Apply a Password Policy to a Set of Users

Password Policies › Create a Password Policy › Apply a Password Policy to a Set of Users

Apply a Password Policy to a Set of Users

You can specify rules that determine the set of users to which a password policy applies. This ability allows you to have one password policy for general employees, and a stricter policy for high-level managers.

Follow these steps:

Create or modify a password policy in the User Console.
Select the type of filter to configure in the Directory Filter field.
See the following table for a description of each filter type.

Note: The type of user store to which the password policy applies determines the options for the Directory Filter list box. Some filter types are not available for relational databases and CA Directory user stores when CA Identity Manager is integrated with CA SiteMinder®.
Specify a condition by selecting an attribute and operator, and entering a value.
To add additional conditions, click the plus sign.

The following table describes the options for directory filter types, and provides examples of each filter type. Attributes on the left side of the "=" in the following examples are as they are prescribed in the user directory definition area. For Create-type user tasks, password policies with directory filters configured are only applied when both of the following conditions are met:

CA Identity Manager is not integrated with CA SiteMinder®.
The directory filter type is not User, Group, Group Filter, or Group Search.

Type of Filter	Use this filter to...	Example
In an Organization	Browse and select an Organization.
In a Group	Browse and select a Group.
A user	Browse and select a single user.
User filter (Not available for relational databases when integrated with CA SiteMinder®)	Specify a filter for users.	Employee Type = Contractor Department = Security
User Search Expression	Enter a search query for users.	uid=jsmith (for LDAP) TBLUSERS.ID = jsmith (for relational databases)
Group Filter (Not available for relational databases when integrated with CA SiteMinder®)	Specify a filter for groups.	Self Subscribing = *
Group Search Expression	Enter a search query for groups.	cn=Sales (for LDAP) TBLGROUPS.NAME=GroupA (for relational databases
Organization Filter (Not available for relational databases when integrated with CA SiteMinder®)	Specify a filter for organizations.	Organization name = *Marketing
Organization Search Expression	Enter a search query for organizations.	ou=Boston (for LDAP) TBLORGANIZATIONS.NAME=Boston (for relational databases)
Search	Specify a query that is not included in the other options for the filter type.	(&(uid=*smith)(ou=Boston))