You can customize predefined password policies to meet your own requirements, if necessary.
Password for logging in to
The password policy is applied for logging in to . This password policy defines the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).
NOTE: The password policy is marked as the default policy. This password policy is applied if no other password policy can be found for employees, user accounts, or system users.
For detailed information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide.
Password policy for forming employees' central passwords
An employee's central password is formed from the target system specific user accounts by respective configuration. The Employee central password policy defines the settings for the (Person.CentralPassword) central password. Members of the Identity Management | Employees | Administrators application role can adjust this password policy.
IMPORTANT: Ensure that the Employee central password policy does not violate the target system-specific requirements for passwords.
For detailed information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide.
Password policies for user accounts
Predefined password policies are provided, which you can apply to the user account password columns of the user accounts. You can define password policies for user accounts for various base objects, for example, for account definitions, manage levels, or target systems.
For detailed information about password policies for user accounts, see the administration guides of the target systems.
You can assign password policies to system user passwords, the employees' central password as well as passwords for individual target systems. Assign a password policy to the base object to which it should apply.
- The predefined password policy password policy is assigned to the (DialogUser.Password and Person.DialogUserPassword) system user passwords as well as the passcode of the employee (Person.Passcode).
For detailed information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide. For detailed information about password policies for user accounts, see the administration guides of the target systems.
NOTE:
- In the QBMVPwdPolicyColumns view, you define which base objects and password columns are permitted for password policies and the order in which the password policies are to be applied. If necessary, you can add your own references to customize the view in the Designer.
- If you create new custom tables with password columns, in the Designer, assign the VI.Common.Customizer.PwdPolicyColumnEntityLogic customizer to the table definition.
For more detailed information, see the One Identity Manager Configuration Guide.
If you want to apply another password policy to the password columns, change the password policy assignment to the base object.
To change a password policy's assignment
-
In the Designer, select the Base data | Security settings | Password policies category.
- Select the password policy in the result list.
- Select the Assign objects task.
- In the Assignments pane, select the assignment you want to change.
- From the Password Policies menu, select the new password policy you want to apply.
- Save the changes.
To reassign a password policy
-
In the Designer, select Base data | Security settings | Password policies.
- Select the password policy in the result list.
-
Click Add in the Assignments section and enter the following data.
Table 28: Assigning a password policy
|
Password column |
The password column's identifier. |
|
Apply to |
Application scope of the password policy.
To specify an application scope
- Click the ... button beside the input field.
- Select the table which contains the password column under Table.
- Select the specific base objects under Apply to.
- Click OK.
|
- Save the changes.
To edit a password policy
-
In the Designer, select the Base data | Security settings | Password policies category.
-
Select the password policy in the List Editor.
- OR -
Select the Object | New menu item to create a new password policy.
- Edit the password policy's master data.
- Save the changes.
Detailed information about this topic
Enter the following master data for a password policy.
Table 29: Master data for a password policy
|
Display name |
Password policy name. Translate the given text using the  button. |
|
Description |
Text field for additional explanation. Translate the given text using the button. |
|
Error Message |
Custom error message generated if the policy is not fulfilled. Translate the given text using the button. |
|
Owner (Application Role) |
Application roles whose members can configure the password policies. |
|
Default policy |
Mark as default policy for passwords.
NOTE: The password policy is marked as the default policy. This password policy is applied if no other password policy can be found for employees, user accounts, or system users. |
Related topics
