Previous Topic: Enable Additional Password PoliciesNext Topic: Configure Password Expiration


Apply a Password Policy to a Set of Users

You can specify rules that determine the set of users to which a password policy applies. This ability allows you to have one password policy for general employees, and a stricter policy for high-level managers.

Follow these steps:

  1. Create or modify a password policy in the User Console.
  2. Select the type of filter to configure in the Directory Filter field.

    See the following table for a description of each filter type.

    Note: The type of user store to which the password policy applies determines the options for the Directory Filter list box. Some filter types are not available for relational databases and CA Directory user stores when CA IdentityMinder is integrated with SiteMinder.

  3. Specify a condition by selecting an attribute and operator, and entering a value.
  4. To add additional conditions, click the plus sign.

The following table describes the options for directory filter types, and provides examples of each filter type. Attributes on the left side of the "=" in the following examples are as they are prescribed in the user directory definition area. For Create-type user tasks, password policies with directory filters configured are only applied when both of the following conditions are met:

Type of Filter

Use this filter to...

Example

In an Organization

Browse and select an Organization.

 

In a Group

Browse and select a Group.

 

A user

Browse and select a single user.

 

User filter

(Not available for relational databases when integrated with SiteMinder)

Specify a filter for users.

Employee Type = Contractor
Department = Security

User Search Expression

Enter a search query for users.

 

uid=jsmith (for LDAP)

TBLUSERS.ID = jsmith (for relational databases)

Group Filter

(Not available for relational databases when integrated with SiteMinder)

Specify a filter for groups.

Self Subscribing = *

Group Search Expression

Enter a search query for groups.

 

 

cn=Sales (for LDAP)

TBLGROUPS.NAME=GroupA (for relational databases

Organization Filter

(Not available for relational databases when integrated with SiteMinder)

Specify a filter for organizations.

 

Organization name = *Marketing

Organization Search Expression

 

Enter a search query for organizations.

 

ou=Boston (for LDAP)

TBLORGANIZATIONS.NAME=Boston (for relational databases)

Search

 

Specify a query that is not included in the other options for the filter type.

(&(uid=*smith)(ou=Boston))