How to initialize and secure the web services of SSPR

Video

This Tutorial will help you initialize and secure the web services provided either by Apache or an EAM Controller. For IIS configuration Evidian recommends to read the Evidian EAM Installation Guide, Installing on an IIS server.

The SSPR feature requires a dedicated user account to perform operations in the directory. This account must exist before starting the installation procedure, as the wizard will prompt you for account credentials. The following procedure details how to create and configure this account:

From a workstation where EAM Console is installed, do the following:

  • Create or select in your directory a user account that will be used exclusively for the Self Service Password Request (SSPR) feature
  • Enable the Password never expires option for this account.

The user must have authenticated at least once on EAM; so that specific administration rights to manage SSPR can be delegated to him/her. In advanced administration mode:

  • Self Service Password Request: Answer deletion
  • Self Service Password Request: Challenge generation
  • Self Service Password Request: Reset attempt counter
  • User: password modification

Start the Administration Tools interface, as described in the tutorial

In the Administration Tools window, click define administrator credentials for Self Service Password Request.

If you have chosen the Software protection mode, select Software credentials and fill-in the Software credentials area with the credentials of the dedicated user account allowed to manage SSPR .
If you have chosen the Hardware protection mode, select Hardware credentials, insert the SSPR smart card previously created in the smart card reader and provide the PIN for the smart card.

If you are installing SSPR on a workstation where no other EAM software module is running, click Configure workstation and follow the displayed instructions.

  • Click Install EAM Web Server
  • Select the Self Service Password Request check box
  • To use the SSPR server with Authentication Manager, select the Web Service check box.

In case of update:

  • The Apache component is not updated automatically: to do so, you must uninstall it as well as the EAM Web Server component, clear the corresponding directories and registry, and re-install the EAM Web Server. The latter will detect the absence of the Apache component and reinstall the latest version.
  • You can also start the setup wizard by double-clicking ESSOWebServer.msi.

Evidian Products - Protect your company from cyber attacks by unauthorized users

Identity as-a-service

Evidian takes care of everything related to your Identity and Access Management with IDaaS

Learn more   >

Identity Governance and Administration

Manage access and authorization of all your users in your company

Learn more   >

Web Access Manager

Gateway for web apps with SSO, multi-factor authentication, identity federation

Learn more   >

Analytics

Monitoring and powerful reporting for regulatory compliance

Learn more   >

Authentication Manager

Authentication Manager

Enterprise multi-factor & passwordless authentication on Windows PCs

Learn more   >

Enterprise Single Sign-On (SSO)

Secure access to legacy and web apps on PCs & mobiles with SSO

Learn more   >

Self Service Password Reset (SSPR)

Reset Windows passwords online and offline

Learn more   >

SafeKit

High availability software for Evidian and partner applications

Learn more   >

Evidian IAM leader in the French and German markets and in U.S. Public Sector

What are IAM cyber security tools and solutions?