Resetting SafeHouse volume passwords from an administrator's perspective is a fairly simple task.
The overall process is broadly described as follows:
You receive a request for a remote password reset. This will frequently be by email; however, you can also see a list of all pending requests by logging into SafeHouseAdmin.com.
You click on the email notification link or log into SafeHouseAdmin.com to display the corresponding reset request form.
You review the request, speak with the client, and ultimately make a decision to approve or deny the request.
You finalize the request and cement your decision by selecting either to approve or deny in the web form's drop list and entering your administrator credentials to authenticate yourself as an authorized administrator.
Your response is sent back to the SafeHouseAdmin.com web server and the waiting client is automatically notified that you've responded to their request.
The biggest decision you'll need to make is whether or not to approve a specific request.
SafeHouse does not impose any policy requirements in determining which requests can or should be approved. It is up to you and your organization to decide on your own internal rules for making these kind of decisions.
We know how important it is to make the right decision. As such, SafeHouse gives you as much information as possible to help guide your choice; but in the end, the choice is ultimately yours, and the publishers of SafeHouse take no responsibility for incorrect decisions or attempts by employees to coerce or fool you into resetting the password for a volume which does not belong to them.
You must authenticate yourself as an authorized administrator in order to perform any kind of administrative action on a pending password reset request.
You may authenticate yourself using either:
The administrator password for the SafeHouse group to which the SafeHouse volume belongs.
An administrator smartcard associated with the respective SafeHouse group.
Please know that even though you will be using a web form to perform the administrator authentication step, at no time will your password or credentials leave your machine or be transmitted over the Internet. All cryptographic operations relating to authentication are performed locally on your PC. Only the pass/fail result of your authentication attempt is communicated to the SafeHouse website. Neither the SafeHouse website nor the folks that operate it will ever have access to your administrator password -- this is an absolute guarantee!
Below is a partial screen shot of the web form you'll need to complete. Click to see entire form.
To authenticate using an administrator smartcard instead of an administrator password, insert your smartcard and click the Administrator Smartcard tab. This will change the view to accept your smartcard as an alternate form of authentication provided the card contains the correct information.
See Using Smartcards for Administration.
The SafeHouseAdmin.com website keeps an audit log of all password reset transactions.
Support personnel tasked with performing SafeHouse password resets do not need to be able to log into the SafeHouseAdmin.com website. Sub-level administrators can carry out all their duties using an administrator smartcard (so it is not necessary to know the group password) and using email notifications (so it is not necessary to log into the website) to display the password reset request web forms.
If the SafeHouse software is not installed when you attempt to display the web form, you will be redirected to an error page.