Chat now with support
Chat with Support

Identity Manager 8.1.4 - Operational Guide

About this guide Simulating data changes in the Manager Scheduling operations activation times Re-applying templates Exporting data with Manager Analyzing data and data changes Analyzing process monitoring in the Manager Schedules in One Identity Manager Mail templates in One Identity Manager Password policies in One Identity Manager Working with change labels Checking data consistency Compiling a One Identity Manager database Transporting custom changes Importing data with Data Import Importing and exporting individual files for the software update Command line programs

Predefined password policies

You can customize predefined password policies to meet your own requirements, if necessary.

Password for logging in to One Identity Manager

The One Identity Manager password policy is applied for logging in to One Identity Manager. This password policy defines the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).

NOTE: The One Identity Manager password policy is marked as the default policy. This password policy is applied if no other password policy can be found for employees, user accounts, or system users.

For detailed information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide.

Password policy for forming employees' central passwords

An employee's central password is formed from the target system specific user accounts by respective configuration. The Employee central password policy defines the settings for the (Person.CentralPassword) central password. Members of the Identity Management | Employees | Administrators application role can adjust this password policy.

IMPORTANT: Ensure that the Employee central password policy does not violate the target system-specific requirements for passwords.

For detailed information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide.

Password policies for user accounts

Predefined password policies are provided, which you can apply to the user account password columns of the user accounts. You can define password policies for user accounts for various base objects, for example, for account definitions, manage levels, or target systems.

For detailed information about password policies for user accounts, see the administration guides of the target systems.

Using password policies

You can assign password policies to system user passwords, the employees' central password as well as passwords for individual target systems. Assign a password policy to the base object to which it should apply.

  • The predefined One Identity Manager password policy password policy is assigned to the (DialogUser.Password and Person.DialogUserPassword) system user passwords as well as the passcode of the employee (Person.Passcode).
  • The predefined password policy Employee central password policy is assigned to the employee's central password (Person.CentralPassword).
  • The password policies for target systems are assigned to the password columns of the user accounts.

For detailed information about password policies for employees, see the One Identity Manager Identity Management Base Module Administration Guide. For detailed information about password policies for user accounts, see the administration guides of the target systems.

NOTE:

  • In the QBMVPwdPolicyColumns view, you define which base objects and password columns are permitted for password policies and the order in which the password policies are to be applied. If necessary, you can add your own references to customize the view in the Designer.
  • If you create new custom tables with password columns, in the Designer, assign the VI.Common.Customizer.PwdPolicyColumnEntityLogic customizer to the table definition.

For more detailed information, see the One Identity Manager Configuration Guide.

If you want to apply another password policy to the password columns, change the password policy assignment to the base object.

To change a password policy's assignment

  1. In the Designer, select the Base data | Security settings | Password policies category.

  2. Select the password policy in the result list.
  3. Select the Assign objects task.
  4. In the Assignments pane, select the assignment you want to change.
  5. From the Password Policies menu, select the new password policy you want to apply.
  6. Save the changes.

To reassign a password policy

  1. In the Designer, select Base data | Security settings | Password policies.

  2. Select the password policy in the result list.
  3. Click Add in the Assignments section and enter the following data.

    Table 28: Assigning a password policy

    Property

    Description

    Password column

    The password column's identifier.

    Apply to

    Application scope of the password policy.

    To specify an application scope

    1. Click the ... button beside the input field.
    2. Select the table which contains the password column under Table.
    3. Select the specific base objects under Apply to.
    4. Click OK.
  4. Save the changes.

Editing password policies

To edit a password policy

  1. In the Designer, select the Base data | Security settings | Password policies category.

  2. Select the password policy in the List Editor.

    - OR -

    Select the Object | New menu item to create a new password policy.

  3. Edit the password policy's master data.
  4. Save the changes.
Detailed information about this topic

General master data for password policies

Enter the following master data for a password policy.

Table 29: Master data for a password policy

Property

Meaning

Display name

Password policy name. Translate the given text using the button.

Description

Text field for additional explanation. Translate the given text using the button.

Error Message

Custom error message generated if the policy is not fulfilled. Translate the given text using the button.

Owner (Application Role)

Application roles whose members can configure the password policies.

Default policy

Mark as default policy for passwords.

NOTE: The One Identity Manager password policy is marked as the default policy. This password policy is applied if no other password policy can be found for employees, user accounts, or system users.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating