Learn how to use the helpdesk interface in Password Manager

Let's take a look at the helpdesk interface. The helpdesk interface is designed to the helpdesk to do some work in Password Manager without them having to do the mundane process of resetting passwords manually, like they would do without Password Manager. So, in this particular case, let's go ahead and let's look up a user. What I did is I picked a particular user attribute. In this case, I picked a login name and you see I have two users. I have Defender User1 and Defender User2 that both meet that search criteria. So let's just click on Defender User1. You'll notice here, I can get a lot of information about that particular user. I can see their status in the domain, are they disabled, are they locked out, anything like that, as well as their status in Password Manager. Yep, this user's registered with Password Manager. Their Q&A profile isn't locked down. Nothing is locked down, they should actually function just fine. But let's say they've called up and they can't remember the questions from their Q&A profile. And we can do for a few things here. First, we can verify the identity the user, and that's just basic, all that is. What that's going to do is that's going to-- let's just click on it. That's asking them their helpdesk question. So when they set a password manager, we ask them one question that goes to the helpdesk, and there was a note in there that said the helpdesk will be able to see this. In this particular case I've gone ahead, I'm putting the answer to that in. I click OK, and it says, yep. That user was successfully verified. So now I have a pretty good sense that the guy on the phone is who they say they are. Incidentally, all of these are workflows just like the end user workflows that we saw before. They can all be completely customized to do whatever you want. So for example, if you don't want your help desk to have the right to reset passwords, at all, anymore, then you just disable this workflow or edit this workflow or whatever you want to do. But let's talk, briefly, about the assigned passcode function for just a minute. First, it's going to ask us our verification question again, so let's go ahead and put the answer to that in. It's now giving me a passcode. If I give this passcode to this user now, they will have a new item on their login screen that says enter passcode. If they enter that passcode, it will allow them to open up their Q&A profile questions and reset them without having their Active Directory password. Though that seems like it's more work, it's not, and let me explain why. What happens, in that case, is we're teaching the user how to use Password Manager. So, if for a scenario where they're calling the helpdesk and saying, oh, I never enrolled in Password Manager, but I forgot my password, so can you just reset it? The answer can be, if you choose. No, we're going to teach you how to do it instead. You issue them a passcode, they type the passcode, they open up Password Manager, they type the passcode in there, and then it asks them to answer their Q&A profile questions. Once they've done that, then they can click their Forgot My Password link and reset their password. And you can walk them through that while you're on the phone. But the advantage you've gained their is you've taught them how to use Password Manager, so next time, they shouldn't need to use Password Manager, at all, or they shouldn't need to use the helpdesk, at all. They can just reset it on their own. And they can also enforce an updated Q&A profile. So if you have a user that's having a problem, we can use this to wipe out their profile and start over, as well. Here, if their account were locked, we be able to unlock it and we'd be able to unlock their Q&A profile, if it were locked. However, since neither of those is actually the case, right now, they're under disabled tasks.