Integrating Password Manager Pro with ManageEngine ADSelfService Plus (ADSSP)

This document walks you through the procedure for integrating Password Manager Pro (PMP) with ManageEngine ADSelfService Plus (ADSSP). The following topics are discussed here:

  1. Key benefits of integration
  2. Prerequisites for performing the integration
  3. Steps to configure the integration
  4. Steps to map domain account details

1. Key Benefits of Integration

ManageEngine Password Manager PMP integrates with ManageEngine ADSSP, an integrated web-based self-service password management and Single-Sign-On solution. ADSSP assists domain users in performing activities such as self-service password reset, self-service account unlock, etc. ADSSP utilizes PMP to manage its domain controller passwords, especially the privileged accounts.

Earlier, when remote password reset of the ADSSP privileged domain account was performed in PMP, the new password had to be manually updated in ADSSP. If not, ADSSP still retains the old password and therefore restricts the AD users from performing tasks such as password reset, account unlock, etc. This may lead to more help desk calls. With PMP-ADSSP integration, the privileged domain account details of ADSSP will be mapped with the domain account in PMP. So, whenever the password of the ADSelfService Plus's privileged domain account mapped in Password Manager Pro is updated, PMP automatically updates the password of the privileged domain account in ADSelfService Plus as well.

2. Prerequisites for Performing the Integration

Before commencing the integration, verify if all of the below prerequisites are satisfied:

  1. PMP should be accessible from the server on which ADSSP is running. To verify this, try launching your PMP web-client from the ADSSP server.
  2. For this integration to work, ADSSP should be running in secured HTTPs mode only. 
  3. As ADSSP is running in the HTTPs mode, the identity of the system needs to be verified through a valid SSL certificate, which has to be imported into the PMP certificate store. Follow the steps listed below:

    i. Stop the PMP service.

    ii. Open the command prompt and go to the "<PMP_Installation_Folder>/bin" directory.

    iii. Execute the following command:
    importCert.bat <Path of the certificate used by ADSSP> 

    iv. Restart the PMP service.

3. Steps to Configure the Integration

You can perform all the configurations related to the PMP-ADSSP integration from the PMP portal itself. To configure the integration, you need to provide the details of the machine, where ADSSP is installed. The details include Host Name, Port Number, etc. Once you have entered all the required details and saved the configuration, PMP will try to set a connection with ADSSP. After the successful connection, the domain details will be retrieved from ADSSP and saved in the PMP database, and the integration will be established.

Here are the steps:

  1. Navigate to Admin >> Integration >> ManageEngine.
  2. Only the users with the "ManageEngine Integration" role will see the ManageEngine option under Integration.

  3. In the page displayed, you will see the ADselfService Plus block wih any of the below options.

Buttons and Definitions:

Sl. No: Button Definition

1

Enable


You will see this option if the integration is disabled. Click this button, and the ADselfService Plus Integration window pops up.

2

Edit


Click this button, and the ADselfService Plus Integration window pops up. Modify the configuration details, if required.

3

Disable


You will see this option if the integration is enabled. Click this button to disable the integration.
  1. Click the Edit button and you will see the below window:

  2. Configure the following details:
    1. Enter the ADselfService Plus HostName.
    2. Specify the Port at which ADselfService Plus is listening.
    3. Enter the UserName and Password of an ADSSP user with Admin privileges only.
    4. Click Enable.

Now, the integration will be enabled, and the domain details fetched from ADSSP will be saved in the PMP database.Proceed with mapping the domain account details of ADSSP with PMP.

4. Steps to Map Domain Account Details

Ensure, the correct domain account in ADSSP is mapped with the domain account in PMP. Only then, the automatic update of the password will happen with the right domain account in ADSSP.

  1. Navigate to Resources >> Resource Actions. Click the option Configure ADSelfService Plus Domain Details.
  2. This option will be available only:

    - For the Windows Domain resources.

    - If ADSSP integration is configured.

  1. A window pops-up with the selected Resource Name appended with the title. The Domain Name in PMP is shown by default. 

    1. Choose the Domain Name in ADSSP to be mapped with the Domain Name in PMP.  If you do not find any domain name, click the Fetch link to import the domain from ADSSP.
    2. The Domain Account Name in ADSSP and the Domain Account Name in PMP fields will be automatically populated based on the Domain Name in ADSSP selected in step i. You can also select a different account for PMP.
    3. You will be prompted with an alert message when a mismatch in the ADSSP-PMP domain account details in suspected. Verify if you have mapped the correct domain account details of ADSSP in PMP. Only then the automatic password update will happen with the right domain account in ADSSP.

  2. Click Save.

Once the mapping of domain account details of PMP and ADSSP is successfully done, PMP will automatically update the password of the domain account in ADSSP, whenever the password reset for the account is done in PMP.


See Also:

Integrating Password Manager Pro with ManageEngine ServiceDesk Plus

Integrating Password Manager Pro with ManageEngine Analytics Plus

 

©2014, ZOHO Corp. All Rights Reserved.

Top