Identity Manager 8.0.1 - Administration Guide for Connecting to Active Directory

Managing Active Directory Environments Setting up Active Directory Synchronization Base Data for Managing Active Directory Active Directory Domains Active Directory User Accounts Active Directory Contacts Active Directory groups Active Directory Security IDs Active Directory Container Structures Active Directory computer Active Directory Printers Active Directory Locations Reports about Active Directory Objects Appendix: Configuration Parameters for Managing Active Directory Appendix: Default Project Template for Active Directory Appendix: Authentication Modules for Logging into the One Identity Manager

Password Policies

Password Policies

One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

Predefined password policies are supplied with the default installation that you can user or customize if required. You can also define your own password policies.

Detailed information about this topic

Predefined Password Policies

Predefined Password Policies

You can customize predefined password policies to meet your own requirements, if necessary.

Password for logging into One Identity Manager

The password policy "One Identity Manager password policy" is used for logging into One Identity Manager. This password policy defined the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the access code for a one off log in on the Web Portal (Person.Passcode).

The password policy "One Identity Manager password policy" is also labeled as the default and is used when no other password policy is found.

Password policy for forming employees' central passwords

An employee's central password is formed from the target system specific user accounts by respective configuration. The password policy "Employee central password policy" defines the settings for the central password (Person.CentralPassword).

IMPORTANT: Ensure that the password policy "Employee central password policy" does not violate the target system specific password requirements.

Password policies for target systems

NOTE: When you update One Identity Manager version 7.x to One Identity Manager version 8.0.1, the configuration parameter settings for forming passwords are passed on to the target system specific password policies.

IMPORTANT: If you are not working with target system specific password policies, the default policy applies. In this case, ensure that the password policy "One Identity Manager password policy" does not violate the target system requirements.

The password policy "Active Directory password policy" is predefined for Active Directory. You can apply this password policy to Active Directory user accounts passwords (ADSAccount.UserPassword) of an Active Directory domain or a Active Directory container.

If the domains' or containers' password requirements differ, it is recommended that you set up your own password policies for each domain or container.

NOTE:The One Identity Manager password policies, global account policy settings for the Active Directory domain and Active Directory account policies are taken into account when verifying user passwords.

Ensure that the password policy does not violate the target system's requirements.

Related Topics

Editing Password Policies

Editing Password Policies

To edit a password policy

  1. Select the category Active Directory | Basic configuration data | Password policies in the Manager.

  2. Select the password policy in the result list and select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the password policy's master data.
  4. Save the changes.
Detailed information about this topic

General Master Data for a Password Policy

General Master Data for a Password Policy

Enter the following master data for a password policy.

Table 15: Master Data for a Password Policy

Property

Meaning

Display name

Password policy name. Translate the given text using the button.

Description

Spare text box for additional explanation. Translate the given text using the button.

Error Message

Custom error message outputted if the policy is not fulfilled. Translate the given text using the button.

Owner (Application Role)

Application roles whose members can configure the password policies.

Default policy

Mark as default policy for passwords.

NOTE: The password policy "One Identity Manager password policy" is marked as the default policy. This password policy is applied if no other password policies can be found.
Related Documents