OTP Forgot Password Triggered to all endpoint accounts

book

Article ID: 196437

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

We are using OTP forgot password in Identity Portal for helping user to reset their password.
The login uses AD authentication, so we configure AD reset password on endpoint account triggered by OTP forgot password.

The problem is when users do OTP forgot password, besides triggering AD reset password it also triggers other endpoint account reset passwords.

How do we configure OTP forgotten password to only trigger AD reset password without triggering other endpoint account reset passwords?


 

Environment

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

It is normal, expected behavior for the password to be synchronized from Identity Portal/Identity Manager to the Provisioning Server and then to endpoints.

You can prevent password sync from occurring by turning Account Sync = OFF in the IM task's configuration of your IM OTP password task. This would prevent password sync from happening only for that task.

Alternatively, in Provisioning Manager you can set "disable propagation to endpoint" for each endpoint individually, however, this would prevent passwords from ever being changed from IM in any use case.