|
|
|
CA Identity Manager is able to intercept the password change of a native Windows account and propagate the new password to a user and all accounts belonging to that user.
This situation assumes your standard is that a user's password can be the same on all systems. However, you can designate that accounts on certain endpoints are excluded from password propagations. It is also possible to use the Provisioning Domain Configuration parameter (Password Synchronization/Update Only Global User) to designate that requests from Password Synchronization Agents only update the user, but not any of the user's other accounts.
When the Password Synchronization Agent detects a password change attempt, the agent intercepts the request and sends it to the Provisioning Server, which then propagates the new password to the user and other accounts associated with that user.
The requirements for Identity Manager password synchronization include the following:
Important! Use care in formulating password rules, so that a single password can be used on all systems. For example, if Windows passwords must be 12 characters, any system that accepts passwords only up to 10 characters will reject the change during synchronization.
The Identity Manager server is not aware of the password restrictions on the endpoint. When working with endpoint accounts, the Identity Manager password policy should be stricter than the password policy of the endpoints.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |