Editing the excluded list for passwords
You can add words to a list of restricted terms to prohibit them from being used in passwords.
NOTE: The restricted list applies globally to all password policies.
To add a term to the restricted list
-
In the Designer, select the Base data > Security settings > Password policies category.
-
Create a new entry with the Object > New menu item and enter the term you want to exclude from the list.
-
Save the changes.
Checking passwords
When you verify a password, all the password policy settings, custom scripts, and the restricted passwords are taken into account.
To verify if a password conforms to the password policy
-
In the Manager, select the Privileged Account Management > Basic configuration data > Password policies category.
-
In the result list, select the password policy.
-
Select the Change main data task.
-
Select the Test tab.
-
Select the table and object to be tested in Base object for test.
-
Enter a password in Enter password to test.
A display next to the password shows whether it is valid or not.
Testing the generation of passwords
When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.
To generate a password that conforms to the password policy
-
In the Manager, select the Privileged Account Management > Basic configuration data > Password policies category.
-
In the result list, select the password policy.
-
Select the Change main data task.
-
Select the Test tab.
-
Click Generate.
This generates and displays a password.
Initial password for new PAM user accounts
You can issue an initial password for a new user account in the following ways:
-
When you create the user account, enter a password in the main data.
-
Assign a randomly generated initial password to enter when you create user accounts.
-
In the Designer, set the TargetSystem | PAG | Accounts | InitialRandomPassword configuration parameter.
-
Apply target system specific password policies and define the character sets that the password must contain.
-
Specify which employee will receive the initial password by email.
Related topics