SSPR provides a Helpdesk module. Helpdesk administrators can view user account data except password, such as password modification, login details, last password change, account status, and so forth.
SSPR allows Helpdesk administrators to search user details by using the wildcard search. For example, If the helpdesk user types a*b in the search field, the search result displays the list of users with name that includes the letter a followed by any letter and then include the letter b as the last letter of the name. SSPR also allows ajax search that searches the user details while they type.
The major tasks of Helpdesk administrators include resetting passwords, unlocking intruder locked accounts, assigning temporary passwords, managing users' challenge-responses, and deleting a user account. You must enable these settings to allow Helpdesk administrators to perform their tasks.
To perform Helpdesk administrators activities, a user must be a member of an LDAP directory’ group that has required rights.
In the following scenarios, a user cannot reset their password through the configured challenge-responses and call Helpdesk to reset passwords for them:
When users forget the saved answers to challenge questions.
When users have not set up challenge-responses.
Perform the following steps:
In Configuration Editor, click Modules > Helpdesk.
Click View > Always Show Advanced Settings to see and configure the advanced settings.
Configure the following settings:
Setting |
Description |
---|---|
Enable Helpdesk Module |
Select the check box. When enabled, Helpdesk administrators can perform their tasks by clicking Helpdesk on Main Menu. |
Helpdesk Search Filter |
Specify an LDAP search filter to query the directory for users. For example, (&(objectClass=Person)(|((cn=*%USERNAME%*)(uid=*%USERNAME%*)(sAMAccountName=*%USERNAME%*)(userprincipalname=*%USERNAME%*)(givenName=*%USERNAME%*)(sn=*%USERNAME%*)))) Replace %USERNAME with the username supplied by a user. |
Helpdesk Search Form |
Specify the user attributes that you want to display to Helpdesk administrators in the search result. |
Helpdesk Detail Form |
Specify the user attributes that you want to display to Helpdesk administrators for an individual user. |
LDAP Search Base |
Specify the LDAP search base. If you leave this field blank, the system uses the default LDAP search bases. |
Set Password UI Mode |
Select a mode from the list to allow Helpdesk administrators to set passwords. The options include:
|
Send Password to User |
Select this check box to send the reset password to users. The method of sending the password is selected under Forgotten Password > New Password Send Method. |
Enable Unlock |
Select this check box to enable Helpdesk administrators to unlock an intruder locked account. |
Enforce User Password Policy |
Select this check box if you want the Helpdesk administrators to follow the same password policies that a user does while setting their passwords. |
Viewable Status Fields |
Select the fields that should be available to helpdesk operators to view the status of the required user. |
Idle Timeout Seconds for Helpdesk Users |
Specify the number of seconds after which an authenticated Helpdesk administrator’s session requires re-authentication. |
Clear Responses on Password Set |
Select a mode to allow Helpdesk administrators to clear responses after setting passwords, which a user provides during password change request. The available options include:
|
Enable Clear Responses Button |
Select this check box to allow the helpdesk operator to use a button for clearing the stored responses of the user. |
Enable Delete User Button |
Select this option to allow helpdesk operator to delete the user account from the LDAP directory. |
Helpdesk Profile Match |
Set the required LDAP profile from the drop down list. It sets the search criteria depending on the settings that were configured during the creation of LDAP Directory Profiles. You can also filter the search by specifying the LDAP domain name such as, (memberOf=cn=Domain Admins,cn=Users,DC=site,DC=example,DC=net). |
Helpdesk search result limit (Advanced) |
Specify the limit of search result for the helpdesk user. |
Post Set Password Actions (Advanced) |
Specify the actions that the system executes after a Helpdesk administrator modifies a user's password. You can use macros. |
Helpdesk Actor Actions (Advanced) |
Specify the actions that a Helpdesk administrator can perform. You can use macros. |
Use Proxy Connection (Advanced) |
Select this check box to use the application proxy connection for all the actions that are initiated in the helpdesk module. If deselected, the actions are initiated using the LDAP connection of the logged in user. The user must have appropriate privileges in the LDAP directory. |
Click Actions > Save.