The following error is reported when a user opens a workflow.
"Your Password has expired. You should change your password."
In Active Directory, if you set “User must change password at next logon” this has the effect of expiring a user’s password and setting the pwdLastSet attribute to “never”
In Password Manager a registered user is normally presented with 4 basic workflows as follows:
Manage My Profile
Forgot My Password
Manage My Passwords
All of these except Forgot My Password prompts a user to authenticate with their existing password before progressing.
So if a user chooses one of the three workflows which require authentication they will get the following error.
“Your Password has expired. You should change your password.”
To get past this error the workflow activity “Authenticate with password” can be configured so it will authenticate users with expired passwords.
NOTE: this does not prompt the user to change the password. It simply allows a user with an expired password to log in to these activities. The flag “User must change password at next logon” is still set for the user in Active Directory and the pwdLastSet attribute is still set to “never.”
The “Forgot My Password” workflow does not require this configuration and once a password is changed the flag is unset and the attribute has a date stamp instead of never.
All of the above applies whether the user accesses the PMSelfService site via the Secure Password Extension or a desktop browser.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité Cookie Preference Center