Apply a Password Policy to a Set of Users

Administration Guide › Password Management › Create a Password Policy › Apply a Password Policy to a Set of Users

Apply a Password Policy to a Set of Users

You can specify rules that determine the set of users to which a password policy applies. This ability allows you to have one password policy for general employees, and a stricter policy for high-level managers.

Follow these steps:

Create or modify a password policy in the User Console.
Select the type of filter to configure in the Directory Filter field.
See the following table for a description of each filter type.

Note: The type of user store to which the password policy applies determines the options for the Directory Filter list box. Some filter types are not available for relational databases and CA Directory user stores when CA IdentityMinder is integrated with SiteMinder.
Specify a condition by selecting an attribute and operator, and entering a value.
To add additional conditions, click the plus sign.

The following table describes the options for directory filter types, and provides examples of each filter type. Attributes on the left side of the "=" in the following examples are as they are prescribed in the user directory definition area. For Create-type user tasks, password policies with directory filters configured are only applied when both of the following conditions are met:

CA IdentityMinder is not integrated with SiteMinder.
The directory filter type is not User, Group, Group Filter, or Group Search.

Type of Filter	Use this filter to...	Example
Entire Directory	Apply a password policy to all users in a user store.	N/A
In a group	Search for a specific group.	Name=Product Team (For LDAP object stores) TBLGROUPS.NAME=Product Team (for relational databases)
A user	Search for and select a single user.	User ID=jsmith TBLUSERS.ID=jsmith (for relational databases)
User filter (Not available for relational databases when integrated with SiteMinder)	Specify a filter for users.	Employee Type = Contractor TBLUSERS.EMPTYPE=Contractor (for relational databases)
User Search Expression	Enter a search query for users.	uid=*smith
Group Filter (Not available for relational databases when integrated with SiteMinder)	Specify a filter for groups.	Self Subscribing = *
Group Search Expression	Enter a search query for groups.	cn=Sales*
Organization Filter (Not available for relational databases when integrated with SiteMinder)	Specify a filter for organizations.	Organization name = *Marketing
Organization Search Expression	Enter a search query for organizations.	ou=Boston
Search	Specify a query that is not included in the other options for the filter type.	(&(uid=*smith)(ou=Boston))

Tell Technical Publications how we can improve this information