Integrating Password Manager Pro with ManageEngine ADSelfService Plus (ADSSP)

This document walks you through the procedure for integrating Password Manager Pro with ManageEngine ADSelfService Plus (ADSSP). The following topics are discussed here:

  1. Key Benefits of Integration
  2. Prerequisites for Performing the Integration
  3. Steps to Configure the Integration
  4. Steps to Map Domain Account Details
  5. Troubleshooting Tips

1. Key Benefits of Integration

ManageEngine Password Manager Pro integrates with ManageEngine ADSSP, an integrated web-based self-service password management and Single-Sign-On solution. ADSSP assists domain users in performing activities such as self-service password reset, self-service account unlock, etc. ADSSP utilizes Password Manager Pro to manage its domain controller passwords, especially the privileged accounts.

Earlier, when remote password reset of the ADSSP privileged domain account was performed in Password Manager Pro, the new password had to be manually updated in ADSSP. If not, ADSSP still retains the old password and therefore restricts the AD users from performing tasks such as password reset, account unlock, etc. This may lead to more help desk calls. With PMP-ADSSP integration, the privileged domain account details of ADSSP will be mapped with the domain account in Password Manager Pro. So, whenever the password of the ADSelfService Plus's privileged domain account mapped in Password Manager Pro is updated, Password Manager Pro automatically updates the password of the privileged domain account in ADSelfService Plus as well.

2. Prerequisites for Performing the Integration

Before commencing the integration, verify if all of the below prerequisites are satisfied:

  1. Password Manager Pro should be accessible from the server on which ADSSP is running. To verify this, try launching your Password Manager Pro web-client from the ADSSP server.
  2. For this integration to work, ADSSP should be running in secured HTTPs mode only. 
  3. As ADSSP is running in the HTTPs mode, the identity of the system needs to be verified through a valid SSL certificate, which has to be imported into the Password Manager Pro certificate store. Follow the steps listed below:
    1. Stop the Password Manager Pro service.
    2. Open the command prompt and go to the <PMP_Installation_Folder>/bin directory.
    3. Execute the following command:

      importCert.bat <Path of the certificate used by ADSSP> 

    4. Restart the Password Manager Pro service.

3. Steps to Configure the Integration

You can perform all the configurations related to the PMP-ADSSP integration from the Password Manager Pro portal itself. To configure the integration, you need to provide the details of the machine, where ADSSP is installed. The details include Host Name, Port Number, etc. Once you have entered all the required details and saved the configuration, Password Manager Pro will try to set a connection with ADSSP. After the successful connection, the domain details will be retrieved from ADSSP and saved in the Password Manager Pro database, and the integration will be established.

Here are the steps:

  1. Navigate to Admin >> Integration >> ManageEngine.
  2. Only the users with the ManageEngine Integration role will see the ManageEngine option under Integration.

  1. In the page displayed, you will see the ADSelfService Plus block with any of the below options.

Buttons and Definitions:

Sl. No: Button Definition

1


Enable


You will see this option if the integration is disabled. Click this button, and the ADSelfService Plus Integration window pops up.

2

Edit


Click this button, and the ADSelfService Plus Integration window pops up. Modify the configuration details, if required.

3

Disable


You will see this option if the integration is enabled. Click this button to disable the integration.
  1. Click the Edit button and you will see the below window:

  2. Configure the following details:
    1. Enter the ADSelfService Plus HostName.
    2. Specify the Port at which ADSelfService Plus is listening.
    3. Enter the UserName and Password of an ADSSP user with Admin privileges only.
    4. Click Enable.

Now, the integration will be enabled, and the domain details fetched from ADSSP will be saved in the Password Manager Pro database. Proceed with mapping the domain account details of ADSSP with Password Manager Pro.

4. Steps to Map Domain Account Details

Ensure, the correct domain account in ADSSP is mapped with the domain account in Password Manager Pro. Only then, the automatic update of the password will happen with the right domain account in ADSSP.

  1. Navigate to Resources >> Resource Actions. Click the option Configure ADSelfService Plus Domain Details.
  2. This option will be available only:

  3. A window pops-up with the selected Resource Name appended with the title. The Domain Name in PMP is shown by default. 
    1. Choose the Domain Name in ADSSP to be mapped with the Domain Name in PMP.  If you do not find any domain name, click the Fetch link to import the domain from ADSSP.
    2. The Domain Account Name in ADSSP and the Domain Account Name in PMP fields will be automatically populated based on the Domain Name in ADSSP selected in step i. You can also select a different account for PMP.

    3. You will be prompted with an alert message when a mismatch in the ADSSP-PMP domain account details in suspected. Verify if you have mapped the correct domain account details of ADSSP in PMP. Only then the automatic password update will happen with the right domain account in ADSSP.

  4. Click Save.

Once the mapping of domain account details of PMP and ADSSP is successfully done, Password Manager Pro will automatically update the password of the domain account in ADSSP, whenever the password reset for the account is done in Password Manager Pro.

5. Troubleshooting Tips

  1. Check if the certificates are properly imported.
  2. Check the connectivity between the two machines; connectivity should be bi-directional.
  3. Click fetch under Windows DC >> Resource Actions >> Configuring ADSelf service plus domain details to get the domain details. If it fails, check the pmp0 file available under <PMP_Installation_Folder>/logs directory for any error.

See Also:

Top