When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.
To generate a password that conforms to the password policy
Select the category Manager | Basic configuration data | Password policies in the Unix.
Click Generate.
This generates and displays a password.
The password policy "Unix password policy" is predefined for Unix-based systems. You can apply this password policy to Unix user accounts (UNXUser.Password) of a Unix host.
If the hosts' password requirements differ, it is recommended that you set up your own password policies for each host.
|
IMPORTANT: If you are not working with target system specific password policies, the default policy applies. In this case, ensure that the password policy " password policy" does not violate the target system requirements. |
To reassign a password policy
Select the category Manager | Basic configuration data | Password policies in the Unix.
Click Add in the Assignments section and enter the following data.
Property |
Description |
---|---|
Apply to |
Application scope of the password policy. To specify an application scope
|
Password column |
The password column's identifier. |
Password policy |
The identifier of the password policy to be used. |
To change a password policy's assignment
Select the category Manager | Basic configuration data | Password policies in the Unix.
Configuration parameter | Meaning |
---|---|
QER\Person\UseCentralPassword |
This configuration parameter specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated. |
QER\Person\UseCentralPassword\ |
This configuration parameter controls the storage period for central passwords. If the parameter is set, the employee’s central password is permanently stored. If the parameter is not set, the central password is only used for publishing to existing target system specific user accounts and is subsequently deleted from the One Identity Manager database. |
TargetSystem\Unix\Accounts\ |
This configuration parameter specifies whether a random generated password is issued when a new user account is added. It must contain at least those character sets set in the configuration subparameters. |
You have the following possible options for issuing an initial password for a new Unix user account.
If the configuration parameter "QER\Person\UseCentralPassword" is set, the employee's central password is automatically mapped to an employee's user account in each of the target systems. This excludes privileged user accounts, which are not updated.
The password policy "Employee central password policy" is used to format the central password.
|
IMPORTANT: Ensure that the password policy "Employee central password policy" does not violate the target system specific password requirements. |
Assign a randomly generated initial password to enter when you create user accounts.
Configuration parameter | Meaning |
---|---|
TargetSystem\Unix\Accounts\ |
This configuration parameter specifies to which employee the email with the random generated password should be sent (manager cost center/department/location/business role, employee’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the configuration parameter "TargetSystem\Unix\DefaultAddress". |
TargetSystem\Unix\Accounts\ |
This configuration parameter contains the name of the mail template sent to inform users about their initial login data (name of the user account). Use the mail template "Employee - new account created". |
TargetSystem\Unix\Accounts\ |
This configuration parameter contains the name of the mail template sent to inform users about their initial login data (initial password). Use the mail template "Employee - initial password for new user account". |
TargetSystem\Unix\DefaultAddress |
The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system. |
You can configure the login information for new user accounts to be sent by email to a specified person. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages. The mail text in a mail template is defined in several languages, which means the recipient’s language can be taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.
To use email notifications about login data
When a randomly generated password is issued for the new user account, the initial login data for a user account is sent by email to a previously specified person.
To send initial login data by email
By default, the message sent uses the mail template "Employee - new account created". The message contains the name of the user account.
By default, the message sent uses the mail template "Employee - initial password for new user account". The message contains the initial password for the user account.
|
TIP: Change the value of the configuration parameter in order to use custom mail templates for these mails. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy