The following error is reported when a user opens a workflow.
"Your Password has expired. You should change your password."
In Active Directory if you set “User must change password at next logon” this has the effect of expiring a users’ password and setting the pwdLastSet attribute to “never”
In Password Manager a registered user is normally presented with 4 basic workflows.
Manage My Profile, Forgot My password, Manage My Passwords & My Notifications
All of these except Forgot My Password prompts a user to authenticate with their existing password before progressing.
So if a user chooses one of the three workflows which require authentication they will get the following error.
“Your Password has expired. You should change your password.”
To get past this error the workflow activity “Authenticate with password” can be configured so it will authenticate users with expired passwords.
Please note that this does not prompt the user to change password. It simply allows a user with an expired password to login to these activities. The flag “User must change password at next logon” is still set for the user in AD and the pwdLastSet attribute is still set to “never”.
The “Forgot My Password” workflow does not require this configuration and once a password is changed the flag is unset and the attribute has a date stamp instead of never.
All of the above applies whether the user accesses the PMUser site via the SPE or a desktop browser
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback 利用規約 プライバシー