Specops Authentication Web

The Specops Authentication Web can be used to view system information and manage various aspects of the product including system-wide configurations, and multi-factor authentication policies for its various resources. Once you have installed and configured the Gatekeeper, users that are members of the Authentication Admin Group can further configure the solution from the Specops Authentication Web:

US datacenter: https://login.specopssoft.com/authentication/admin
EU datacenter: https://eu.login.specopssoft.com/authentication/admin

For more information and general administration, refer to Specops Authentication Web.

The configuration steps that are specific for Specops uReset are described below.

uReset Policy Mode

You can configure your uReset policy mode, and see a list of your policies, their configured identity services, as well as their enrollment and authentication requirements.

To specify the authentication rules for users, you will have the following policy mode options:

Cloud: All users will have the same authentication rules for resetting passwords.
Group Policy: Users will have different authentication rules as determined by the Group Policy they are affected by. Group Policy Objects can be managed from the Specops Authentication Gatekeeper Admin Tool.
Both: Group Policy will be processed first, and the Cloud policy will be applied to users not affected by any Group Policy Object with Specops uReset settings.

Configuring the uReset Policy

To configure the uReset settings for the policy:

Login to the Specops Authentication Web and click on uReset in the left navigation.
Click Edit Authentication Rules next to each policy to set its authentication requirements.
Click the plus-icon for those identity services you want to include in the policy.
You will need to assign a weight (star value) for each selected identity service. This will allow you to assign a higher value to those identity services you believe provide a higher level of security. For instance, assigning the Specops Authenticator with 2 stars, would be equivalent to two identity services worth 1 star. Refer to Identity Services Weight Assignment for additional guidance.
To require the user to use a specific identity service, select Required.
Configure the required weight (stars) for enrollment. (Required Weight for Enrollment)
Configure the required weight (stars) for authentication (Required Weight for Authentication).

Note

The number of stars required for authentication must be equal to, or less than the number of stars required for enrollment.
Click Save.

Notifications

Notifications can be used to send messages to users and administrators. Notifications are based on system events in Specops Authentication.

Editing or creating new notifications:

Login to the Specops Authentication Web.
Select uReset, then, for the Cloud Policy or any of the Group Policies, click Edit Notifications.
Click on an existing notification to edit it, or click New.
Select an event from the Event drop-down. The following events are currently available:
- User reset password
- User unlocked account
- Insufficient enrollment found
- Account unlocked from service desk
- Password reset from service desk
Select an action from the Action drop-down. The action you select controls the type of message, and the recipient of the message. The following events are currently available:
- Email
- Text message
Click Next.
Configure the required settings. Use the Placeholders by clicking them to select insert information that will be different for each user.
Click Save.

Note

When using the Insert link button in the ribbon and putting the URL placeholder in the To what URL should this link go? field, make sure to uncheck the Use default protocol checkbox. If this is not unchecked, the resulting link will not work because of a repeated "http://" inserted before the link.

Deleting notifications:

Login to the Specops Authentication Web.
Select uReset, then, for the Cloud Policy or any of the Group Policies, click Edit Notifications.
Click on the notification you want to delete.
Click Delete.
Click Delete again in the confirmation window.

Temporarily disabling notifications:

Login to the Specops Authentication Web.
Select uReset, then, for the Cloud Policy or any of the Group Policies, click Edit Notifications.
Click on the notification you want to disable.
Uncheck the Enabled checkbox.
Click Save.

Settings

You can configure additional settings, including:

Enabling the Change Password feature to allow users to change their password from Specops Authentication.
Hiding the Unicode password rule to users during a password change.

First Day Password

First Day Password allows uReset customers to allow new users (typically new hires in the organization) to access the network using two-factor authentication, even when they have not enrolled with any ID services yet. This makes the onboarding procedure secure and efficient, avoiding the unsecure method of sending new users their (temporary) password unencrypted by mail. First Day Password is a Powershell-based workflow and can be combined with existing workflows within the organization.

For more information on configuring First Day Password, please refer to the First Day Password page.