|
|
|
Description: When set to Yes, users changing their own global user passwords or one of their synchronized account passwords will have the password validated using externally-defined password rules. Users' synchronized account passwords are the passwords for their accounts on endpoints for which the Disable Password Propagation property is disabled. You should set the parameter Enforce Synchronized Account Passwords to Yes whenever Identity Manager Server/Use External Password Policies is set to Yes. When this parameter is set to Yes, the Provisioning Server password rules that are applicable to users changing their own passwords (Password history checks and Minimum interval between self-changes) are no longer consulted.
Values: No (default) or Yes
Note: Even when integration with Identity Manager password policies is enabled with this configuration parameter, the Provisioning Server uses its per-domain password profiles in various situations. In particular, Administrative password changes, initial global user passwords, changes to unsynchronized account passwords and generating temporary initial passwords all consult the Provisioning Server password profile. In addition, the Locking and Password Expiration features defined in the Provisioning Server password profile are always used. However, the Provisioning Server password profile rules that are applicable to users changing their own passwords (Password history checks and Minimum interval between self-changes) are not consulted when this configuration parameter is Yes.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |