Tivoli® Access Manager for Enterprise Single Sign-On

DPRA User Guide

Version 6.0

SC32-1993-00

���

Tivoli® Access Manager for Enterprise Single Sign-On

DPRA User Guide

Version 6.0

SC32-1993-00

���

Note:

Before using this information and the product it supports, read the information in “Notices,” on page 5.

First Edition (September 2006)

This edition applies to version 6, release 0, modification 0 of IBM Tivoli Access Manager for Enterprise Single

Sign-On (product number 5724-N70) and to all subsequent releases and modifications until otherwise indicated in

new editions.

© Copyright International Business Machines Corporation 2006. All rights reserved.

US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract

with IBM Corp.

Use

r G

uid

eWhat is TAM E-SSO: Desktop Password Reset Adapter?

IBM Tivoli Access Manager for Enterprise Single Sign-On: Desktop Password Reset Adapter (TAM E-SSO: Desktop Password Reset Adapter) lets you access your Windows user account when you lose or forget your password. No need to call your help desk or technical support, and no waiting for an administrator to reset your password.

All you have to do is pass a quick "pop-quiz" that verifies that you’re really "you," and you can reset your password yourself. And you will pass, because you’ll have created the quiz answers when you complete the TAM E-SSO: Desktop Password Reset Adapter Enrollment Interview.

Once you’ve completed your Enrollment Interview, you can take the TAM E-SSO: Desktop Password Reset Adapter Reset Quiz any time you lose or forget your password. If your Quiz answers match the answers you provided in the Enrollment Interview, you can create a new Windows password and log on.

TAM E-SSO: Desktop Password Reset Adapter is simple, quick, and secure, and it frees up your organization’s technical support for other priorities. Best of all, the couple of minutes that the Enrollment Interview takes will more than make up for the time and effort when you lose your Windows password.

A word about passwords…

If you do forget your password, at the very least, it’s a good sign that you picked a good one – that is, one that no one else could have guessed.

The best passwords are the ones that are the hardest to remember, because they’re composed of random letters and numbers. Moreover, good network security calls for changing passwords every few weeks. As fast and easy as the TAM E-SSO: Desktop Password Reset Adapter Reset Quiz is, it’s still faster to use a password to access your network. Here are some tips for creating and managing your password:

• A meaningless string of characters is best. Mix capital and lowercase letters and use

numbers.

• Avoid using the names of relatives, friends or pets.

• Avoid any meaningful words at all - in any language. If it's in the dictionary, someone can

guess it.

• Don't share your password with others.

• Don't write or post your password - especially on "sticky-notes" near your workstation.

One trick for creating a memorable (and meaningless) password quickly is to take the first letters of a familiar phrase or quote. In this way, "Self trust is the first secret of success" (Emerson) becomes stitfsos.

3 January 2007 Page 1 of 4

Use

r G

uid

e What is the “Enrollment Interview”?

Before you can use TAM E-SSO: Desktop Password Reset Adapter when you really need it – to create a new Windows password – you need to provide the “right” answers to the questions you'll be asked. That’s the purpose of the Enrollment Interview.

To begin enrollment, enter your Email address, select the Langauge to enroll in, and click Start.

The questions in the Interview will be used to create the Reset Quiz you’ll take if you ever need to logon without your password. The answers you provide in the Interview will be the ones used to verify that it's really you.

Note: Reset questions will be displayed in the same language as you enrolled in.

There are two groups of questions in the Enrollment Interview:

• Required Questions You must provide answers to these questions to complete Enrollment.

• Optional Questions These appear at the end of the Interview. You can answer or skip any

of these questions.

It's important that you keep your answers to the questions as brief and as memorable as possible. Avoid punctuation and be careful of spelling, spacing, and punctuation.

Required Questions

You must provide an answer to these questions. This question will be used to create the Reset Quiz. Enter the briefest, simplest answer you can, because

1. you'll need to remember it, and

2. you'll need to type the exact spelling in the Reset Quiz exactly as you type it here.

Be careful of how you use upper- or lowercase characters, and be especially careful of spelling and spaces. Avoid punctuation if possible. Note and follow any format instructions or examples that the question provides.

When you have typed your answer in the text box, click Answer.

Optional Questions

You have the option to answer these questions or skip them. Remember that the more questions you choose to answer, the more secure the Quiz will be.

3 January 2007 Page 2 of 4

Use

r G

uid

e What is the "Reset Quiz"?

If you lose or forget your password, you'll need to reset it, that is, erase the old password you've forgotten and supply a new one. The Reset Quiz is how TAM E-SSO: Desktop Password Reset Adapter makes sure you're really "you" when you need to reset your password.

It’s similar to a bank officer verifying your identity over the telephone by asking for a piece of information only you would be likely to know; your mother’s maiden name is a common example. You may be asked for several such items from different sources - your place of birth, your current address, and so on - that only you would be likely to know. TAM E-SSO: Desktop Password Reset Adapter uses the same idea: not just one question, but a group of questions that confirm your identity.

If you need to reset your password, click the TAM E-SSO: Desktop Password Reset Adapter button on the Windows logon box to begin the Reset Quiz. TAM E-SSO: Desktop Password Reset Adapter displays one of the questions from your Enrollment Interview. Type the answer to the question exactly as you did in the Enrollment Interview, and click Answer. Repeat this process until the New Password box appears.

The Reset Quiz might not use all of the questions from your interview. How many questions the Quiz asks depends on how your administrator has set it up. Questions can have different point-values, and it's your overall score that TAM E-SSO: Desktop Password Reset Adapter uses to authorize a password reset.

Note: Reset questions will be displayed in the same language as you enrolled in.

How to take the Reset Quiz to reset your password

If you forget your password, you can take the Reset Quiz to reset your password at your own workstation from the Windows Logon. Or, you can use Internet Explorer to take the Reset Quiz on any other workstation that's already logged on.

To start the Reset Quiz at the Windows Logon (on your own workstation) 1. Click the TAM E-SSO: Desktop Password Reset Adapter button in the upper-right corner of

the window. TAM E-SSO: Desktop Password Reset Adapter displays a logon prompt that asks

for your User name.

2. Type your user name and click OK. TAM E-SSO: Desktop Password Reset Adapter begins the

Reset Quiz.

To start the Reset Quiz from a logged-on workstation

Note: You will need the Web address of the TAM E-SSO: Desktop Password Reset Adapter Reset Quiz start page to use this method. This address may be available as a link on your organization's intranet or in the Internet Explorer Favorites list.

1. Open Internet Explorer and point the browser to the TAM E-SSO: Desktop Password Reset

Adapter Reset Quiz start page. TAM E-SSO: Desktop Password Reset Adapter displays a

logon prompt that asks for your User name.

2. Type your user name and click OK. TAM E-SSO: Desktop Password Reset Adapter begins the

Reset Quiz.

If you fail the Reset Quiz…

• ...try, try again. TAM E-SSO: Desktop Password Reset Adapter selects and displays Quiz

questions in random order. You may very well be asked different questions on your next try.

3 January 2007 Page 3 of 4

Use

r G

uid

e • ...watch your typing. Your Quiz answers must exactly match the ones you entered during

your Enrollment. How you use upper and lower case letters doesn't matter, but spelling,

spacing, and punctuation do.

• ...and you're using a workstation other than your usual one, make certain that you've

provided the correct --that is, your own - username/ID. You may be taking the Quiz against

another user's answers. That won't work.

If all else fails, you'll have to call your administrator to reset your password. If you do take this last

resort, you should also re-take the Enrollment Interview to revise your answers to be simpler or

easier to remember.

3 January 2007 Page 4 of 4

Appendix. Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in

other countries. Consult your local IBM® representative for information on the

products and services currently available in your area. Any reference to an IBM

product, program, or service is not intended to state or imply that only that IBM

product, program, or service may be used. Any functionally equivalent product,

program, or service that does not infringe any IBM intellectual property right may

be used instead. However, it is the user’s responsibility to evaluate and verify the

operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter

described in this document. The furnishing of this document does not give you

any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing

IBM Corporation

North Castle Drive

Armonk, NY 10504-1785

U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM

Intellectual Property Department in your country or send inquiries, in writing, to:

IBM World Trade Asia Corporation

Licensing

2-31 Roppongi 3-chome, Minato-ku

Tokyo 106-0032, Japan

The following paragraph does not apply to the United Kingdom or any other

country where such provisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS

PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER

EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS

FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or

implied warranties in certain transactions, therefore, this statement may not apply

to you.

This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be

incorporated in new editions of the publication. IBM may make improvements

and/or changes in the product(s) and/or the program(s) described in this

publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for

convenience only and do not in any manner serve as an endorsement of those Web

sites. The materials at those Web sites are not part of the materials for this IBM

product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it

believes appropriate without incurring any obligation to you.

© Copyright IBM Corp. 2006 5

Licensees of this program who wish to have information about it for the purpose

of enabling: (i) the exchange of information between independently created

programs and other programs (including this one) and (ii) the mutual use of the

information which has been exchanged should contact:

IBM Corporation

2ZA4/101

11400 Burnet Road

Austin, TX 78758

U.S.A.

Such information may be available, subject to appropriate terms and conditions,

including in some cases, payment of a fee.

The licensed program described in this information and all licensed material

available for it are provided by IBM under terms of the IBM Customer Agreement,

IBM International Program License Agreement, or any equivalent agreement

between us.

Any performance data contained herein was determined in a controlled

environment. Therefore, the results obtained in other operating environments may

vary significantly. Some measurements may have been made on development-level

systems and there is no guarantee that these measurements will be the same on

generally available systems. Furthermore, some measurements may have been

estimated through extrapolation. Actual results may vary. Users of this document

should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of

those products, their published announcements or other publicly available sources.

IBM has not tested those products and cannot confirm the accuracy of

performance, compatibility or any other claims related to non-IBM products.

Questions on the capabilities of non-IBM products should be addressed to the

suppliers of those products.

Trademarks

The following terms are trademarks or registered trademarks of International

Business Machines Corporation in the United States, other countries, or both:

AIX

DB2

developerWorks

eServer

IBM

iSeries

Lotus

Passport Advantage

pSeries

RACF

Rational

Redbooks

Tivoli

WebSphere

zSeries

Microsoft®, Windows®, Windows NT®, and the Windows logo are trademarks of

Microsoft Corporation in the United States, other countries, or both.

6 IBM Tivoli Access Manager for Enterprise Single Sign-On: DPRA User Guide

Intel®, Intel Inside® (logos), MMX and Pentium® are trademarks of Intel

Corporation in the United States, other countries, or both.

UNIX® is a registered trademark of The Open Group in the United States and

other countries.

Linux® is a trademark of Linus Torvalds in the U.S., other countries, or both.

Java™ and all Java-based trademarks are trademarks of Sun

Microsystems, Inc. in the United States, other countries, or

both.

Other company, product, and service names may be trademarks or service marks

of others.

Appendix. Notices 7

8 IBM Tivoli Access Manager for Enterprise Single Sign-On: DPRA User Guide

����

Printed in USA

SC32-1993-00