Password Enforcement is a feature of the product that provides administrators with the ability to configure how to enforce password resets across the enterprise. This feature is the sharp end of the stick as it relates to how passwords are reset in your organization. More importantly, it provides you scaling options to perform the following tasks:
Functional Description of individual configuration properties
Locale - This feature is applicable when internationalization is activated. For each language that is turned on, you can translate some the administrative input fields. |
Name - This is the name of the Password Enforcement Configuration. This is the internal name of the PEC and will not be visible to end users. |
Display Name - This field provides administrators with the ability to define a name for the PEC. This value will be displayed to the end users when attempting to reset their passwords. It is important to make sure the Display Name value set is something recognizable by your end user community in order to limit any help desk calls that may confuse them if too technical a name is used. |
Description - Description of the password enforcement to be created. |
Password Policy - This field is reserved to set the defined password policy that will be utilized to enforce the password rules administrators |
Search - Click on this to display the Password Policy List to be selected. |
View Rules - Clicking this button will display the password rules for the selected password policy. |
Priority - Assign a priority value to this configuration. This will be a value between 1 & 100. Note: If a user qualifies for multiple PECs , the password enforcement with highest priority will be enforced(100 has the highest priority) |
Enabled - Check to enable the password enforcement. Only enabled enforcement will be evaluated during the password enforcement evaluation for a user during password reset. |
Sync Passwords - Select this option if passwords for all connected system accounts for this enforcement configuration should be in sync. |
Mutually Exclusive - Select this option, if the user cannot use this password for resetting connected system accounts from another password enforcement. Note:This option will be enabled only if the Sync Passwords option is selected. |
Connected System Members - Click "Add" button to add the connected systems , which are using the Password Enforcement Configuration. the extra configurations per connected system selected are explained below. Note: Please note that the Connected System View page will not be listing connected systems created with “Password Reset By” option set to “External”. |
Visible to users - Select this check box to display the user account in this connected system in self-service password reset screens. |
Scramble Password on Expiry - Select this check box if the user want the password of the account to be scrambled up on expiry. |
Master - Select this radio button to make the selected connected system the Master connected system of the PEC. When the Password Sync Option is enabled, the Master system in a PEC will be the first connected system to get its password reset. If the Master system password reset fails, then reset of all other connected systems in the PEC will be skipped. The Master symbol will be displayed in all the areas that allow accounts to be selected for password reset. |
User Qualification Rules - User can manage the user User Group list by which the group of users to be qualified for the password enforcement is selected. |
Password Expiry Notifications - User can configure the days before expiry and the notification to be sent as expiry notification. |
Email Notification after password expired - Configure the notification to be sent after password has been expired |
SMS Notification after password expired - Configure the SMS notification to be sent after password has been expired |
Notify user that the password is about to expire X day(s) before expiry at Self-Service login - Enter the days before expiry, to notify the user while login to self-service. |
From AdminUI, the associated PECs can be viewed from User Password Management.
Note:-The systems which is not associated with a PEC will be listed as Standalone in Password Management pages. Password policy cannot be associated for these systems.
From Self-service->My Accounts page user can view the PEC’s associated with the accounts.
If the password Resync option is set from AdminUI-> Configuration->Identity Password Management->Enable Password Resync- Enduser, the user can sync the
failed account with the password of the success reset in the same PEC.
User can sync the password of the failed account from Self-service->MyAccounts
Click the Sync icon near the PEC