SSPR provides a Helpdesk module. Helpdesk administrators can view user account data except password, such as password modification, login details, last password change, account status, and so on. You can create required number of Helpdesk profiles and configure appropriate settings for each profile.
SSPR allows Helpdesk administrators to search user details by using the wildcard search. For example, If the helpdesk user types a*b in the search field, the search result displays the list of users with name that includes the letter a followed by any letter and then include the letter b as the last letter of the name. SSPR also allows ajax search that searches the user details while they type.
The major tasks of Helpdesk administrators include resetting passwords, unlocking intruder locked accounts, assigning temporary passwords, managing users' challenge-responses, and deleting a user account. You must enable these settings to allow Helpdesk administrators to perform their tasks.
To perform Helpdesk administrators activities, a user must be a member of an LDAP directory’ group that has required rights.
In the following scenarios, a user cannot reset their password through the configured challenge-responses and call Helpdesk to reset passwords for them:
When users forget the saved answers to challenge questions.
When users have not set up challenge-responses.
Perform the following steps:
On the left pane of the Configuration Editor, click Modules > Helpdesk.
(Conditional) If you want to create different profiles, click Edit List then on the right pane add the profile names by using Add Profile.
SSPR does not allow changing the name of the profile. If you do not require different profiles, you can click the default profile.
On the left pane select the required helpdesk profile.
Configure the following settings:
Setting |
Description |
---|---|
Helpdesk Profile Match |
Specify the set of users for a profile, so that the configuration setting that you specify for the profile is applicable for those set of users. You can use LDAP Group or LDAP filters to query the directory for users. Add Filter: Select the appropriate profile from the drop-down list and Select the LDAP search filter. For example, (&(objectClass=Person)(|((cn=*%USERNAME%*)(uid=*%USERNAME%*)(sAMAccountName=*%USERNAME%*)(userprincipalname=*%USERNAME%*)(givenName=*%USERNAME%*)(sn=*%USERNAME%*)))) Add Group: Select the appropriate profile from the drop down list and specify the LDAP Group DN. For example, cn=admins,o=novell, or cn=administrators,cn=builtin,dc=example,dc=com |
Helpdesk Search Form |
Specify the user attributes that you want to display to Helpdesk administrators in the search result. You can also add a new form field by using Add Form Item. |
LDAP Search Base |
Specify the LDAP search base. If you leave this field blank, the system uses the default LDAP search bases. |
Helpdesk Detail Form |
Specify the user attributes that you want to display to Helpdesk administrators for an individual user. You can add, delete and add new fields that will be displayed to the helpdesk administrators. |
Viewable Status Fields |
Select the fields that should be available to helpdesk operators to view the status of the required user. |
Helpdesk search result limit (Advanced) |
Specify the limit of search result for the helpdesk user. |
Set Password UI Mode |
Select a mode from the list to allow Helpdesk administrators to set passwords. This is applicable for the users who have proper LDAP permissions. The options include:
|
Send Password to User |
Select this check box to send the reset password to users. The method of sending the password is selected under Forgotten Password > New Password Send Method. |
Post Set Password Actions (Advanced) |
Specify the actions that the system executes after a Helpdesk administrator modifies a user's password. You can use macros. |
Idle Timeout Seconds for Helpdesk Users |
Specify the number of seconds after which an authenticated Helpdesk administrator’s session requires re-authentication. |
Helpdesk Actor Actions (Advanced) |
Specify the actions that a Helpdesk administrator can perform. You can use macros. |
Enable Unlock |
Select this check box to enable Helpdesk administrators to unlock an intruder locked account. |
Enforce User Password Policy |
Select this check box if you want the Helpdesk administrators to follow the same password policies that a user does while setting their passwords. |
Clear Responses on Password Set |
Select a mode to allow Helpdesk administrators to clear responses after setting passwords, which a user provides during password change request. The available options include:
|
Force Password Expiration On Password Set |
Enable this setting if you want the password to expire when the user logs in with the new password that the helpdesk administrator has set. |
Enable Clear Responses Button |
Select this check box to allow the helpdesk operator to use a button for clearing the stored responses of the user. |
Enable Clear One Time Password Settings Button |
Select this check box to allow the helpdesk operator to click a button and clear the stored one time password settings of the user. |
Enable Delete User Button |
Select this option to allow helpdesk operator to delete the user account from the LDAP directory. |
Use Proxy Connection (Advanced) |
Select this check box to use the application proxy connection for all the actions that are initiated in the helpdesk module. If deselected, the actions are initiated using the LDAP connection of the logged in user. The user must have appropriate privileges in the LDAP directory. |
User Detail Display Name |
Specify the display name that identifies the user on the user detail screen. You can use macros to display the name of the user. |
Token Send Method |
Select a method for sending token code the user. The available methods include:
|
Enable OTP Verification Button |
Select this checkbox if you want to allow the helpdesk user to use OTP verification. |
Mask Password Value |
Select this checkbox if you want to mask the password that the helpdesk user types for changing the user’s password. |
Click the Save icon.