CA Strong Authentication Administration Guide › Managing Global CA AuthMinder Configurations › Configuring Profiles and Policies › Configure Password Settings › Configure Password Issuance Profile

Configure Password Issuance Profile

A Password profile can be used to specify the following attributes related to a password credential:

• Password strength: The effectiveness of password, which is determined by the length of the password and number of alphabets, numerals, and special characters in it.
• Validity period: The period for which the password credential is valid.
• Auto-generate password: The password is generated by the CA AuthMinder Server.
• Usage count: Number of times the password can be used.
• Usage type and password uniqueness: Based on the usage requirement, a user can have multiple password credentials. For example, a temporary password and a permanent password. These passwords can be same or unique.

By configuring a Password profile and assigning it to one or more organizations, you can control the characteristics of password credentials that are issued to users of those organizations. Use the Password Profiles page for creating password credential profiles.

Follow these steps:

1. Click the Services and Server Configurations tab on the main menu.
2. Ensure that the CA Strong Authentication tab in the submenu is active.
3. Under the Password section, click the Issuance link to display the Password Profiles page.
4. Edit the fields in the Profile Configurations section, as required.
   • Profile Configurations:

   Create

   If you choose to create a new profile, then:

   • Select the Create option.
   • Specify the Configuration Name of the new profile in the field that appears.

   Update

   If you choose to update an existing profile, then select the profile that you want to update from the Select Configuration list.

   Copy Configuration

   Enable this option if you want to create the profile by copying the configurations from an existing profile.

   Note: You can also copy from configurations that belong to other organizations that you have scope on.

   Available Configurations

   Select the profile from which the configurations will be copied.

   Validity Start Date

   Set the date from when the issued password credential will be valid.

   The validity can start from either the date when this credential is created or you can specify a custom date.

   Validity End Date

   Set the date when the password will expire.

   You can choose any of the following options to set the expiration date:

   • Specify the duration
   • Specify a custom date

   Choose Never Expires option if you want the password to not expire at all.

   • Password Strength Options:

   Minimum Characters

   Specify the least number of characters that the password can contain. You can set a value between 4 and 64 characters.

   The default value is 6.

   Maximum Characters

   Specify the most number of characters that the password can contain. You can set a value between 4 and 64 characters.

   The default value is 10.

   Minimum Alphabetic Characters

   Specify the least number of alphabetic characters (a-z and A-Z) that the password can contain.

   This value must be lesser than or equal to the value specified in the Minimum Characters field.

   Minimum Numeric Characters

   Specify the least number of numeric characters (0 through 9) that the password can contain. You can set a value between 0 and 32 characters.

   Minimum Special Characters

   Specify the least number of special characters that the password can contain. By default, all the special characters excluding ASCII (0-31) characters are allowed.

5. Expand the Advanced Configurations section by clicking the [+] sign.
6. In the Custom Attributes section, specify any extra information in the Name-Value pair format. For example, the organization information that can be used by plug-ins.
7. Set the following in the User Validations section:
   • Select the User Active option if you want to verify the user status for the following operations involving the current credential:
     • Create credential
     • Re-issue credential
     • Reset credential
     • Reset validity of the credential
   • Select the User Attribute option if you want to verify whether the user attribute matches certain values. You can set the value for the following user attributes:
     • Date when the user was created
     • Date when the user details were modified
     • Email address
     • First name
     • Middle name
     • Last name
     • User status
     • Telephone number
     • Unique user identifier

     Note: The User attribute check feature is available only if you are performing configurations at the organization-level.

8. Set the following in the Additional Password Options section:
   • Enable Auto-Generate Password option if you want the CA AuthMinder Server to generate the user passwords. This feature can be used in scenarios where a user forgets their password, the Server can auto-generate a new password and the user can use this new password for the next login.
   • In the Usage Count option, select Unlimited if you want the password to be valid until it expires. If you want to limit the number of times the password has to be used, then enter the number of times in the second option.
9. Set the following in the Multiple Credential Options section:
   • Enter the description to identify the purpose for which the password is used in the Usage Type field. For example, a user can have a temporary password to perform a remote login to the network, the usage type for this password can be temporary.
   • Enable Password Unique Across Usage Types option if the passwords of different usage types must be unique.
10. The History Validation section enables you to enforce the users to not reuse the old passwords. You can select any of the following options:
    • Last <N> Passwords: Select this option, if you want the current password to be different from the last <n> passwords.
    • Password Created in Last: Select this option, if you want the current password to be different from the passwords that are used in the specified duration.
11. Click Save.
12. Refresh all deployed CA AuthMinder Server instances. See Refresh a Server Instance for instructions about the procedure.