Using

This topic describes the tasks that you can perform using the BMC AMI Security Self Service Password Reset product:

Accessing SSPR

In a web browser, enter https://sysID:port/sspr/, substituting the following values:

  • For sysID, use the address or name of the system on which SSPR is running.
  • For port, use the networking port number.

The BMC AMI Security Self Service Password Reset window is displayed, on which you can reset, unlock, and set up user IDs.

SSPRwindowSPE2301.png

Important

The product displays only the menus that you are permitted to access. If you do not have the required level of authority to log on to SSPR, your connection might be rejected even if your user ID and password are correct.

Resetting a password

After you have created SSPR security credentials, you can submit password reset requests. To create SSPR security credentials, see Creating-your-SSPR-security-credentials.

  1. Access the BMC AMI Security Self Service Password Reset window.
    For more information, see Accessing BMC AMI Security Self Service Password Reset.
  2. On the User ID box, enter your user ID.
  3. (SPE2301) Click the System list and select the required system.
    By default, the System list displays your local system. To display the System  list, you must define the SystemList parameter. For more information, see Configuring-SSPR-parameters.
  4. Click Reset.
  5. Enter the PIN number you created during the setup process and click Continue.
  6. If your user credential configuration includes an access code, you are prompted to enter it. Depending on the configuration, enter one of the following kinds of access code:
    • Automatically generated access code: You receive an email with an access code and the panel expects the code within 15 minutes.
    • Fixed access code: Enter your fixed access code (such as an employee ID) and click Verify Access Code.
      The access code is validated against the encrypted value in the RACF database. If successful, you can continue to the next step.
  7. Enter answers to the security questions (up to three, depending on configuration). Enter the same way as during the setup process, including punctuation and spaces. Then click Verify Answers
  8. If passphrase support is enabled, click Reset Password or Reset Passphrase .
    •  (For password reset)  On the Password Reset Service page, enter your new password twice for verification and click Continue. If the new password does not comply with the installation password format and content standards, it is rejected. 

    • (For passphrase reset)  On the Password Reset Service page, enter your new passphrase and click Continue.

      Important

      If both password and passphrase fields are displayed, you need to complete only one.

  9. If SSPR is configured for simultaneous password resets on multiple systems, select the system or systems in which to reset the password. The password is reset immediately on the local system and a request queued to the remote systems.

    A status panel displays the reset status on each system:

    • Click Refresh Status to update the status display.
    • Click Close to complete the password reset processing.

    You can now log in to your mainframe services with the newly entered password.

Unlocking a user ID

The BMC AMI Security Self Service Password Reset unlock service is a configurable option and allows users with a valid password to unlock (resume) their user ID should it be revoked.

(SPE2210) Users can unlock a user ID by using either a current password or an expired password.

(SPE2107) SSPR provides Multi-factor Authentication (MFA) compound in-band support (mfaToken:esmPassword). To use MFA you must specify Authenticate MFA in the HTTPServer block (SRVSYS1) for BMC AMI Resident Security Server. For more information, see RSS server configuration parameters.

Before you begin, make sure that you have created SSPR security credentials.

  1. Access the BMC AMI Security Self Service Password Reset window.
    For more information, see Accessing BMC AMI Security Self Service Password Reset.
  2. On the User ID box, enter your user ID.
  3. (SPE2301) Click the System list and select the required system.
    By default, the System list displays your local system. To display the System list, you must define the SystemList parameter. For more information, see Configuring-SSPR-parameters.
  4. Click Unlock.
  5. For multiple systems, select the system(s) to unlock.
  6. Enter your valid password or (if passphrase support is enabled) a passphrase for each system and click Continue.
  7. After you enter a valid password, a status panel displays the unlock status on each system:
    • To update the status display, click Refresh Status.
    • To complete the password reset processing, click Close.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*