User-Initiated Password Changes

Function Overview

This function allows the user to change the password of their domain account via the IPI Client. The user has two options:

1. Change the password only on the IPI Key (without updating it in Active Directory). In this case, the user continues to use their current password as long as it remains valid in Active Directory.

2. Change the password in both Active Directory and on the IPI Key simultaneously. In this case, the new password will be used immediately for authentication in both the system and the key.

After the password is changed, the user can sign in without manually entering the password — it is automatically read from the IPI Key.

The password change complies with domain security policies, including:

• password complexity requirements;

• limits on password change frequency;

• defined intervals between changes.

Prerequisites

Before starting, ensure that:

• Integration between the IPI Server and Active Directory is properly configured.

• The user is created manually on the IPI Server or imported from Active Directory.

• The user must have a IPI Key with status “Ready”, “Active” or “Reserved”.

• The IPI Client is installed on a workstation joined to the Active Directory domain.

• The workstation is approved on the IPI Server.

Step 1. Creating a Domain Account

1. Sign in to the IPI Server using an administrator account.

2. Navigate to the user list, select the appropriate user, and open their profile.

3. Click Create personal account.

4. In the account creation form, fill in the required fields:

   • Name* – a descriptive name for the account;

   • Login Type – select AD Domain Account;

   • Login*:

     • Domain – the name of the Active Directory domain connected to the IPI Server;

     • User Logon Name – the user’s domain login.

5. Select the checkbox Skip Password — the user will add the password later via the IPI Client.

6. Click Create to save the account.

Example domain account:

• Name* – John Smith Domain Account

• Login Type – AD Domain Account

• Login*:

  • Domain – Lab

  • User Logon Name – js

  

Step 2. Initial Computer Unlock

The user signs in to a workstation joined to the Active Directory domain and connects the IPI Key to the IPI Client.

Step 3. Setting the Current Password

After the key is connected, the user account is automatically loaded onto the key from the server. This account is marked with a gear icon and does not contain a password — it cannot be used to unlock the computer until a password is added.

To add a domain password to the account on the key, the user must manually enter their current password via the IPI Client interface.

To do this, follow these steps:

1. Connect the key to the workstation.

2. Wait for the account to appear on the key.

3. Select the corresponding account on the key.

4. Set the current domain password via the IPI Client interface.

5. Save the changes.

After completing these steps, you will be able to unlock the workstation using this account on the key.

Step 4. User-Initiated Password Change via IPI Client

The user can independently change the password of their domain account — it will be updated on both the IPI Key and in Active Directory.

Procedure:

1. Connect the IPI Key to the IPI Client and launch the application.

2. Select the account marked with the gear icon.

3. Click Edit.

1. To change your domain account password, select the “Change logon password” checkbox.

1. Enter the new password.

2. Click Save.

When saving the new domain user password, the following occurs:

• The current (old) password is read from the key.

• The old and new passwords are used to initiate the password change in Active Directory using the Windows API.

• If the change is successful, the new password is saved on the key, replacing the previous one.