We are using OTP forgot password in Identity Portal for helping user to reset their password.
The login uses AD authentication, so we configure AD reset password on endpoint account triggered by OTP forgot password.

The problem is when users do OTP forgot password, besides triggering AD reset password it also triggers other endpoint account reset passwords.

How do we configure OTP forgotten password to only trigger AD reset password without triggering other endpoint account reset passwords?


 

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

It is normal, expected behavior for the password to be synchronized from Identity Portal/Identity Manager to the Provisioning Server and then to endpoints.

You can prevent password sync from occurring by turning Account Sync = OFF in the IM task's configuration of your IM OTP password task. This would prevent password sync from happening only for that task.

Alternatively, in Provisioning Manager you can set "disable propagation to endpoint" for each endpoint individually, however, this would prevent passwords from ever being changed from IM in any use case.