search cancel

Policy Xpress attribute for pasword must change in Top Secret


Article ID: 187554


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite


Users who forget their Top Secret password, log in to IDM, and kick off the custom task ‘Reset TSS password’ and then submit. On the background, we kick off Policy Xpress and set the password to a standard password and the next requirement is to set the flag to force the user to reset the password on the next log on. We are able to successfully reset the password, however, we are not able to force the user to reset the password at next log on.



 In Identity Manager, in a PX Policy there, is the "Expire Now (expireNow)" attribute on a CA Top-Secret account.

If you set this attribute with the value of "true" then this will end up sending a modify request to the Provisioning Server to set the eTTSSExpireNow attribute value of "Y," which will enable the checkbox in the Provisioning Manager for the Expired checkbox in the Password Expiration section.