Chat now with support
Chat with Support

Identity Manager 8.0 - Web Application Configuration Guide

Settable Passwords

Users can set the following default passwords.

Table 15: Password Overview

User

Password

Table / Column

Everyone

Own password

Person.DialogUserPassword

Everyone

User account password, which is

  1. Directly assigned to the current employee.

- OR -

  1. Assigned to the current employee's sub identity.

- OR -

  1. Assigned to the current employee's sponsored identity, service identity or group identity.

- OR -

  1. Assigned to one of the current user's shared user accounts.

AADUser.Password

ADSAccount.UserPassword

CSMUser.Password

EBSUser.Password

GAPUser.Password

LDAPAccount.UserPassword

NDOUser.Password

SAPUser.Password

UNSAccountB.Password

UNXAccount.UserPassword

Members of the application role "Base roles\Administrators"

System user's password

DialogUser.Password

NOTE: The system user is not suggested for resetting the password in the following cases:

  • If external password management is enabled for the system user.
  • If the system user is enabled as service account.
  • If the system user is used for automatic software updating of One Identity Manager web applications .

In this case, "QER_PasswordWeb_IsAllowSet" is implemented, which can be overwritten.

  • If the system user is used for role-based login.

In this case, the system user is not accepted by the Password Reset Portal.

 

Excluding Passwords from being Reset

Table 16: Script for Resetting Passwords

Script

Description

QER_PasswordReset_IsAllowSet

Specifies whether resetting a password in the Password Reset Portal is allowed.

To prevent users from setting passwords by mistake, you can exclude certain password from being reset.

User cases for this might be passwords that are calculated from other values or passwords for target systems that are only connected as read-only.

NOTE: In the script "QER_PasswordWeb_IsAllowSet", the system user is prevented, by default, from resetting the password in the following cases.
  • If external password management is enabled.
  • If the system user is enabled as service account.
  • If the system user is used for automatic software updating of One Identity Manager web applications.

To exclude passwords from being reset

  1. Open the Designer.
  2. Find the script "QER_PasswordReset_IsAllowSet".
  3. Use the template "QER_PasswordReset_IsAllowSet" as the basis for an overrideable script with the following parameters.
    1. Current user's UID_Person.
    2. Object's key (ObjectKey) offered for password reset.
    3. Password's column name.
  4. Save the setting in the Designer.
  5. Compile the Password Reset Portal.

Central Password

Apart from setting individual passwords in the Password Reset Portal, you can also set the central password. Each user has a central password, with which other passwords can be managed depending on the configuration of the target system.

Defining Password Dependencies

By defining password dependencies, you specify, which passwords are managed through the central password.

Table 17: Script for Declaring Passwords

Script

Description

QER_PasswordWeb_IsByCentralPwd

By default, the script checks whether the configuration parameter "QER\Person\UseCentralPassword"
is set. If the configuration parameter is set, the employee's central password is mapped to the password column of the employee's user account. A user account must be linked to the current user, it cannot be a privileged account. The script can be overwritten.

To define password dependencies

  1. Open the Designer.
  2. Search for the script QER_PasswordWeb_IsByCentralPwd.
  3. Use the template "QER_PasswordWeb_IsByCentralPwd" as the basis for an overrideable script with the following parameters.
    1. Current user's UID_Person.
    2. Object's key (ObjectKey) offered for password reset.
    3. Password's column name.

    Based on these input parameters, the script must return the information as to whether the password is managed by the central password.

  4. Save the setting in the Designer.
  5. Compile the Password Reset Portal.
Related Documents