Professional Documents
Culture Documents
BY LAHRIZ GISON
OBJECTIVES
1. INTRODUCTION TO CBA ITSD
2. INTRODUCTION TO PASSWORD TEAM
3. INTRODUCTION TO ACTIVE DIRECTORY
4. INTRODUCTION TO PASSWORD TEAM SUPPORTED APPLICATIONS
INTRODU CTION T O
CBA IT S D
MODULE 1
WHAT IS CBA IT SERVICE DESK
(ITSD)?
• We provide Level 1 Incident Management and Request Management through phone and web.
CBA ITSD supports only in English.
• Note:
– Before users can access the Password Manager self-service functions, they first must register their
Secret Questions & Answers Profile
ITSD is to provide support and when required to perform assisted password resets/account
unlocks and access passcodes.
• https://mywebsso.myappsanywhere.org/pmhelpdesk - ITSD
• https://mywebsso.myappsanywhere.org/pmuser - User Self-Service
• https://mywebsso.myappsanywhere.org/pampmhelpdesk - PAM Account ITSD
• https://mywebsso.myappsanywhere.org/pampmuser - PAM Account User Self-Service
QARS
• A structured database that stores information about network resources as well as all the services
that make the information available and useful.
• Resources such as user data, printers, servers, databases, groups, computers, security policies,
etc.
• Holds resources from primary domains like :
– AU / PBS / BRANCH 1 / BRANCH 2
• Test Environment domains:
– AUD01 / AUS01 / AUT01 / BRANCHT01 / PBST01
• SERVES AS THE PW MANAGER BACKUP TOOL
1. https://qars.cbainet.com/admin
2. https://iaunsw518.au.cbainet.com/admin
3. https://iaunsw519.au.cbainet.com/admin
4. https://iaunsw519/admin
5. https://iaunsw518/admin
6. https://iaunsw521/admin
QARS AND PASSWORD MANAGER
PLEASE NOTE:
• https://wd3.myworkday.com/wday/authgwy/cba/login.htmld
CBA1TOOL
• A collection of important links, hotlines, ticket and call handling processes etc.
CBA1TOOL INTERFACE
MYSERVICE
• A service application configured with modules that support – Interaction, Incident, Problem,
Change, Release, Service Requests and Configuration Management.
• https://myservice.cba/sso/index.do
CBA DIRECTORY
• Just like Sidekick - an intranet application that contains CBA Staff details including contact
details, locations cost centre, reporting lines, business unit etc.
• Phishing and fraud calls can occur anytime. Do not provide any information from CBA
Directory/Sidekick.
• directory.cba
IDENTITY MANAGER
• An identity and access management solution which manages user identities, access privileges
ad accounts across the Group using a combination of automated events and manual ticketing.
• Used for request access to applications or Privileged IT resources via role based access.
• Lifecycle management of identities and privileged accounts to enforce events such as account
expiry and identity termination.
• https://mywebsso.myappsanywhere.org/identitymanger.page.axd
REQUESTIT
• RequestIT is the IT products and services catalogue for all IT Service needs.
• A portal that enables people to order pre-defined IT products and services.
• Provides a consistent and intuitive online ordering experience where the users can raise,
approve and track requests and their progress.
• We, ITSD, also can use AskIT to assist find solutions to user’s IT issues.
• Link: askit.cba
INTRODU CTION T O
A CTIVE DIR E CTOR Y
MODULE 3
LAN ACCOUNTS (WINDOWS LOGON)
• The main/global account for all CBA Applications. • Resets done in PW Manager and QARS.
– Microsoft • Password Complexity Requirement
– One.cba – A-Z
– WebSSO – Single Sign On – A-z
– And so forth – 0-9
• Domains – !@#$%&*+-.=?_
– AU
– Minimum of 14 characters
– PBS
– May not have more than 2 consecutive case
– BRANCH1 sensitive characters
– BRANCH2
– Cannot be the same as the last 15 passwords
LAN ACCOUNTS (WINDOWS LOGON)
• Password expiry • Account Locked
– 365 days – Multiple login attempts using incorrect/expired password
• Account disabled – Windows/CBA applications/Mapped drives/MyRAS using cached or
– 60+ days inactive saved old password
– Multiple session active: one running session using new password,
• Account expiry
another running session using old password. (user forgot to sign
– Contract ended* out/logoff)
– Multiple session active: one running session from a network, another
running session is signed on to a different network.
Password Team does not enable LAN accounts. If needed, advise to raise RequestIT ticket – LAN Re-enable
ADM ACCOUNTS (ADMIN)
• Accounts are denoted by suffix _adm. They belong to a single user and should be reset for that
user under full validation/verification.
• An elevated Admin access of the LAN account.
• If this is checked in QARS, it means the user hasn’t successfully changed their password to
permanent yet.
• Assist user to reset their password.
PSHR STATUS:
LEAVE/SUSPENDED/TERMINATED
• If account has _del after the LAN ID and this description show up it means the user’s LAN was
automatically going to a domain transfer.
• It cannot manually be undone and fast track.
• It usually takes up to 3-5 business days to complete domain transfer.
• This happens when there were changes in user’s profile like role, department, work location manager,
cost center.
2. RITS - KM5477
3. Pershing NetX360 - KM11330
ALPHA BROKER – KM0014315
1. Users are EXTERNAL Brokers who don’t have access to CBA network
2. CBA credentials (LAN Account) to login to
CommBank Alpha Asset Finance Portal
3. Verification Process :
> Verification process is still the same except w/o email address
> Broker’s Manager calls ITSD (Password Reset) or
Suzanne O'Connell <Suzanne.OConnell@cba.com.au> call in behalf of a broker to have their
password reset
4. IMPORTANT: When resetting Broker’s Password
• > Reset should be done via PASSWORD MANAGER/QARS with minimum of 15 alphanumeric
characters.
> This served as their PERMANENT PASSWORD
(User may provide/choose their preferred password)
• > Replication time is within 90 minutes
• > In case of password reset fails ITSD will assign the ticket to HCL_IAM-Access_Ops for further
investigation
APPLICATIONS INSIDE CITRIX
1. MREMOTE
> Mainframe (Prod & Dev) - KM7920
> HLS 2nd screen – KM5271
> FMS (Prod & Dev) – KM5227
> ALFA Prod – KM8266
> Life400 – KM8272
2. PUTTY
> ALFA Dev – KM8266
> Life400 – KM8272
> OSCA – KM10592
> Calibre – KM5067 & KM2514
> MIDAS – KM5497
2) HLS – AO234
> 2nd screen of Mainframe
> Username must be checked in HLS User Directory
> Command : H/LOANS
> Password can only be reset to be the same as username
3) FMS
> A customer and product information database
> Can be pulled up from CommSee
> Command : L TSOP (Production) & L TSOD for (Dev\UAT\Staging)
> Password requirement must be exactly 8 characters long consists of numbers, letters (upper & lower cases) & special
character
MREMOTE
1. ALFA Prod / POS / LM
> CBA Asset Finance application
> Verify if the user is calling for ALFA System,
CommBank Alpha Asset Finance Portal or
ALFA Reporting / ALFA Crystal Reporting
> Temporary passwords must be 8 characters
(numeric & letters) & can only be reset to all CAPS
2. Life400
> Application functionality includes new business,
policy maintenance, billing statements, customer
information, GL, sales statistics, fees
> Temporary passwords must be 8 characters
(numeric & letters) & can only be reset to all CAPS
PUTTY
1. ALFA Dev
> Same GUI as ALFA Prod
> Same procedure as ALFA Prod
2. Life400
> Same procedure as in previous slide
3. OSCA
> Arrears Management Tool for Home loans,
Personals, Overdrafts
> Password is 8 characters, consists numbers &
letters (upper & lower cases)
4. MIDAS
> The Midas International/Offshore locations include
Midas Asia, London and New York
> To support back-office operations, accounting and payments generation for Australia, London, New York
and Asia
> Password is 8 characters, consists numbers & letters
> Password requirement : You will not be able to see the characters as you type and must be in all UPPERCASE
PUTTY
1. CALIBRE
> Calibre has 7 databases :
AERF, iLinked, Family, Prudent, PrudentR, SuperTrace
& St Andrews
> Calibre UNIX (first login) can only be reset by raising an
incident to HPI_Unix – IM2951844
> Before resetting user password, please make sure
UNSUSPEND the account first
> Password reset is only applicable for ACTIVE account
> Temporary password is auto-generated
WEB-BASED APPLICATIONS
1. BPS (Commercial Bills Processing)
> A browser based distribution system for the sale and purchase of Commercial Bills
> BPS is used by staff within the Business and Private Banking business unit.
> UserID is always their staff number
> Check the Access Permissions. If it states No Access, advise customer they will need to re-request the
access via
Identity Manager as it was removed or dropped.
> Password requirement is 8 characters, consists numbers & letters (upper & lower cases)
> Always remember to :
WEB-BASED APPLICATIONS
1. ALFA Reporting / ALFA Crystal Reporting / SAP Business Object
> p02fdp0w6964.au.cbainet.com:8080/BOE/CMC/
> The Crystal Enterprise web desktop is the main user
interface for working with reports through Crystal Enterprise
> It is not eReporting
> Verify if the user is calling for ALFA System,
CommBank Alpha Asset Finance Portal or ALFA Reporting
> If the account is DISABLED, need to be re-enabled first
by using our credentials
> Then only we can reset the password
WEB-BASED APPLICATIONS
1. PEOPLESOFT FINANCIALS
> LAN authenticated applications
(UserID : Staff Number & LAN Password)
> Password reset can be done via Password Manager
or Ctrl+Alt+Del
> After changing the password, wait for replication
time of 15-30 minutes
> If same issue, then please send over to BankApps team
USER
MYRAS CBA NETWORK
(WINDOWS LOGGED IN)
• When WFH, Password reset should be done via Ctrl Alt Del.
MYRAS CREDENTIALS WERE INVALID
If a password reset has already been done beforehand (while MyRAS connected), advise user to restart
machine 3 times.
MYRAS CONNECTION AND SOFTWARE
ISSUES
• Check KM/Cheat Sheet
• Conduct basic t/s – network issues
– Check certificate expiration: Run > ‘certlm.msc’ > Personal > Certificates
– CMD > ipconfig /flushdns
– MyRAS > File > Connections > Forget Saved Settings
– Restart
USER
COMPANY VPN VDI / VIRTUAL DESKTOP CBA NETWORK
AZURE MFA
COMPANY VDI/ Zscaler CBA NETWORK
ONE.PLACE.CBA/VDI ISSUES
• Transfer to Desktop Team.
PINGID MFA
USED BY CBA EMPLOYEES
PINGID MFA VISUAL CONCEPT
PING MFA
WINDOWS MACHINE
PINGID MFA
• This app is used by CBA Employees to authorize access to login their Windows Machine.
• Can be used on Android and IOS smartphones
SMARTCARDS
SMART CARD ACCESS
LEVELS
Branch staff generally require Smartcard to access the Bank systems:
• CommSee.
• CommFX.
• Branch Telling System (BTS).
6. Portal will show that smartcard is being personalized, once it’s completed, click
on Done. March 16, 2024
SMARTCARD CERTIFICATE
EXPIRATION
Smartcard certificate has an expiry period of 2 years
You can check this in the user’s machine, search for User Console and check for
the Smartcard certificate. Select the certificate
and it will display the expiry date
This can also be checked by a staff with a Smartcard
Administrator permission in CMS by searching for the
user or card attributes under the Help Desk tab.
Note: Smartcard Certificate must be renewed physically, but due to the WFH
situation of our users our SPG for Smartcard is currently working on how the
users’ can renew the card virtually. Please stand by for any further advise or
consult your leads.
Failed to read smartcard • Pin is not setup • For first time card users, ignore the error then
• Card not provisioned setup the pin.
• Card not being read by the machine • Check the Smartcard software for the machine.
• Follow Smartcard Workaround File
• Follow KM0014110 for complete TS steps
Manager needs to reissue his own card • Not working Another manager or admin to reissue the manager's
• Accidentally erased card
If Smartcard Prompt is not appearing on user's Software is missing raise a case for software installation
machine CBA SmartcardPIN Password Module W8.1.0.R01 HPI_WPS_SoftDist group
Follow KM0012244
Unable to log in to CMS Portal - Smartcard not yet inserted Smartcard should be inserted first before launching
403 - Forbidden: Access is denied the Admin Portal
CMS Portal the error message “You cannot User does not have the required Smartcard Administrator Smartcard Administrator role can be requested via
connect to CMS with the certificate that you permission the Identity Manager
provided. The certificate does not belong to a
registered CMS Operator”
March 16, 2024
Error: Reason: Resolution:
Smartcard not recognized or read by the • Card might be damaged Isolate first which is not working by doing
machine • Machine is missing a Smartcard a swap test on cards and machines
software
• Reader not working
The card cannot be enrolled because of Portal was not synced properly with • If card was inserted first as per portal
a configuration problem the reader instructions, close the portal and remove
the card. Relaunch the portal and login
first, when portal asks for card, insert
card and proceed
This smartcard has not been activated Card issuance failed in CMS Portal Smartcard Administrator needs to log into
yet or enrollment failed previously. CMS Portal, go to Requests tab, search for
the user and Cancel the request
Smart card ActivClient asking for Card Locked. (user has 5 attempts No unlock code, close ActivClient window
Unlock Code before card is locked) and follow Smartcard Pin Set up