Identity Management Service › Connectors Guide › Connecting to Endpoints › CA Access Control Connector › Troubleshooting › Cannot Create Account When Password Policies Conflict

Cannot Create Account When Password Policies Conflict

This section applies to all connectors. However, it is most likely to be relevant to the mainframe connectors.

Symptom:

In many organizations, some endpoints (such as the mainframe systems) have stricter restrictions on passwords than the corporate password policy.

This conflict causes problems if you create a password that meets the requirements of the Identity Management or CA CloudMinder password policy but is invalid on an endpoint. In this situation, the following problems can occur:

• When you use a provisioning role to create an endpoint account for an existing global user with such a password, the account is not created.
• When you attempt to create a user with a temporary password, the user is not created.
• When you change the password of an existing account on the endpoint, the changed password is not saved.

Solution:

To avoid this problem, make one or both of the following changes:

• Make the password policy in Identity Management or CA CloudMinder more restrictive than the password policy on the mainframe endpoint.
• Make the policy for temporary passwords more restrictive than the password policy on the mainframe endpoint.

  This change forces new users to change their password when they log in to User Console.