CA Identity Manager: Active Directory fine grain password policies
search cancel

CA Identity Manager: Active Directory fine grain password policies

book

Article ID: 116654

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

Identity Manager can be integrated with Active Directory as an endpoint, and when this happens IM can manage the user's passwords. You'll see an issue with users who are entitled to a fine grain password policy such as the following use case: 

You have users who are entitled to a fine grain password policy (FGP) in Active Directory. There is no password policy in Identity Manager but the base AD policy requires a 7 character password, while the FGP requires 2 characters. 

If you provide a user's AD account with the group required to give them the FGP, they still cannot change the global user's password to a 2 character password. It returns saying that it does not match the base AD policy of 7 characters, even though the user is actually entitled to FGPs. 

When you try to change the password on AD it works as expected and accepts their 2 character password. 

Does CA Identity Manager support fine grain password policies?

Environment

Release: 14.x
Component: IDMGR

Resolution

No, fine grain password policies are not supported in CA Identity Manager. All Active Directory accounts will have their passwords held to the standards of the global AD password policy you have in place.