Chat now with support
Chat with Support

Identity Manager 8.0.1 - Administration Guide for Connecting to Active Directory

Managing Active Directory Environments Setting up Active Directory Synchronization Base Data for Managing Active Directory Active Directory Domains Active Directory User Accounts Active Directory Contacts Active Directory groups Active Directory Security IDs Active Directory Container Structures Active Directory computer Active Directory Printers Active Directory Locations Reports about Active Directory Objects Appendix: Configuration Parameters for Managing Active Directory Appendix: Default Project Template for Active Directory Appendix: Authentication Modules for Logging into the One Identity Manager

Policy Settings

Policy Settings

Define the following settings for a password policy on the Password tab.

Table 16: Policy Settings

Property

Meaning

Initial password

Initial password for new user accounts. If no password is given when the user account is added or a random password is generated, the initial password is used.

Password confirmation

Reconfirm password.

Min. Length

Minimum length of the password. Specify the number of characters a password must have.

Max. length

Maximum length of the password. Specify the number of characters a password can have.

Max. errors

Maximum number of errors. Set the number of invalid passwords. If the user has reached this number the user account is blocked.

Validity period

Maximum age of the password. Enter the length of time a password can be used before it expires.

Password history

Enter the number of passwords to be saved. If the value '5' is entered, for example, the last 5 passwords of the user are saved.

Min. password strength

Specifies how secure the password must be. The higher the password strength, the more secure it is. The password strength is not tested if the value is '0'. The values '1', '2', '3' and '4' gauge the required complexity of the password. The value '1' demands the least complex password. The value '4' demands the highest complexity.

Name properties denied

Specifies whether name properties are permitted in the password.

Character Sets for Passwords

Character Sets for Passwords

Use the Character classes tab to specify which characters are permitted for a password.

Table 17: Character Classes for Passwords

Property

Meaning

Min. letters

Specifies the minimum number of alphabetical characters the password must contain.

Min. number lower case

Specifies the minimum number of lowercase letters the password must contain.

Min. number uppercase

Specifies the minimum number of uppercase letters the password must contain.

Min. number digits

Specifies the minimum number of digits the password must contain.

Min. number special characters

Specifies the minimum number of special characters the password must contain.

Permitted special characters

List of permitted characters.

Denied special characters

List of characters, which are not permitted.

Max. identical characters in total

Maximum number of identical characters that can be present in the password in total.

Max. identical characters in succession

Maximum number of identical character that can be repeated after each other.

Custom Scripts for Password Requirements

Custom Scripts for Password Requirements

You can implement custom scripts for testing and generating password if the password requirements cannot be mapped with the existing settings options. Scripts are applied in addition to the other settings.

Detailed information about this topic

Script for Checking a Password

Script for Checking a Password

You can implement a check script if additional policies need to be used for checking a password, which cannot be mapped with the available settings.

Syntax for Check Scripts

Public Sub CCC_CustomPwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

With parameters:

policy = password policy object

spwd = password to test

TIP: To use a base object, take the property Entity of the PasswordPolicy class.
Example for a script for testing a password

A password cannot have '?' or '!' at the beginning. The script checks a given password for validity.

Public Sub CCC_PwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

Dim pwd = spwd.ToInsecureArray()

If pwd.Length>0

If pwd(0)="?" Or pwd(0)="!"

Throw New Exception(#LD("Password can't start with '?' or '!'")#)

End If

End If

If pwd.Length>2

If pwd(0) = pwd(1) AndAlso pwd(1) = pwd(2)

Throw New Exception(#LD("Invalid character sequence in password")#)

End If

End If

End Sub

To use a custom script for checking a password

  1. Create your script in the category Script Library in the Designer.
  2. Edit the password policy.
    1. Select the category Active Directory | Basic configuration data | Password policies in the Manager.

    2. Select the password policy in the result list.
    3. Select Change master data in the task view.
    4. Enter the name of the script to test the password in Check script on the Scripts tab.
    5. Save the changes.
Related Topics
Related Documents