Chat now with support
Chat with Support

Identity Manager 8.2.1 - Operational Guide

About this guide Simulating data changes in the Manager Scheduling operations activation times Re-applying templates Exporting data with the Manager Analyzing data and data changes Analyzing process monitoring in the Manager Schedules in One Identity Manager Mail templates in One Identity Manager Password policies in One Identity Manager Working with change labels Checking data consistency Compiling a One Identity Manager database Transporting custom changes Importing data with the Data Import Importing and exporting individual files for the software update Creating a One Identity Manager database for test or development from a database backup Initializing DBQueue Processor the after extending the server hardware Command line programs

Checking passwords with a script

You can implement a script if additional policies need to be used for checking a password that cannot be mapped with the available settings.

Syntax of check scripts

Public Sub CCC_CustomPwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

With parameters:

policy = password policy object

spwd = password to check

TIP: To use a base object, take the Entity property of the PasswordPolicy class.

Example: Script that checks a password

A password cannot start with ? or ! . The password cannot start with three identical characters. The script checks a given password for validity.

Public Sub CCC_PwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

Dim pwd = spwd.ToInsecureArray()

If pwd.Length>0

If pwd(0)="?" Or pwd(0)="!"

Throw New Exception(#LD("Password can't start with '?' or '!'")#)

End If

End If

If pwd.Length>2

If pwd(0) = pwd(1) AndAlso pwd(1) = pwd(2)

Throw New Exception(#LD("Invalid character sequence in password")#)

End If

End If

End Sub

To use a custom script for checking a password

  1. In the Designer, create your script in the Script Library category.

  2. Edit the password policy.

    1. In the Designer, select the Base data > Security settings > Password policies category.

    2. In the List Editor, select the password policy.

    3. On the Scripts tab, enter the name of the script to be used to check a password in the Check script field.

    4. Save the changes.

Related topics

Generating passwords with a script

You can implement a generating script if additional policies need to be used for generating a random password, which cannot be mapped with the available settings.

Syntax for generating script

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

With parameters:

policy = password policy object

spwd = generated password

TIP: To use a base object, take the Entity property of the PasswordPolicy class.

Example: Script that generates a password

The script replaces invalid ? and ! characters at the beginning of random passwords with _.

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

Dim pwd = spwd.ToInsecureArray()

' replace invalid characters at first position

If pwd.Length>0

If pwd(0)="?" Or pwd(0)="!"

spwd.SetAt(0, CChar("_"))

End If

End If

End Sub

To use a custom script for generating a password

  1. In the Designer, create your script in the Script Library category.

  2. Edit the password policy.

    1. In the Designer, select the Base data > Security settings > Password policies category.

    2. In the List Editor, select the password policy.

    3. On the Scripts tab, enter the name of the script to be used to generate a password in the Generating script field.

    4. Save the changes.

Related topics

Editing the excluded list for passwords

You can add words to a list of restricted terms to prohibit them from being used in passwords.

NOTE: The restricted list applies globally to all password policies.

To add a term to the restricted list

  1. In the Designer, select the Base data > Security settings > Password policies category.

  2. Create a new entry with the Object > New menu item and enter the term you want to exclude from the list.

  3. Save the changes.

Checking passwords

When you verify a password, all the password policy settings, custom scripts, and the restricted passwords are taken into account.

To verify if a password conforms to the password policy

  1. In the Designer, select the Base data > Security settings > Password policies category.

  2. Select the password policy in the List Editor.

  3. Select the Test tab.

  4. Select the table and object to be tested in Base object for test.

  5. Enter a password in Enter password to test.

    A display next to the password shows whether it is valid or not.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating