Password management helps an organisation to have consistent and strong password policies.
IdentityNow Password Management simplifies password administration and updates across your IdentityNow account sources and applications.
Password management is only available for direct sources.
Password change flow
When a user requests a password reset, it goes to the IdentityNow. IdentityNow checks whether the given password has the requirements of the password policy. It places the password value in the queue of the VA. VA updates the password in the target source. Target can be an application or source in the IdentityNow.
A Password Interceptor(PWI) is needed when the active directory is in the sync group.
When the user requests a password change, the values move to the PWI that is installed in the AD. PWI verify the policies and send them to the VA. VA sends the value to the IdentityNow. IdentityNow knows about the other sources in the sync group. IdentityNow changes the password in the other sources.
Password policy defines the security and complexity of the password requirement.
New password policies can be created only when the organisation have purchased the password management. Otherwise, only the default password policies can be edited.
After creating the password policy, it can be linked with the source. Sources will be assigned to default policies automatically. Different users may require different policies. In this case, the org can use filters and exceptions to group the users. Only one password policies is applied for the user.
A password dictionary is a text file that lists the words and characters that must be prevented from the user’s passwords. The Dictionary file is uploaded through the Update Password Dictionary API.
Password Sync Group
The password sync group contains the group of sources that can have the same passwords. One way to reduce password change failures is to ensure the password policies for all sources in the sync group align.
If a user tries to use the pass-through authentication to change the account password for a source in a sync group and the password change fails, IdentityNow will not attempt to change the passed for the other sources in the password.
Pass-through authentication allows the user to log in using the network credentials which are usually tied to an active directory or primary source.
There are five email templates available for password management
- Password Expiration
- User password changed
- Helpdesk password reset
- App password changed
- Password Reset code
- Forgotten password reset
Helpdesk user can initiate the password rest and view activity.
The user initiated rest to reset their own password, the user needs to provide their identity to IdentityNow.
After assigning the password policy to the source, the user can enable the users to reset their passwords. This can be done by creating an application in the application tab. A password manager helps the user to manage passwords in the sync group, multi-application source, and applications.