ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Password Policies


Article ID: 208954


Updated On:


CA Identity Suite


If I am using federated identity for SSO access to native applications can I create a policy that forces the application passwords to change per policy without having the user involved?

The goal is to always provide access to the application with their local credentials while the application passwords are changed and comply to corporate policy.


Release : 14.3



The short answer to this is no. An administrator will still have to change the service accounts password, Please see here:


In searching the IM documentation for endpoint password management. I do not see anywhere in our documentation where an application, like Siteminder, can initiate a password change.

  Siteminder itself does not have the ability to call out to other application APIs so cannot initiate a TEWS call to IM to reset the user's password in IM to synch to an endpoint.

   There is no "sweeping" process in IM where you could call a password change to an endpoint.

   Password changes could be initiated by an external TEWS client, and you could use policy express to generate a password, but doing this could be dangerous.