4.10 Configuring Helpdesk

SSPR provides a Helpdesk module. Helpdesk administrators can view user account data except password, such as password modification, login details, last password change, account status, and so forth.

SSPR allows Helpdesk administrators to search user details by using the wildcard search. For example, If the helpdesk user types a*b in the search field, the search result displays the list of users with name that includes the letter a followed by any letter and then include the letter b as the last letter of the name. SSPR also allows ajax search that searches the user details while they type.

The major tasks of Helpdesk administrators include resetting passwords, unlocking intruder locked accounts, assigning temporary passwords, managing users' challenge-responses, and deleting a user account. You must enable these settings to allow Helpdesk administrators to perform their tasks.

To perform Helpdesk administrators activities, a user must be a member of an LDAP directory’ group that has required rights.

In the following scenarios, a user cannot reset their password through the configured challenge-responses and call Helpdesk to reset passwords for them:

  • When users forget the saved answers to challenge questions.

  • When users have not set up challenge-responses.

Perform the following steps:

  1. In Configuration Editor, click Modules > Helpdesk.

  2. Click View > Always Show Advanced Settings to see and configure the advanced settings.

  3. Configure the following settings:

    Setting

    Description

    Enable Helpdesk Module

    Select the check box.

    When enabled, Helpdesk administrators can perform their tasks by clicking Helpdesk on Main Menu.

    Helpdesk Search Filter

    Specify an LDAP search filter to query the directory for users. For example, (&(objectClass=Person)(|((cn=*%USERNAME%*)(uid=*%USERNAME%*)(sAMAccountName=*%USERNAME%*)(userprincipalname=*%USERNAME%*)(givenName=*%USERNAME%*)(sn=*%USERNAME%*))))

    Replace %USERNAME with the username supplied by a user.

    Helpdesk Search Form

    Specify the user attributes that you want to display to Helpdesk administrators in the search result.

    Helpdesk Detail Form

    Specify the user attributes that you want to display to Helpdesk administrators for an individual user.

    LDAP Search Base

    Specify the LDAP search base. If you leave this field blank, the system uses the default LDAP search bases.

    Set Password UI Mode

    Select a mode from the list to allow Helpdesk administrators to set passwords. The options include:

    • None: Helpdesk administrators cannot change a user’s password.
    • Type: Helpdesk administrators require to type a password ly.
    • Auto Generate: Helpdesk administrators can select a password from the auto generated passwords list and assign it to the user.
    • Both: Helpdesk administrators can set a password by selecting an auto generated password or by typing it.

    Send Password to User

    Select this check box to send the reset password to users. The method of sending the password is selected under Forgotten Password > New Password Send Method.

    Enable Unlock

    Select this check box to enable Helpdesk administrators to unlock an intruder locked account.

    Enforce User Password Policy

    Select this check box if you want the Helpdesk administrators to follow the same password policies that a user does while setting their passwords.

    Viewable Status Fields

    Select the fields that should be available to helpdesk operators to view the status of the required user.

    Idle Timeout Seconds for Helpdesk Users

    Specify the number of seconds after which an authenticated Helpdesk administrator’s session requires re-authentication.

    Clear Responses on Password Set

    Select a mode to allow Helpdesk administrators to clear responses after setting passwords, which a user provides during password change request. The available options include:

    • True: Automatically removes the user’s secret questions and answers.
    • Ask: Asks whether to remove the user’s secret questions and answers.
    • False: Neither removes nor asks for removing the user’s secret questions and answers.

    Enable Clear Responses Button

    Select this check box to allow the helpdesk operator to use a button for clearing the stored responses of the user.

    Enable Delete User Button

    Select this option to allow helpdesk operator to delete the user account from the LDAP directory.

    Helpdesk Profile Match

    Set the required LDAP profile from the drop down list. It sets the search criteria depending on the settings that were configured during the creation of LDAP Directory Profiles. You can also filter the search by specifying the LDAP domain name such as, (memberOf=cn=Domain Admins,cn=Users,DC=site,DC=example,DC=net).

    Helpdesk search result limit (Advanced)

    Specify the limit of search result for the helpdesk user.

    Post Set Password Actions (Advanced)

    Specify the actions that the system executes after a Helpdesk administrator modifies a user's password. You can use macros.

    Helpdesk Actor Actions (Advanced)

    Specify the actions that a Helpdesk administrator can perform. You can use macros.

    Use Proxy Connection (Advanced)

    Select this check box to use the application proxy connection for all the actions that are initiated in the helpdesk module.

    If deselected, the actions are initiated using the LDAP connection of the logged in user. The user must have appropriate privileges in the LDAP directory.

  4. Click Actions > Save.