search cancel

Can the IM Password Policy be configured so that the Profile Attribute check only checks some attributes?

book

Article ID: 256567

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

Can the IM Password Policy be configured so that the Profile Attribute check only checks some attributes?

For example if we need only to only check against UserID attribute value instead of all the profile attributes. 

If user enters a new password which matches the UserID value then the task should not proceed further but instead give an error like password should not match UserID.

Environment

All Identity Manager

Resolution

The Password Policy will not let you pick and choose which Profile Attribute to compare against. You would need to open a product idea to suggest a future enhancement on the following site:

https://community.broadcom.com/participate/ideation-home

However you could use PX Policies to perform a check and display an error to do what you are looking to do. Please review below example:

PX Policy Name: CheckPasswordAgainstProfileAttributes
Policy Type: UI
Event State: Validate On Submit
Event Name: Reset User Password (ResetUserPassword)

Data Element Name: getNewPassword
Category: Attributes
Type: User Attribute
Function: Get
Attribute Name: Password (%PASSWORD%)

Data Element Name: hasPasswordChanged
Category: Attributes
Type: Has the User Attribute Value Changed
Function: Has Changed
Attribute Name: Password (%PASSWORD%)

Data Element Name: getUserID
Category: Attributes
Type: User Attribute
Function: Get
Attribute Name: User ID (%USER_ID%)

Data Element Name: compareNewPasswordWithUserID
Category: Comparators
Type: Comparator
Function: Compare Strings
First String: {'getNewPassword'}
Second String: {'getUserID'}

Entry Rule Name: Check_If_Password_Changed
Data Element: hasPasswordChanged
Operator: Equals
Value: true

Action Rule Name: Check_If_Password_Matches_UserID
Priority: 0
Data Element: compareNewPasswordWithUserID
Operator: Equals
Value: Equals

Action Name: Display Message
Category: Messages
Type: Display On-Screen Message
Function: Displays a message on the screen
Message to be displayed: Password cannot match UserID