<br> <br> I'd like to know :<br><br>- How are user passwords stored in Active Directory ? <br>- How admin passwords are stored in my Active Directory ?
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP<br> Component: <br>
Actually, CA Single Sign-On doesn't store the passwords directly but<br>the Active Directory itself. So when you are using Password Services,<br>and requesting user to change their password, CA Single Sign-On will<br>do a LDAP bind with the user credentials and will request to modify<br>the password to the Active Directory, using the attributes you have<br>mapped when defining the User Directory. Then the Active Directory<br>decides how to store the password.<br><br>For more information you can check the following: <br><br>How to Configure Password Policies<br>https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/password-services-and-policies/how-to-configure-password-policies <br><br>SSO - Basic Password service integration with Active Directory<br>https://communities.ca.com/thread/241790640-sso-basic-password-service-integration-with-active-directory <br><br>Tech Tip - CA Single Sign-On:Policy Server: Read Password Blob Utility<br>https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/02/29/tech-tip-ca-single-sign-onpolicy-server-read-password-blob-utility <br><br>and about encryption <br><br>Manage Encryption Keys<br>https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/administrating/manage-encryption-keys <br><br>Using FIPS-Compliant Algorithms<br>https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/upgrading/using-fips-compliant-algorithms <br><br>FIPS 140-2 Algorithms<br>https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/administrating/manage-encryption-keys/fips-140-2-algorithms <br>