Self-Service Imprivata PIN Reset

Self-service Imprivata PIN reset lets users enter their password or answer security questions to reset a forgotten PIN.

NOTE: Resetting an Imprivata PIN only requires an Authentication Management license for each user assigned to the policy that is supporting PIN reset. You enable this feature separately from Imprivata Self-Service Password Reset. For complete details, see Imprivata Self-Service Password Reset.

Configuring Self-Service Reset for an Imprivata PIN

To configure self-service reset for an Imprivata PIN:

  1. In the Imprivata Admin Console, go to the Users menu > User Policies page to create or modify a user policy.

  2. Click the Authentication tab, go to the Desktop Access authentication section, and make sure that Imprivata PIN is selected as a secondary authentication factor.

  3. Click the Self-Service Password/Imprivata PIN Reset tab and select Allow users to reset their Imprivata PIN.

  4. Click Save.

The policy is configured to let users reset an Imprivata PIN with their password.

BEST PRACTICE: Verify that the computer policy does not restrict the Imprivata PIN. For more information about restricting desktop access authentication, see Setting Computer Policies to Override User Policies.

Enabling Security Questions

Optional — In addition to passwords, users can answer security questions to reset an Imprivata PIN. Configuring security questions requires that you:

Enterprise Access Management includes a default set of questions that you can manage to meet the needs of your organization:

  1. In the Imprivata Admin Console, go to the Users menu > User Policies page to create or modify a user policy.
  2. Click the Self-Service Password/Imprivata PIN Reset tab.
  3. Click View and modify security questions.
  4. Add, edit, or delete questions as required.
  5. Close the editor.

NOTE: By default, questions are not mandatory. To include the question in every challenge, click it and select Mandatory.

Users that are required to enroll security questions are not prompted to do so when they login to Enterprise Access Management:

  1. In the Imprivata Admin Console, go to the Users menu > User Policies page to create or modify a user policy.
  2. Click the Self-Service Password/Imprivata PIN Reset tab.
  3. In the section Enroll options — Prompt to enroll security questions, select:
    • Prompt and must enroll;
    • Prompt and may delay enrolling; or
    • Do not prompt to enroll (this is the default.)
  4. Enter the number of security questions that users in the policy must enroll.
  5. Enter the number of security questions that users in the policy must answer correctly to authenticate.
  6. Click Save.

The policy is configured to let users reset an Imprivata PIN at login by answering a random subset of enrolled security questions.

NOTES: Even if you select Do not prompt to enroll, the Imprivata enrollment utility always appears after login if the user has only password enrolled.

If you allow users to delay the enrollment of security questions, you can set a Self-Enrollment Declined notification to identify these users. For complete details, see Configuring Event Notifications.