Password Policies Overview
A password policy is a set of rules and restrictions. These rules specify password creation and expiration. When you configure a password policy in a CA IdentityMinder environment, the policy applies to the user store associated with the environment. If a user directory is associated with multiple environments, a password policy defined in one environment can apply in other environments.
In a password policy, you can configure the following settings:
Note: Some of these settings require user directory mappings for certain attributes. See Enable Additional Password Policies.
- Apply passwords to a specific set of users
- Password expiration—Define events, such as a number of days elapsing or a number of failed login attempts, that cause a password to expire. When a password expires, the user account is disabled.
- Password composition—Specify the content requirements for new passwords. For example, you can configure settings that require users to create passwords which are at least eight characters long and contain a number and a letter.
- Regular expressions—Provide an expression that determines the format of a valid password. You can specify whether passwords match or do not match that format. You can also specify multiple regular expressions.
- Password restrictions—Set limits on password reuse. For example, users must wait 90 days before reusing a password.
- Advanced password options—Specify actions that CA IdentityMinder takes, such as making passwords lower case, before processing a password. You can also specify the priority of a password policy when multiple password policies apply.
SiteMinder users can also configure password policies in the SiteMinder Administrative user interface. These policies appear in the CA IdentityMinder User Console.
Note: When CA IdentityMinder integrates with SiteMinder, SiteMinder enforces all password policies.
Copyright © 2012 CA.
All rights reserved.