A2B Tech

No detours, just destinations

Micro Focus (formerly NetIQ) Self-Service Password Reset (SSPR) - Complete Training

 

Target Audience

 

This course is designed to help somebody who has not used SSPR in the past, but who probably understands the need behind password management, to setup their first instance of SSPR and configure it to meet common, and probably less-common, business needs in their environment. Coverage of topics around passwords, both remembered and forgotten, and their security will be included as part of the discussion. Making use of the various SSPR Modules to enable users who otherwise would need rights directly to users (such as Helpdesk users) to change passwords, will also be covered.

 

Results

 

By the course's completion everybody should have one or more instances of SSPR configured using most of the modules and other options available to them. A better understanding of Password or Credential Management in general should also be gained to help participants better understand the security landscape. As this course is hands-on, a Virtual Machine (VM) will be provided to facilitate learning.

 

About the Course and Product

 

Most organizations want to allow users to perform self-service for as much as possible, simply because it allows common, simple, and user-initiated tasks to be pushed out to the users who care enough to do them; as long as the information involved is not something meant to be controlled centrally, this makes perfect sense to reduce the burden on helpdesks, managers, and IT staff. Passwords have always been in this category, but the method of allowing users to change passwords has evolved over the years. Do passwords get changed from a regularly-accessed intranet or web portal? Are they changed from workstations which may or may not be connected to the organization's network regularly? What about this not-so-new thing called "mobile" and Bring Your Own Device (BYOD) trends? How do users recover forgotten passwords, or reset locked-out accounts from intruder attempts? How do you verify a person calling the helpdesk to ask for help is actually that person without having them give away sensitive challenge/response information that only they should know? What about allowing your customers, family of employees and faculty, or others to create their own accounts? What about giving passwords to new users, such as employees, interns, or students, as part of the onboarding process without enabling accounts weeks ahead of time with default passwords that others may abuse?

 

All of these questions, along with others, solicit answers which lead to a well-designed password management process. The SSPR tool provides the technology necessary to meet organizational needs based on the answers to those questions. This isn't your father's password portal, where you can have it in any color as long as it's black. As the official replacement for the IDM UserApp's old functionality, SSPR provides the flexibility needed to work with organizations that do not have any solution in place today and are still assuming the workstation is the only source of user input, to governments whose users are quite literally everybody within a state or nation, most of which do not have accounts yet but should be able to self-register. Features are in place to enable a helpdesk user to do a job completely, without requiring them to trust the mysterious voice on the phone is who they claim to be, and without asking the person on the phone to verify themselves with information not even the helpdesk should have. Single Sign-On (SSO)/OAuth integration is in place, as is the ability to send tokens via e-mail or SMS for user verification. All of this is built into a web application that can be used to integrate with your existing enviornment, so there is no need to have users who may already have challenge responses setup go and re-register just to take advantage of the new tool as long as the challenges in place are compatible with SSPR; just put the new application in place and send users there.

 

Because of the nature of password management and the complexities with your organization, this training helps the two merge in a way that will be as painless as possible for your end users, and as enabling as possible for your IT staff, helpdesk, and management while maintaining the security you expect around a system that deal with authentication. Contact us for more details and pricing information to get your staff implementing this solution.

 

Agenda

 

 

Timing

 

This course is designed to take about three days to complete. Included in that is time for all participants to setup their own systems, configure them to point to their own directory or directories, and then test out various features outside of production. Once complete, the objectives above should be met, and they should have the ability to take their configuration to another environment, or create a new setup from the ground up.