password reset uses a fall back mechanism at the time of authentication so that the registered answers are examined before validation of the given answers. This means that changing of Storage Mode will not have consequences for already enrolled employees.
Multi domain multi forrest and multi organization
The FastPass Password Management solution for windows password reset offers support for large Active Directory environments including support for multiple organizations. Multi-organization support is implemented hierarchical so that sub-organizations can be implemented in any number of levels each having their own settings but being easily managed by Password Manager Administrators. Most installations will only use 1 organization. Service Providers, Outsourcing companies and the likes need the multi-organization feature.
The Organization Main page in the Administration Client contains a “Sub Organizations” table listing all organizations defined directly below the currently selected organization. The Organization definition consists of the following attributes:
All text presented to the employee including the “Forgot Password” button at the logon prompt is available multilingual in a real time. All texts are displayed in the language setting in the employees browser. If the selected language is not available the default language is English. The user can also select language directly in the FastPass user portal for windows 7 password reset.
The FastPass Password Management solution currently supports the following languages:
Additional languages are easy to add and will be added on request.
Microsoft Active Directory for reset password windows
The integration of Microsoft Active Directory requires two types of information. First the Connection Settings and secondly the Security Settings needs to be defined. The Connection Settings defines how to access the Microsoft Active Directory infrastructure and the Security Settings defines which groups from the Active Directory are to be used in the remaining configuration. The Security Settings could also be said to be the Access Control for the Password Manager end-employee interfaces for access of accounts in the domain accessed by the Employee Repository configuration.
The FastPass Password Management solution uses the term “Employee Repository” for commonly describing the target systems of employee and password operations. Examples of Employee Repositories are Microsoft Active Directory, SAP, IBM iSeries (AS/400), LDAP, Microsoft SQL and Oracle.
The Password Manager solution supports Microsoft Active Directory as the primary source system and for target systems other types than Microsoft Active Directory are supported if the Password Sync component version 3.1.7 or higher is also installed on the Password Manager server.
Microsoft password manager / Windows password reset / password self service to reseet passwords for Windows and Active Directory / FastPass Enterprise is for larger organizations.
We found that FastPass was the only solution in the marketplace with the capability to deliver a fully-fledged solution that we could use for all of our customers. A solution is only good once deployed and we see that the new service based on FastPass is highly popular among our customers. We tested several products in the market and found that the FastPass product stood out clearly as the best product thanks to the easy implementation, single point of management and rich feature set. FastPass supports our strategy of the very best customer experience regardless of the time of day, says Per Werngren, CEO at IDE.
"The Portuguese Parliament was looking for a self-service password reset/unlock solution. We surveyed the market, and found some expensive and complex solutions. Then we discovered FastPass, which seemed to address all our requirements. We did a pilot installation, and were very pleased by the ease of use for both the administrator and the final user interface. We were even more pleased with the low cost for such a complete product. After we acquired the product, installation was a breeze and FastPass support helped us promptly in all our issues and questions. We had the product in full production in about one week after installation and initial testing. Now our users have a simple method to unlock/reset their passwords without contacting helpdesk, at any time of day or night and from everywhere they have Internet access."
Varde City Council needed to improve service for end-users working outside normal business hours, and wanted at the same time to reduce number of calls to the internal IT department. With more than 100 password related calls each month, Varde decided for FastPass to give users self-service for passwords. Varde has two priomary passwords : Windows/AD and an extermnal password from an IBM mainframe (KMD). With FastPass users now have self-service when a password is forgotten or lost. Within less than 3 months more than 80-85% of calls are now handled by users. See the comments from Lea Dragsbæk
Sonoco realized the need to reduce Help Desk expenses and quickly identified password resets as a target call volume. Sonoco had already made a large investment in their identity and access management infrastructure and they wished to capitalize on that with minimal additional investment. Sonoco and Logic Trends collectively identified FastPass’s Password Manager product due to the low licensing cost, low maintenance effort and strong integration with the Microsoft infrastructure.
Faced with a compliancy requirement from our US parent company, we surveyed the market for a tool that would help us to come into line with section 404 of the Sarbannes-Oxley Act, which requires our users to authenticate themselves to the environment and have the ability to manage their own passwords.
Exactly 21 days before the compliance date we found FastPass Password Manager with a connector to our AS/400 environment.
IT Intergroup worked with us to get the FastPass solution in place and we were compliant a week ahead of schedule. All our users are now able to authenticate and resset passwords from a simple browser interface
In the spring 2009 Tulsa Public Schools decided to implement FastPass Password Manager from FastPassCorp. IT-manager Kirk Damron says: "We needed to reduce the load on our Help Desk from numerous calls related to forgotten passwords". With 8000 employees and teachers and increasing complexities in passwords, the ‘forgotten password’ workload was significant.
Kirk Damron adds: "We needed a solution which was easy to implement and administrate, and easy to use for the end-users. FastPass has proved to be just that!"
Installation and implementation was done in just one day, and the continued roll-out to users has been effortless.