Group Management & Password Self-Service

Group Management

1. Core Configuration

2. Group Configuration

  1. What is the top level DN for groups?
    1. Response: CN=Users,DC=EC,DC=ISD
  2. Do you have any nested groups?
    1. Response: Yes, only a few
  3. Please provide a full DN for Group Management Admin group. The following group will be able to modify groups configuration page.
    1. Response: CN=ID_Group_Management_Admin,CN=Users,DC=EC,DC=ISD
  4. Please provide a full DN for Group Manager group. The following group will enable "My Groups" tab and will allow for management of groups in which users are an owner or co-owner.
    1. Response: CN=ID_Group_Manager,CN=Users,DC=EC,DC=ISD
  5. Please provide a full DN for Group HelpDesk group. The following group will enable "Other Groups" tab which will allow management of any group.
  6. Response: CN=Tech Staff,CN=Users,DC=EC,DC=ISD

3. Group Management Tab

4. Group Configuration

  1. What should be a base DN for groups placement?
  2. Response: CN=Users,DC=EC,DC=ISD
  3. How often should groups by syncing on a daily basis? (recommended every hour)
  4. Response: Hourly
  5. How many groups currently exist in your AD environment?
  6. Response: 50 ?
  7. How many of them are static and how many of them are dynamic groups?
  8. Response: All Static
  9. What other systems besides AD groups will need to be syncing to?
  10. Response: Google Groups
  11. Do you have any specific attributes that need to be populated upon group creation?
  12. Response: Not Sure

Miscellaneous Questions

  • Do the user objects in AD have their employee or student ID populated on them?
  • Response: Yes, students and employee accounts have their ID's populated into their accounts in the employeeID field. This is how we track our user accounts.

Password Self-Service

1. Core Configuration

2. Password Policy Manager

Logical groups of users that will require a unique password policy:

For EACH logical group of users:

1.1 What is the fully distinguished name (DN) of a group in your directory that contains all of the users from this logical grouping? (e.g. for staff users, All_Staff group is used; for all students, All_Students)

  1. All Staff Users: CN=All_Staff,CN=Users,DC=EC,DC=ISD
  2. All Student Users: CN=All Students,CN=Users,DC=EC,DC=ISD
  3. Logical Group 1 Users: CN=Domain Users,CN=Users,DC=EC,DC=ISD

STAFF

1.2 What are your password complexity requirements for staff accounts?

  1. Minimum Length: 6
  2. Maximum Length: ?
  3. Upper Case Required: NO
    1. -Max # Allowed:
    2. -Min # Allowed:
  4. Lower Case Required: NO
    1. Max # Allowed:
    2. Min # Allowed:
  5. Numbers Required: NO
    1. Max # Allowed:
    2. Min # Allowed:
  6. Special Characters Required: NO
    1. Max # Allowed:
    2. Min # Allowed:
  7. Non-US ASCII Required: NO
    1. Max # Allowed:
    2. Min # Allowed:

STUDENTS

1.3 What are your password complexity requirements for student accounts?

  1. Minimum Length: 6
  2. Maximum Length: ?
  3. Upper Case Required: NO
    1. -Max # Allowed:
    2. -Min # Allowed:
  4. Lower Case Required: NO
    1. Max # Allowed:
    2. Min # Allowed:
  5. Numbers Required: NO
    1. Max # Allowed:
    2. Min # Allowed:
  6. Special Characters Required: NO
    1. Max # Allowed:
    2. Min # Allowed:
  7. Non-US ASCII Required: NO
    1. Max # Allowed:
    2. Min # Allowed:

1.4 Should there be any forbidden passwords?

(provide forbidden values)

1.5 Should certain attributes be excluded from passwords?

1.6 Should certain special characters be excluded from passwords?

1.7 Will you allow a user to reset his/her password to a random string? Yes

Challenge Policy Manager

2. Staff Users

2.1 What is the minimum number of predefined challenge questions a user will need to answer upon first login? 1

2.2 Please select from a bank of challenge questions below or supply your own. Select whether the question should be required among initial questions answered and whether or not the user should always be prompted to answer it when s/he forgets her/his password.

Question:

  • In what city were you born in?
    • Initial Question: Yes
    • Always Prompt? Yes

2.3 Is there a minimum/maximum length requirement for the answers to these questions? NO

2.4 Upon forgetting his/her password, how many of these predefined questions must a user answer in order to reset his/her password? 1

2.5 Can users be allowed to skip the setup? No

2.6 Should unique answers be enforced? No

2.7 Should staff users be allowed to setup their own challenge questions? No

2.8 Should there be any restricted values in answers? No

3. Student Users

3.1 What is the minimum number of predefined challenge questions a user will need to answer upon first login? 1

3.2 Please select from a bank of challenge questions below or supply your own. Select whether the question should be required among initial questions answered and whether or not the user should always be prompted to answer it when s/he forgets her/his password.

Question:

  • In what city were you born in?
    • Initial Question: Yes
    • Always Prompt? Yes

3.3 Is there a minimum/maximum length requirement for the answers to these questions? No

3.4 Upon forgetting his/her password, how many of these predefined questions must a user answer in order to reset his/her password? 1

3.5 Can users be allowed to skip the setup? No

3.6 Should unique answers be enforced? No

3.7 Should users be allowed to setup their own challenge questions? No

3.8 Should there be any restricted values in answers?No