Enterprise Administration Guide › Planning Your SAM Implementation › Password Consumers › How SAM Notifies a Password Consumer of a Password Change

How SAM Notifies a Password Consumer of a Password Change

SAM forces a password change for a password consumer when a password change event occurs in CA ControlMinder Enterprise Management, for example, when a password policy specifies that a password must change after a fixed length of time. CA ControlMinder Enterprise Management uses the JCS to communicate with password consumers that get passwords on password change.

Only Windows Scheduled Task and Windows Service password consumers get passwords on password change.

Note: You do not need to install CA ControlMinder on the SAM endpoint to use password consumers that get passwords on password change.

The following process explains how SAM notifies password consumers of a password change:

1. A password change event generates a new password.
2. CA ControlMinder Enterprise Management searches the central database for password consumers that use the password.
3. The JCS logs in to each affected endpoint using the administrator credentials that you supplied when you created the endpoint.
4. The JCS tries to change the password of the password consumer on the endpoint. One of the following happens:
   • The JCS changes the password of the password consumer on the endpoint and optionally restarts the service.

     Note: You specify if the JCS restarts the service when you create the password consumer.

   • The JCS cannot change the password of the password consumer on the endpoint. CA ControlMinder Enterprise Management writes a notification message in the task that initiated the change password event.
5. CA ControlMinder Enterprise Management writes an audit record for the password change.

   Note: You use View Submitted Tasks to view SAM audit records. If the JCS cannot change the password of a password consumer, you can use Synchronize Password Consumers to retry the password change.