Integrating Password Manager Pro with ManageEngine ADSelfService Plus (ADSSP)
- Key benefits of integration
- Prerequisites for performing the integration
- Steps to configure the integration
- Steps to map domain account details
ManageEngine Password Manager PMP integrates with ManageEngine ADSSP, an integrated web-based self-service password management and Single-Sign-On solution. ADSSP assists domain users in performing activities such as self-service password reset, self-service account unlock, etc. ADSSP utilizes PMP to manage its domain controller passwords, especially the privileged accounts.
Earlier, when remote password reset of the ADSSP privileged domain account was performed in PMP, the new password had to be manually updated in ADSSP. If not, ADSSP still retains the old password and therefore restricts the AD users from performing tasks such as password reset, account unlock, etc. This may lead to more help desk calls. With PMP-ADSSP integration, the privileged domain account details of ADSSP will be mapped with the domain account in PMP. So, whenever the password of the ADSelfService Plus's privileged domain account mapped in Password Manager Pro is updated, PMP automatically updates the password of the privileged domain account in ADSelfService Plus as well.
2. Prerequisites for Performing the Integration
Before commencing the integration, verify if all of the below prerequisites are satisfied:
- PMP should be accessible from the server on which ADSSP is running. To verify this, try launching your PMP web-client from the ADSSP server.
- For this integration to work, ADSSP should be running in secured HTTPs mode only.
- As ADSSP is running in the HTTPs mode, the identity of the system needs to be verified through a valid SSL certificate, which has to be imported into the PMP certificate store. Follow the steps listed below:
i. Stop the PMP service.
ii. Open the command prompt and go to the "<PMP_Installation_Folder>/bin" directory.
iii. Execute the following command:
importCert.bat <Path of the certificate used by ADSSP>
iv. Restart the PMP service.
3. Steps to Configure the Integration
You can perform all the configurations related to the PMP-ADSSP integration from the PMP portal itself. To configure the integration, you need to provide the details of the machine, where ADSSP is installed. The details include Host Name, Port Number, etc. Once you have entered all the required details and saved the configuration, PMP will try to set a connection with ADSSP. After the successful connection, the domain details will be retrieved from ADSSP and saved in the PMP database, and the integration will be established.
Here are the steps:
- Navigate to Admin >> Integration >> ManageEngine.
- In the page displayed, you will see the ADselfService Plus block wih any of the below options.
Buttons and Definitions:
Sl. No: Button Definition
You will see this option if the integration is disabled. Click this button, and the ADselfService Plus Integration window pops up.
Click this button, and the ADselfService Plus Integration window pops up. Modify the configuration details, if required.
You will see this option if the integration is enabled. Click this button to disable the integration.
- Click the Edit button and you will see the below window:
- Configure the following details:
Now, the integration will be enabled, and the domain details fetched from ADSSP will be saved in the PMP database.Proceed with mapping the domain account details of ADSSP with PMP.
4. Steps to Map Domain Account Details
Ensure, the correct domain account in ADSSP is mapped with the domain account in PMP. Only then, the automatic update of the password will happen with the right domain account in ADSSP.
- Navigate to Resources >> Resource Actions. Click the option Configure ADSelfService Plus Domain Details.
This option will be available only:
- For the Windows Domain resources.
- If ADSSP integration is configured.
- A window pops-up with the selected Resource Name appended with the title. The Domain Name in PMP is shown by default.
- Choose the Domain Name in ADSSP to be mapped with the Domain Name in PMP. If you do not find any domain name, click the Fetch link to import the domain from ADSSP.
- The Domain Account Name in ADSSP and the Domain Account Name in PMP fields will be automatically populated based on the Domain Name in ADSSP selected in step i. You can also select a different account for PMP.
You will be prompted with an alert message when a mismatch in the ADSSP-PMP domain account details in suspected. Verify if you have mapped the correct domain account details of ADSSP in PMP. Only then the automatic password update will happen with the right domain account in ADSSP.
- Click Save.
Once the mapping of domain account details of PMP and ADSSP is successfully done, PMP will automatically update the password of the domain account in ADSSP, whenever the password reset for the account is done in PMP.