Administrator Setup Procedure

After installation, complete the following procedure to configure Password Self Help.

To Configure Password Self Help and Add Questions

  1. If this is your first time administering Password Self Help, log in using the following credentials:

    Profile: ALERTSH
    Password: ALERTSH1

    WARNING: New users: This password is set to Expired. You will be prompted to change it when you first sign on. Upgrading users: Change this password using the CHGPWD (Change Password) command. If you do not change this password your systems will be vulnerable to unauthorized access.

    The Password Self Help Menu (SHC000I) is used for all required administration tasks. Note that this menu will add the Self Help Library (@MSSH) to your library list automatically.

  2. Use option 5 to enter your company name for screen and report usage, then press Enter to return to the Main Menu.
    TIP: Center the text if you want it to appear centered on screens and reports.
  3. Use option 10 to open the Work with Languages/System Configuration screen on page 1 where you can configure languages and questions.

  4. Press F6 first to add a Language and configure the system. (Or, select Option 2 for an existing Language to maintain its configuration.)

    Use this screen to maintain questions and Help/Bulletin Board Text as you require. Decisions you need to make here include the following:

  • Answer Minimum No of Questions: How many questions the user will be required to answer during the user setup process.
  • No of Questions to Ask: How many of these questions (randomly selected) users will need to answer during the password reset process.
  • Automatic Action: Whether the reset process...
    • Sets the user profile to *ENABLED (S)
    • Resets the password (P)
    • Both (Y)
    • Neither (N)
    • Prompts the user to choose whether to set their profile to *ENABLED, reset their password, or both (C)
  • Reset to Password: Whether, upon reset, users will be required to use a global password or select their own. To start (and for any testing), set to "O" to prompt users to change their password during reset. For a full discussion of this setting, see Set Up General Configuration Details screen.
  1. Enter 5 for a Language to open the Work with Questions screen where you can add security questions.
  2. Press F6, then enter the number of the first question you would like to add (e.g. "EN001") and press Enter. The Maintain Question Details screen appears where you can define the question. After you have defined the question, press Enter. You are prompted to add another question. Add the next question (e.g. EN002), and repeat this process until you have added the required number of questions, after which type F3 to return to the Work with Questions screen.

    If you have not added the minimum number of questions, a warning appears at the bottom of the screen that indicates how many questions you are required to add (based on the "Answer Min No of Question" settings in your Configuration Details).

  3. When you have finished adding questions, press F3 to return to the System Configuration screen. Choose option 10 for the Language you are configuring if you would like to add Help Text - the text users will see when they begin to configure Self Help. The appropriate text to be added here will depend on the configuration choices you have made. For example, if you have configured Password Self Helpto allow users to change their password during reset (using the "O" setting), the text here might read:
    Welcome to Password Self Help
    This system will allow you to reset your password in the future if it is lost or forgotten using answers to questions you are about to answer.
    At the time of the password reset, you will be able to set a new password.
    For questions please contact your system administrator.

To Deploy Password Self Help to System Users

After you have configured Password Self Help, the users must enroll themselves by answering security questions. This will complete the setup, and allow users to reset their profiles/passwords. Use one of the following methods to allow your user access to the Password Self Help question/answer process.

Option 1 – Set up an Insite Server

Setup an Insite server (see Getting Started in the Insite help) and give users a URL for web browser access. Users can access both the setup and reset tools through the web browser connection located at your server using the URL “http://[system alias]:3030/HelpSystems/PSH . They will use their IBM i login to perform the setup for their own user profile. The same URL provides access for password resets as well. This method requires no green screen access for end users.

Option 2 – Use the @MSSH/WRKSHQA command

  • If the user has command line access and does not have ‘Limited Capabilities’, use the following command:

    @MSSH/WRKSHQA

  • For users with command line access but are set to 'Limited Capabilities', consider changing the 'Allow limited users' parameter to *YES on the WRKSHQA command:

    CHGCMD @MSSH/WRKSHQA ALWLMTUSR(*YES)

    This allows users with 'Limited Capabilities’ to execute the 'Work with SelfHelp Answers' command to answer their security questions and register their user profile.

    NOTE: Use the above command as a menu option if you are able to customize your menus.

Share the following instructions with your users to inform them how to enroll and reset using the green screen:

Option 3 – Use our User Setup API

Alternatively, you can use our API program, either as the user’s initial program, or incorporate into your existing program or menus. The API is used as following:

CALL @MSSH/SHC001I1

The advantage to using this API is that it will only display questions to the user if they have not yet answered the required number. They can exit out of the screen without answering, but each time the API is invoked, they will be reminded to finish the User Setup.

Option 4 - Self-enrollment using the SELFHELP profile

Utilize the self-enrollment method by enabling the ‘Display to Unregistered Users’ feature on your default language by setting the value to Y. When a user signs on to the system using the SELFHELP profile and enters a profile that is not registered with Password Self Help, they will automatically be taken into the 'Work with Questions/Answers' program (WRKSHQA).

NOTE: Self-enrollment using the SELFHELP profile registers the profile in a disabled state for security reasons. To enable the newly added user, Password Self Help administrator approval is required.

Share the following instructions with your users to inform them how to enroll and reset using their web browser:

Maintaining Password Self Help

Use the following Main Menu options to manage the Password Self Help system after it has been configured.

  • Option 15, Work with Registered Profiles. Users are automatically registered when an administrator allocates some questions to a user, or when a user answers their first question. The main objective of this option is for an administrator to enable users that have been disabled previously because they could not complete the reset process.

    NOTE: This status (ENABLED/DISABLED) does not represent the OS/400 profile status. It only represents the status of the user within the Self Help system. This status can be controlled by an administrator, or can be set automatically to DISABLED if a user fails to properly answer the questions set by the administrators.
  • Option 20, Work with User Question Admin. This option is used to allocate questions to a user. This option is only necessary if the administrator is to decide the questions that users will answer. This is a configuration choice (via option 10). (When you choose this option, you are first asked to choose the language containing the questions you want to allocate).

  • NOTE: You can also import user details into Self Help from IBM i using the RTVPRFSH command. This command can be used from a command line or within one of your own programs. The command will allow you to import profiles and allocate profiles to a specified language ID. You can also automatically allocate questions to that profile. This can be a single question, *ALL questions, or the same set of questions used by a specified “based-on” profile. See Retrieve Profile to Self Help (RTVPRFSH).
  • Option 35, Report and Purge Menu. This option allows you to generate audit reports and purge old data.
  • Option 50, Message Monitor. This option provides a basic "Action Item" process for the Successful or Unsuccessful Self Help reset messages.
  • Option 60, Command Display Screen. The Command Entry display allows you to enter commands to be processed by the system.
  • Option 65, Technical Assistance Information. The objective of this function is to display the information required for technical calls.
  • Option 70, License Setup. Use this panel to enter the information that allows you to use Password Self Help on your system.
  • Option 71, License Threshold Warning Setup. To be warned when the number of available Password Self Help licenses is approaching its limit, configure a License Threashold Warning. See License Threshold Warning Setup.

Monitoring Activity with the Insite Dashboard

NOTE: If you are not using the Insite web UI, you do not have access to the Dashboard.

To identify Password Self Help activity, you can create a Password Self Help Dashboard. The activity reported on the Dashboard reveals details on user enrollment, including user setup and resets. See Adding and Editing Dashboard Widgets.