Chat now with support
Chat with Support

Identity Manager 8.2.1 - Operational Guide

About this guide Simulating data changes in the Manager Scheduling operations activation times Re-applying templates Exporting data with the Manager Analyzing data and data changes Analyzing process monitoring in the Manager Schedules in One Identity Manager Mail templates in One Identity Manager Password policies in One Identity Manager Working with change labels Checking data consistency Compiling a One Identity Manager database Transporting custom changes Importing data with the Data Import Importing and exporting individual files for the software update Creating a One Identity Manager database for test or development from a database backup Initializing DBQueue Processor the after extending the server hardware Command line programs

Testing the generation of passwords

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

  1. In the Designer, select the Base data > Security settings > Password policies category.

  2. In the List Editor, select the password policy.

  3. Select the Test tab.

  4. Click Generate.

    This generates and displays a password.

Password expiry

Employee and system user based authentication modules support password expiry. The columns Person.PasswordLastSet and DialogUser.PasswordLastSet contain the time and date that the password was last changed.

There are different ways to inform users that their password is going to expire:

  • Users are alerted about their password expiring when they log in to One Identity Manager and can change their password if necessary.

  • For employee-based authentication modules, the system sends reminder notifications in relation to expiring passwords as of seven days in advance of the password expiry date.

    • You can adjust the time in days in the Common | Authentication | DialogUserPasswordReminder configuration parameter. Edit the configuration parameter in the Designer.

    • The notifications are triggered in accordance with the Reminder system user password expires schedule and use the Employee - system user password expires mail template. You can adjust the schedule and mail template in the Designer if required.

TIP: To prevent passwords expiring for service account, for example, you can set Password never expires (DialogUser.PasswordNeverExpires) in the Designer for the affected system users.

For detailed information about the One Identity Manager authentication modules and about editing system users, see the One Identity Manager Authorization and Authentication Guide.

Related topics

Displaying locked employees and system users

If a user has exceeded the maximum number of failed logins, the employee or system user will not be able to log in to One Identity Manager.

  • Locked employees are displayed in the Manager in the Employees > Locked employees category. An additional message referring to the locked login is also displayed on the overview form for an employee.

  • Locked system users are displayed in the Designer in the Permissions > System users > Locked system users category. An additional message referring to the locked login is also displayed on the overview form for a system user.

You can reset the passwords of employees and system users who have been blocked in Password Reset Portal. This unlocks the employees and system users again. For more information, see the One Identity Manager Web Designer Web Portal User Guide and the One Identity Manager Web Application Configuration Guide.

Working with change labels

Define change labels under which changes are grouped together in order to swap data between development and test databases as well as the productive database. In the Database Transporter program, change labels are provided as an export criterion for creating custom configuration packages.

You can select individual objects from any objects in the database and book them to a change label. In certain cases, it is necessary to add the dependent objects to the change label as well. For example, if processes are being transported, the dependent process steps, process parameters, and events should also be transported. This is also true for approval policies, approval workflows, approval steps, and approval procedures.

Detailed information about this topic

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating