How to clear password profile flag after a post-release reset (4243691)

How to clear password profile flag after a post-release reset

If it is required for a TPAM account to be configured to keep the same password but the new enhancement feature of TPAM 2.5.918 "Do not change password after requests" is not check marked in the password profile of that account. TPAM will attempt to change that password after a post-release reset. Also, if the TPAM user does not know the current password of that TPAM account.

With TPAM upgraded to v.2.5.918 a new enhancement feature has been added for Password Change Profiles: "Do not change password after requests" option.

The issue is that the account is currently flagged for a post-release reset at this point the password profile needs to clear this flag so that it will allow the password to be requested again.

How to clear password profile flag after a post-release reset:

Step 1:  Enable the "Do not change password after requests"  setting in the Password Profile used by the effected account.

Step 2:  Do an ISA retrieval of the current password on the account so you can use this same password after the reset.

Step 3. Do a forced reset on the account to clear the reset flag.

Step 4.  Manually copy and paste in the password into the password field on the account

If the TPAM admin does not have ISA permission on that particular account, they could temporarily grant themselves the permission in the accounts permission tab.

Explanation of a password reset during release window While a requestor has an active release duration window, three possible circumstances could cause the password to be changed by TPAM during that time: • The configured Default Change Setting for the account occurs during the release window. For example, if the password is to be changed every 30 days which happens to occur while a requestor has a password. This scenario can be prevented by selecting Do not automatically change the password while a release is active on the account details management tab. • The ISA post-release reset interval has occurred. In this case, an ISA may have recently retrieved the password and it is being reset because the configured interval for that action has expired. This scenario can be prevented by selecting Do not automatically change the password while a release is active on the account details management tab. • The ISA or the Administrator has forced a reset of the password. The requestor should try and access the password at a later time. The Password Profile option: "Do not change password after requests" If selected, the password WILL NOT be changed after a password request duration has expired, which allows the requestor to retain knowledge of the current password. The password will only be reset by a regularly scheduled change or a forced reset. This setting does not affect ISA password retrievals or apply to synchronized passwords. NOTE: It is recommended that this option only be used with Enable account before release option selected on the account details. These accounts will have the account disabled after the request expires, even though the password still will not be reset until a regularly scheduled change.