Manage your Active Directory identities with Nervepoint Access Manager

Derek Schauland takes a look at Nervepoint Access Manager, a free, preconfigured virtual appliance offering a self-service solution for managing AD identities.

Being a systems administrator in an IT department of three (read: Me, Myself, and I) has its challenges, and password resets are certainly one of them. I have covered applications that help with this in the past and have tried several solutions, but this one is just a bit different and might be a good option to consider.

Because Nervepoint Access Manager (NAM) starts out as a ready to go VM, just point it at your Active Directory and let it do the work.

How is it different?

Nervepoint distributes its access manager in a preconfigured virtual appliance which requires very little in terms of configuration other than downloading the appliance (around 200Mb) and starting it in VMware. In my testing I started the appliance in VMware workstation on my laptop, but you could run it inside vSphere or even with VMware Player.

Getting started

Once the machine is running, the configuration takes place in a browser and is very straight forward. To get started, simply point your browser at or the IP address assigned to your Nervepoint machine.

When you first access the service via a browser you will need to complete the initial configuration wizard beginning with the EULA for Nervepoint.

After accepting the agreement you will be asked to specify an administrator password to access configuration and reporting details about the Nervepoint system. Once this password is set, it cannot be reset if forgotten unless you remove the VM and start over from a new instance of Nervepoint. Enter a password and confirm the password then click Next to proceed.

On the next page you specify connection information for your Active Directory environment. Enter the username and password for a domain administrator account and click Next.

Figure A

AD credentials (click to enlarge)

Nervepoint will now begin discovering your directory and return any domain controllers it finds. Select one of the found domain controllers (or select Manually Configure) and click Next.

After specifying domain controller information, the system will verify and test these settings. Once complete, you will be asked to specify security questions to aid in identifying users. These questions are configured only one time and the questions cannot be changed once configured. There are default questions filled in that can be modified during the initial configuration.

Figure B

Challenge Question configuration

On the next page of configuration you can specify your organization's email settings. The email notification information includes the following:

  • Email server hostname
  • User name and password (if needed)
  • Sender address for notification
  • Recipient Address for notifications

On the bottom of this screen you will also see a template for the initial email. This template is used to alert your users of the new service and prompt them to configure their profile and complete security questions. Also, you can select the checkbox to send this notice to users as soon as the configuration is complete.

Once these screens are completed, click Finish to save the settings. Next time you visit, the service you will see the options screen shown in Figure C.

Figure C

Service options

There are three user options available within Nervepoint. You can reset your password if you have forgotten it, update the answers to your challenge questions, and unlock a locked account. Select the option you wish to use.

For the account management option, which accesses your challenge questions, you will need to provide your username and password. For the other options, you specify your username and then answer challenge questions to proceed.

At the very bottom of the list is an administrative option, selecting this will prompt you to log in with the administrator account, which is "admin," and the password you specified during configuration. The admin options are shown below in Figure D.

Figure D

Administrator options

On this screen you can see usage reports and other management options including:

  • A list of manageable accounts
  • A dashboard displaying system usage
  • Email Template configuration
  • Active Directory configuration options
  • Nervepoint System configuration
If you access the administrative URL for the virtual appliance, defaulted to port 10000, you can access information related to the appliance and Linux configuration for the service. The main screen for this is shown in Figure E. Note: When you first power the virtual appliance, you are presented with the system administrative credentials which default to Administrator and administrator and should be changed as soon as possible.

Figure E

System administrative pages (click to enlarge)

Who should consider it?

Organizations wishing to implement some type of password and account self-service options would be great candidates for this application. Because there is no hardware needed specifically for the account management tools, the startup costs are quite minimal.

What is the cost to implement?

The identity management features provided by Nervepoint are free and will always be available at no cost. Other features are coming which may incur costs, but the password management application is completely free.

Bottom Line

For organizations just starting out with self-service options, this is a great spot to start given the cost and ease to implement. The virtual appliance is a breeze to configure and the extremely minimal requirements to run the appliance make it optimal for organizations of any size looking to evaluate an easy to use solution. For small organizations where budgeting may be a factor, the Nervepoint solution is definitely ahead of the game.