立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Operational Guide

About this guide Simulating data changes in the Manager Scheduling operations activation times Re-applying templates Exporting data with the Manager Analyzing data and data changes Analyzing process monitoring in the Manager Schedules in One Identity Manager Mail templates in One Identity Manager Password policies in One Identity Manager Working with change labels Checking data consistency Compiling a One Identity Manager database Transporting custom changes Importing data with the Data Import Importing and exporting individual files for the software update Creating a One Identity Manager database for test or development from a database backup Initializing DBQueue Processor the after extending the server hardware Command line programs

Editing the excluded list for passwords

You can add words to a list of restricted terms to prohibit them from being used in passwords.

NOTE: The restricted list applies globally to all password policies.

To add a term to the restricted list

  1. In the Designer, select the Base data > Security settings > Password policies category.

  2. Create a new entry with the Object > New menu item and enter the term you want to exclude from the list.

  3. Save the changes.

Checking passwords

When you verify a password, all the password policy settings, custom scripts, and the restricted passwords are taken into account.

To verify if a password conforms to the password policy

  1. In the Designer, select the Base data > Security settings > Password policies category.

  2. Select the password policy in the List Editor.

  3. Select the Test tab.

  4. Select the table and object to be tested in Base object for test.

  5. Enter a password in Enter password to test.

    A display next to the password shows whether it is valid or not.

Testing the generation of passwords

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

  1. In the Designer, select the Base data > Security settings > Password policies category.

  2. In the List Editor, select the password policy.

  3. Select the Test tab.

  4. Click Generate.

    This generates and displays a password.

Password expiry

Identity-based and system user-based authentication modules support password expiry. The columns Person.PasswordLastSet and DialogUser.PasswordLastSet contain the time and date that the password was last changed.

There are different ways to inform users that their password is going to expire:

  • Users are alerted about their password expiring when they log in to One Identity Manager and can change their password if necessary.

  • For identity-based authentication modules, the system sends reminder notifications in relation to expiring passwords as of seven days in advance of the password expiry date.

    • You can adjust the time in days in the Common | Authentication | DialogUserPasswordReminder configuration parameter. Edit the configuration parameter in the Designer.

    • The notifications are triggered in accordance with the Reminder system user password expires schedule and use the Identity - system user password expires mail template. You can adjust the schedule and mail template in the Designer if required.

TIP: To prevent passwords expiring for service account, for example, you can set Password never expires (DialogUser.PasswordNeverExpires) in the Designer for the affected system users.

For more information about One Identity Manager authentication modules and about editing system users, see the One Identity Manager Authorization and Authentication Guide.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级