You can customize predefined password policies to meet your own requirements if necessary.
Password for logging in to
The password policy is applied for logging in to . This password policy defines the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).
NOTE: The password policy is marked as the default policy. This password policy is applied if no other password policy can be found for employees, user accounts, or system users.
For detailed information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide.
Password policy for forming employees' central passwords
An employee's central password is formed from the target system specific user accounts by respective configuration. The Employee central password policy defines the settings for the (Person.CentralPassword) central password. Members of the Identity Management | Employees | Administrators application role can adjust this password policy.
IMPORTANT: Ensure that the Employee central password policy does not violate the target system-specific requirements for passwords.
For detailed information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide.
Password policies for user accounts
Predefined password policies are provided, which you can apply to the user account password columns of the user accounts. You can define password policies for user accounts for various base objects, for example, for account definitions, manage levels, or target systems.
For detailed information about password policies for user accounts, see the administration guides of the target systems.
You can assign password policies to system user passwords, the employees' central password as well as passwords for individual target systems. Assign a password policy to the base object to which it should apply.
-
The predefined password policy Employee central password policy is assigned to the employee's central password (Person.CentralPassword).
-
The password policies for target systems are assigned to the password columns of the user accounts.
For more information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide. For detailed information about password policies for user accounts, see the administration guides of the target systems.
NOTE:
- In the QBMVPwdPolicyColumns view, you define which base objects and password columns are permitted for password policies and the order in which the password policies are to be applied. If necessary, you can add your own references to customize the view in the Designer.
- If you create new custom tables with password columns, in the Designer, assign the VI.Common.Customizer.PwdPolicyColumnEntityLogic customizer to the table definition.
For more information, see the One Identity Manager Configuration Guide.
If you want to apply another password policy to the password columns, change the password policy assignment to the base object.
To change a password policy's assignment
-
In the Designer, select the Base data > Security settings > Password policies category.
-
Select the password policy in the result list.
-
Select the Assign objects task.
-
In the Assignments pane, select the assignment you want to change.
-
From the Password Policies menu, select the new password policy you want to apply.
-
Save the changes.
To reassign a password policy
-
In the Designer, select the Base data > Security settings > Password policies category.
-
Select the password policy in the result list.
-
In the Assignments pane, click Add and enter the following data.
Table 25: Assigning a password policy
Password column |
The password column's identifier. |
Apply to |
Application scope of the password policy.
To specify an application scope
-
Click the ... button beside the input field.
-
Select the table which contains the password column under Table.
-
Select the specific base objects under Apply to.
-
Click OK. |
- Save the changes.
Predefined password policies are supplied with the default installation that you can use or customize if required.
To edit a password policy
-
In the Designer, select the Base data > Security settings > Password policies category.
-
In the List Editor, select the password policy.
-
Edit the password policy's main data.
- Save the changes.
Detailed information about this topic
Related topics
Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.
To create a password policy
-
In the Designer, select the Base data > Security settings > Password policies category.
-
Select the Object > New menu item to create a new password policy.
-
On the main data form, enter the main data of the password policy.
- Save the changes.
Detailed information about this topic