This PX Policy is helpful for your environment if you provide users with a default password when they're created in Identity Manager. The users will be able to log in for the first time with the default password you create for them, and then they will be prompted to change it to whatever they choose. This is done by setting the DisabledState of your newly hired users to 16777216. 

Release:
Component: IDMGR

Here is the most basic form of the PX Policy. It can be modified to fit your needs, such as adding entry rules or changing the event on which the PX Policy executes. 

 

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJgXAAW" alt="2017-10-05 14_48_46-Identity Manager _ Create Policy Xpress Policy.jpg" width="886" height="419">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJgYAAW" alt="2017-10-05 14_49_26-Identity Manager _ Create Policy Xpress Policy_ Disabled State 16777216.jpg" width="953" height="326">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJgZAAW" alt="2017-10-05 14_50_34-Identity Manager _ Create Policy Xpress Policy_ Disabled State 16777216.jpg" width="1405" height="623">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJgaAAG" alt="2017-10-05 14_50_45-Identity Manager _ Create Policy Xpress Policy_ Disabled State 16777216.jpg" width="770" height="746">

Once this PX Policy is in place, after every instance of the CreateUserEvent the new user will have their DisabledState value changed to 16777216 (default is 0). This 16777216 flag forces users to change their password next time they log in.