Password Policies Overview
A password policy is a set of rules and restrictions. These rules specify password creation and expiration. When you configure a password policy in a CA Identity Manager environment, the policy applies to the user store associated with the environment. If a user directory is associated with multiple environments, a password policy defined in one environment can apply in other environments.
In a password policy, you can configure the following settings:
Note: Some of these settings require user directory mappings for certain attributes. See Enable Additional Password Policies.
- Apply passwords to a specific set of users
- Password expiration—Define events, such as a number of days elapsing or a number of failed login attempts, that cause a password to expire. When a password expires, the user account is disabled.
- Password composition—Specify the content requirements for new passwords. For example, you can configure settings that require users to create passwords which are at least eight characters long and contain a number and a letter.
- Regular expressions—Provide an expression that determines the format of a valid password. You can specify whether passwords match or do not match that format. You can also specify multiple regular expressions.
- Password restrictions—Set limits on password reuse. For example, users must wait 90 days before reusing a password.
- Advanced password options—Specify actions that CA Identity Manager takes, such as making passwords lower case, before processing a password. You can also specify the priority of a password policy when multiple password policies apply.
SiteMinder users can also configure password policies in the SiteMinder Administrative user interface. These policies appear in the CA Identity Manager User Console.
Note: When CA Identity Manager integrates with SiteMinder, SiteMinder enforces all password policies.
Copyright © 2015 CA Technologies.
All rights reserved.