Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Restricted Passwords

You can add words to a list of restricted terms to prohibit them from being used in passwords.

NOTE: The restricted list applies globally to all password policies.

To add a term to the restricted list

  1. Select the category Base Data | Security Settings | Restricted passwords in the Designer.

  2. Create a new entry with the menu item Object | New an enter the term to excluded to the list.
  3. Save the changes.

Testing a Password

When you test a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To test whether a password conforms to the password policy

  1. Select the category Base Data | Security Settings | Password policies in the Designer.

  2. Select the password policy in the List Editor.
  3. Select the Test tab.
  4. Select the table and object to be tested in Base object for test.
  5. Enter a password in Enter password to test.

    A display next to the password shows whether it is valid or not.

Testing Generating a Password

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

  1. Select the category Base Data | Security Settings | Password policies in the Designer.

  2. Select the password policy in the List Editor.

  3. Select the Test tab.
  4. Click Generate.

    This generates and displays a password.

Assigning a Password Policy

You can assign password policies to system user passwords, the employees' central password as well as passwords for individual target systems. Assign a password policy to the base object to which it should apply.

  • The predefined password policy "One Identity Manager password policy" is assigned to the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the employee's access code (Person.Passcode).
  • The predefined password policy "Employee central password policy" is assigned to the employee's central password (Person.CentralPassword).

If you want to apply another password policy to the password column, change the password policy assignment in the Manager.

To change a password policy's assignment

  1. Select the category Employees | Basic configuration data | Password policies in the Manager.

  2. Select the password policy in the result list.
  3. Select Assign objects in the task view.
  4. Select the assignment you want to change in Assignments.
  5. Select the new password policy to apply from the Password Policies menu.
  6. Save the changes.

To reassign a password policy

  1. Select the category Base Data | Security Settings | Password policies in the Designer.

  2. Select the password policy in the result list.
  3. Click Add in the Assignments section and enter the following data.

    Table 67: Assigning a Password Policy

    Property

    Description

    Password column

    The password column's identifier.

    Apply to

    Application scope of the password policy.

    To specify an application scope

    1. Click ... next to the text box.
    2. Select the table which contains the password column under Table.
    3. Select the specific base objects under Apply to.
    4. Click OK.
  4. Save the changes.

NOTE: Permitted base objects and their password columns are defined in the view QBMVPwdPolicyColumns. You can customize this view, if required, by extending it with the type "Union". For more information, see Database Views of Type “Union“.

If you create new custom tables, add the customizer "VI.Common.Customizer.PwdPolicyColumnEntityLogic" to the table definition.

Related Documents