Password Policies › Create a Password Policy › Configure Password Expiration › Password Expires if Not Changed Settings

Password Expires if Not Changed Settings

In the Password Expires if Not Changed fields, you can configure behavior for passwords that have expired. Optionally, you can specify how far in advance users are warned that their password is due to expire.

Note: This setting requires additional configuration. See Enable Additional Password Policies.

You can configure the following fields:

After <number> Days

Determines the number of days after a password expires that CA Identity Manager waits before disabling the user, or forcing a password change.

Note: CA Identity Manager does not disable the user account until the user attempts to log in after the specified number of days has elapsed.

Disable User

Selecting this radio button disables the user when the password expires. Disabled users can be enabled by using:

• The Enable/Disable User task in the User Console. (The default System Manager, Organization Manager, and Security Manager roles include the Enable/Disable User task.)
• The CA SiteMinder® administrative user interface.

  Note: For more information, see the CA CA SiteMinder® Policy Server Administration Guide.

Force Password Change

Selecting this radio button forces a password to change when the user next attempts to log in.

Issue expiration warnings for <number> days

Enter the number of days in advance a user is notified that a password is due to expire.