Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Deleting time slices

IMPORTANT: If you delete a time slice used by target objects, these target objects will use the default time slice.
Before starting

To perform the task described in this section, you must have at least the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration right: Deletion".

Procedure

  • In the tree structure of the Directory panel, right-click the time slice to delete and select Delete.
    • The time slice is deleted and removed from the directory tree structure.

Managing Password Format Control Policies

Object definition

The password format control policies define the number of characters, the minimum and maximum lengths and the types of characters required to provide a valid password during an application authentication phase.

Target objects

PFCP are required to define applications.

In this section:

Creating/Modifying Password Format Control Policies

Before starting

To perform the tasks described in this section, you must have at least the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the following administration right: "Password format control policy: Creation/Modification".
Procedures

Creating Password Format Control Policies

  1. In the tree structure of the Directory panel, right-click the organizational unit that must contain your PFCP and select New\Password Control Policy.
    • The PFCP configuration tab appears.
  1. Fill in the window as described in Section Configuring Time Slices and click Apply.
    • The PFCP appears in the directory tree structure.
Modifying Password Format Control Policies

IMPORTANT: If you modify a PFCP already used by target objects, your modifications apply to all the target objects associated with this security object.
  1. In the tree structure of the Directory panel, select the PFCP to modify.
    • The PFCP configuration tab appears.
  1. Fill in the window as described in Section Configuring Password Format Control Policy and click Apply.
    • The PFCP is modified.

Configuring Password Format Control Policy

Configuring Password Format Control Policy

Before starting
  • For more information on the PFCP objects, see Section Managing Password Format Control Policies.
  • To perform the task described in this section, you must have at least the following administration role:
    • In classic administration mode: "Security object administrator".
    • In advanced administration mode, your role must contain the following administration right: "Password format control policy: Creation/Modification".
Window example

Procedure

  1. Type the PFCP name.
  2. In the Password Format area, set the minimum and the maximum number of characters, the maximum number of the same character allowed in password and specify if you want to allow or prevent the use of successive occurrences of the same character.
    Click the Advanced Policy button to add forbidden character sequences:

    • Select the following check boxes:
      • New and current passwords can't have the same characters at the same position to force the order modification of the characters. Example: if this check box is selected and the old password was apricot, then the new password cannot be apple but parrot for example.
      • This option is case sensitive to authorize or forbid upper case or lower case letters to be considered as identical letters in the password. Example: If the check box is not selected, then a=A.
      • Password cannot contain the user's login or display name to prevent the user from using his name or login (sAMAccountName) to create his password. This restriction applies to names longer than 3 characters. Example: the password of John Fab Smith can neither contain John nor Smith but can contain Fab.
        This option is available only with Microsoft directories.
    • Use the Add and Remove buttons to manage the forbidden character sequences, such as QWERTY or 12345.
  1. In the Allowed characters area, set the number of lower case and upper case letters, digits, special characters and the list of these special characters allowed in passwords and their position.
    The Special character list field enables you to specify which of these characters must appear in the password.
    You can also force the use of 3 categories of characters out of the 4 available.

IMPORTANT: The following special characters are allowed:

&

~

"

#

'

{

(

[

-

|

`

£

_

\

@

)

°

]

=

+

}

$

%

*

,

?

;

.

:

/

!

^

  • Accented characters are forbidden.
  • For each type of character, the check boxes located in the right hand side of the panel allow you to define the position of the character as follows:
    • The first check box corresponds to the first character.
    • The second check box corresponds to the characters located between the first and the final character.
    • The third check box corresponds to the final character.
  1. In the Forbidden characters area, create a list of forbidden characters.
  2. Click the Test password generation button to check if the generated passwords correspond to your requirements.
Related Documents