Powered by Algolia

    Credential Provider

    OpenIAM is an IDM solution and it allows user to keep a single identity inside the organization. Normally use doesn’t store a password, instead they need to open a browser and go to unlock or a set password page of OpenIAM, enter the username and follow a standard procedure that is defined for specified organization.

    But if the used is trying to log into Windows or Mac OS machine and cannot login because they don't remember a password. Not being logged inside the machine one cannot open a web browser and reset the password. For this case, OpenIAM has a special product, called Credential Provider (CP) that allows opening OpenIAM head password page without being logged to the OS.

    This product is available for Windows and Mac OS.

    Windows

    To use the CP on Windows run the installer on the desired machine. It could also be deployed using centralized rules that could be defined by the system administrators.

    The installation window is in the picture below.

    Credential Provider Instllation Window

    The URL line had a predefined pattern. Replace the domain name with the required name. Below the URL line, there are configuration for the text that will be used on the login screen, so type any text needed.

    Afterwards there are two options always run market Microsoft credential provider from RDP session and permit navigation to other domains. The first means not seeing a login screen when logging in through or the RDP. The later restricts any navigation to other domains that are specified.

    Hence, whenever the user forgot the password not being logged in the machine, the CP allows accessing the same OpenIAM head password page accessed via the browser, but when logging into the system.

    When accessed via CP OpenIAM will automatically reset the password inside Active Directory and the user be able to log in using the new password.

    MacOS

    The functionality and the product design of CP for MacOs is identical to that of for Windows. Tha only difference that users will is that while istalling the product, MacOS has to be connected to the Active Directory to work properly.

    For the installation process of the CP for MacOS see the Widows instructions above.

    Previous
    FIDO-2 Authentication
    Next
    Configuring Certificate Based Authentication