Password Policies

book

Article ID: 208954

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

If I am using federated identity for SSO access to native applications can I create a policy that forces the application passwords to change per policy without having the user involved?

The goal is to always provide access to the application with their local credentials while the application passwords are changed and comply to corporate policy.

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

The short answer to this is no. An administrator will still have to change the service accounts password, Please see here:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-3/virtual-appliance/Change-the-Password-of-Identity-Suite-Components.html

 

In searching the IM documentation for endpoint password management. I do not see anywhere in our documentation where an application, like Siteminder, can initiate a password change.

  Siteminder itself does not have the ability to call out to other application APIs so cannot initiate a TEWS call to IM to reset the user's password in IM to synch to an endpoint.

   There is no "sweeping" process in IM where you could call a password change to an endpoint.

   Password changes could be initiated by an external TEWS client, and you could use policy express to generate a password, but doing this could be dangerous.