PRODUCT LEAFLET TOOLS4EVER IDENTITY GOVERNANCE & ADMINISTRATION self service reset password management (ssrpm) the single most common helpdesk call is a user requesting a password reset. particularly after a holiday or vacation, users tend to forget their passwords and call the helpdesk to have it reset. the problem occurs even more frequently when complex or difficult to remember passwords are introduced. the large volume of helpdesk calls involving password reset requests imposes a significant management burden on the it department. Self Service Reset Password Management (SSRPM) by Tools4ever enables end users to reset their own passwords by answering several predeﬁned challenge questions. This means users will no longer have to wait for the helpdesk to handle their password reset request. The primary beneﬁts are: 2. End users conﬁrm their identity by answering a series of personal questions, such as “What was the name of your ﬁrst pet?”. The questions are those that the user answered when he or she enrolled in the product.  A 90% reduction in password related helpdesk calls  End users remain productive because they don’t have to wait for a new password  An improvement in the helpdesk’s service level through 24/7 password reset support  Elimination of password reset requests by unauthorized parties  Compliance reporting via the SSRPM audit log. HOW SSRPM WORKS When a user forgets his password, they take the following steps: 1. End users access SSRPM by clicking the ‘Forgot my password’ button in any login screen (Windows 7 or 8, Vista XP, Outlook Web Access, Citrix etc.) or through a web page on the Intranet. www.tools4ever.com 3. Optional: The user enters a pin code they received by mobile phone or alternate e-mail address (Two Factor Authentication). 4. The user can unlock their account and/or enter a new password. PRODUCT LEAFLET TOOLS4EVER IDENTITY GOVERNANCE & ADMINISTRATION ssrpm consists of three components:  A central Windows service handles the SSRPM settings (password questions, security settings etc.) and retains the answers, in an encrypted fashion, to challenge questions users had previously answered. The central service then veriﬁes whether the answers entered are correct and handles the actual unlocking of accounts and password reset operations.  The addition of the “Forgot My Password” button to the login screen of each application and a web site for the Intranet. Through this interface, a request to unlock an account or reset a password is sent to the central service.  A management console allows systems administrators to implement changes to the central service and monitor and control the password process. SSRPM is a highly ﬂexible solution supporting virtually any imaginable conﬁguration option. Amongst other items, it is possible to deﬁne or modify user questions, to deﬁne the complexity of answers to questions (length, visibility, exclude words, exclude repetitions etc.) and to determine who and which workstation is able to access SSRPM. system requirements  Hardware: Pentium 4 or higher, at least 1 GB RAM, at least 1 GB disc space recommended.  Software: Windows 2000 or later, 32-bit and 64-bit, Windows Terminal Server & Citrix supported  Databases: MS Access, MS SQL 2000 or higher (all versions) technical features Installation  The solution can be operational in less than two hours  End users are provided with instructions via the enrollment wizard. Conﬁguration  Conﬁguration per domain or OU  The GUI of the Admin Console, conﬁguration and reporting capabilities can be customized  Password complexity can be modiﬁed  A virtually unlimited range of options for setting questions and answers, the length of answers, language choice, answer complexity etc. Security  Answers by end users are encrypted and stored in the SSRPM database  Ability to set various security levels, from weak to strong  Support for authentication via e-mail (reception of a PIN code) or SMS messages. General  Detailed reporting capabilities, e.g. status enrollment, completed password resets, who provided an incorrect answer, users blocked in SSRPM etc. The reports can also be generated and made available on the Intranet or e-mailed to the system administrators  Multi-platform support; ability to reset passwords for virtually any application or system  Ability to generate e-mail notiﬁcations to managers in case of a particular event, e.g. when a user repeatedly provides the wrong answer to questions  Secure delegation of a select number of SSRPM system administration tasks to a helpdesk agent, e.g. to enforce the re-enrollment of an end user  Oﬄine support: even when a user is outside of the network, he/ she can reset or unlock their password.