This section provides information on how to apply a password policy to organizational units and groups in a managed AD LDS instance.
This section provides information on how to apply a password policy to organizational units and groups in a managed AD LDS instance.
In Password Manager (PM) application, scopes can be defined at multiple levels. Scopes act as a boundary in which you can define the groups and Organization Unit (OU), and can also associate policies into it.
The Default Management Policy allows you to configure both the user scope and the help desk scope. In the Management Policy scope, an admin can also associate the workflows, activities, and Q&A policy to the configured user groups and OU.
While configuring the user scope/help desk scope, an admin must define either a Group or an OU to indicate which group or OU can access the self-service site/helpdesk site. This means the users who are part of the configured group/OU comes under included group category. You could also define a different group/OU under an excluded group category. This means users who are part of these excluded group or OU cannot access self-service site/helpdesk site.
In case of Password Policy scope, admin needs to ensure the following
|
|
The table below provides more information on different scenarios.
Let us consider the following groups/OU
|
NOTE: Do not define both OU and the group in the Management policy scope for the set password policy rule to get applied in the self-service site. |
S.No | Userscope
|
Password Policy Scope
|
Password Policy | Logged in self-service site |
Is Password Policy applicable?
| ||||
Included Group | Included OU |
Excluded Group |
Excluded OU |
OU | Group | ||||
1. | Group1 | OU1 |
|
|
OU1 | Group1 | Password Policy1 | User1 |
Yes |
2. | Group1 | OU2 |
Group2 |
|
OU1 | Group2 |
Password Policy2
|
User2 |
No |
3. |
Group3 |
OU1 |
Group1 |
|
OU2 |
Group3 |
User2 |
No | |
4. |
Group3 |
OU3 |
|
OU1 |
OU3 |
Group3 |
Password Policy3
|
User3 |
Yes |
5. |
Group2 |
OU2 |
|
|
OU1 |
Group2 |
User2 |
No | |
6. |
Group1 |
OU1 |
|
OU4 |
OU4 |
Group1 |
Password Policy4
|
User1 |
No |
7. |
Group2 |
OU2 |
|
OU5 |
OU5 |
Group2 |
User2 |
No | |
8. |
Group3 |
OU3 |
Group1 |
|
|
Group3 |
Password
|
User3 |
No |
9. |
Group3 |
OU3 |
Group2 |
|
OU3 |
|
User3 |
No |
To link a password policy to organizational units and groups
When multiple password policies affect an organizational unit or a group, only the policy with the highest priority is applied to such group or organizational unit. A newly created password policy is disabled by default.
|
NOTE: Only priority of policies with the same scope can be changed. |
To change policy priority
Password Manager uses a set of powerful and flexible rules to define requirements for passwords. Each password policy has rules that are configured independently of the rules in other policies.
|
NOTE: Password Manager for ADLDS does not support Dictionary rule in OI Password policies. |
For each password policy, you can set up the following rules:
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center