This section provides information on how to apply a password policy to groups and organizational units in a managed domain.
This section provides information on how to apply a password policy to groups and organizational units in a managed domain.
In Password Manager (PM) application, scopes can be defined at multiple levels. Scopes act as a boundary in which you can define the groups and Organization Unit (OU), and can also associate policies into it.
The Default Management Policy allows you to configure both the user scope and the help desk scope. In the Management Policy scope, an admin can also associate the workflows, activities, and Q&A policy to the configured user groups and OU.
While configuring the user scope/help desk scope, an admin must define either a Group or an OU to indicate which group or OU can access the self-service site/helpdesk site. This means the users who are part of the configured group/OU comes under included group category. You could also define a different group/OU under an excluded group category. This means users who are part of these excluded group or OU cannot access self-service site/helpdesk site.
In case of Password Policy scope, admin needs to ensure the following
|
|
The table below provides more information on different scenarios.
Let us consider the following groups/OU.
S.No | Userscope
|
Password Policy Scope
|
Password Policy | Logged in self-service site |
Is Password Policy applicable?
| ||||
Included Group | Included OU |
Excluded Group |
Excluded OU |
OU | Group | ||||
1. | Group1 | OU1 |
|
|
OU1 | Group1 | Password Policy1 | User1 |
Yes |
2. | Group1 | OU2 |
Group2 |
|
OU1 | Group2 |
Password Policy2
|
User2 |
No |
3. |
Group3 |
OU1 |
Group1 |
|
OU2 |
Group3 |
User2 |
No | |
4. |
Group3 |
OU3 |
|
OU1 |
OU3 |
Group3 |
Password Policy3
|
User3 |
Yes |
5. |
Group2 |
OU2 |
|
|
OU1 |
Group2 |
User2 |
No | |
6. |
Group1 |
OU1 |
|
OU4 |
OU4 |
Group1 |
Password Policy4
|
User1 |
No |
7. |
Group2 |
OU2 |
|
OU5 |
OU5 |
Group2 |
User2 |
No | |
8. |
Group3 |
OU3 |
Group1 |
|
|
Group3 |
Password
|
User3 |
No |
9. |
Group3 |
OU3 |
Group2 |
|
OU3 |
|
User3 |
No |
To link a password policy to organizational units and groups
When multiple password policies affect an organizational unit or a group, only the policy with the highest priority is applied to such group or organizational unit. A newly created password policy is disabled by default.
|
NOTE: Only priority of policies with the same scope can be changed. |
To change policy priority
To delete a password policy from a domain
|
NOTE: When you delete a password policy from a managed domain, the deleted policy is no longer valid for this domain.
To restore a deleted password policy, create a new policy and manually configure its settings as required. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center