• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 37 subscribers
  • Views 3301 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Password manager multidomain

pari.radha
over 6 years ago

I had installed the password manager ADMIN SITE in DOMAIN-A.

The users from DOMAIN-B have to managed.

DOMAIN-A and B are not trusted - Believe password manager does not mandates the trusted relation between domains.

however we cannot add the DOMAIN B from user scope->ADD DOMAIN

Suggest me how to add if these are non-trusted domains?

any additional ports need to be opened from the admin site to these DCs?

Please note- I confirm the domain exists and the error says cannot find.

  • 0 over 6 years ago
    #1. Concern: non-trusted domains is it supported scenario? I recommend open SR to confirm.
    #2. Why, from AD security Boundary standpoint, *independent* A\Password Solution to control *independent* B\DC passwords?
    #3. B\user against B\DC authentication is required (via A\IIS\http://PMUser) for scenarios (a) B\user to enroll Q/A; (b) B\user to Change Password (when he/she knows current password).
    #4. In order to make the idea work, you will need to open required ports between A and B, which depends on how PWM is coded to pass B\user authentication token via B\DC to A\IIS\http:PMUser to pass to A\PWM Admin Service to pass calls back to B\DC\user.comment attribute etc…. If port are not documented, maybe because the scenario is not supported? (see #1)
    #5. Q/A profile is stored on B\user.comment and A\PWM Admin Service must RW in the on B\user.comment on B\DC.