Administration Guide › Password Management › Password Policies Overview

Password Policies Overview

A password policy is a set of rules and restrictions. These rules specify password creation and expiration. When you configure a password policy in a CA IdentityMinder environment, the policy applies to the user store associated with the environment. If a user directory is associated with multiple environments, a password policy defined in one environment can apply in other environments.

In a password policy, you can configure the following settings:

Note: Some of these settings require user directory mappings for certain attributes. See Enable Additional Password Policies.

• Apply passwords to a specific set of users
• Password expiration—Define events, such as a number of days elapsing or a number of failed login attempts, that cause a password to expire. When a password expires, the user account is disabled.
• Password composition—Specify the content requirements for new passwords. For example, you can configure settings that require users to create passwords which are at least eight characters long and contain a number and a letter.
• Regular expressions—Provide an expression that determines the format of a valid password. You can specify whether passwords match or do not match that format. You can also specify multiple regular expressions.
• Password restrictions—Set limits on password reuse. For example, users must wait 90 days before reusing a password.
• Advanced password options—Specify actions that CA IdentityMinder takes, such as making passwords lower case, before processing a password. You can also specify the priority of a password policy when multiple password policies apply.

SiteMinder users can also configure password policies in the SiteMinder Administrative user interface. These policies appear in the CA IdentityMinder User Console.

Note: When CA IdentityMinder integrates with SiteMinder, SiteMinder enforces all password policies.

More information:

Manage Password Policies