Hi All,
I have a question about password reset. As each identity is having more than one AD account, application is used to reset account of particular AD account. May I know:
Hi @iris_deloitte,
1.If you changed password for AD account, if there is any password sync group in your tenant, same AD password will be provision to all the applications which are configure AD password sync group.
2.No, only password reset to the AD account, sometime if your AD account in the disabled state, you are unable to reset password as well to that particular account. refer this document for more details Configuring User Authentication for Password Resets - SailPoint Identity Services
Thank You.
Hi @gogubapu,
Thank you! For 1, may I know if the application password reset function will also trigger the AD account unlock?
I know if the SailPoint account is using the AD account as login credential, SailPoint password reset will enable the AD account but I am not sure if the same logic applies to the application password reset.
Thank you so much.
Yes, if your account is locked while login to tenant entering continuous wrong password attempts, then you can reset your account password. but wont trigger to unlock your account.
Hi @iris_deloitte ,
Application access provides a legacy to reset password. If the source is part of a password sync group when a user changes the password for this source using the application password update, the password for all other sources and apps in the sync group will be changed as well.
So, it’s just used to reset the list of sources linked with the password sync group as well as the application account. Hence it will never unlock the account.
I hope this might help.
Thanks,
Prashant
Hi All,
For 1, I have tried it and the application password reset can unlock AD accounts.
For 2, the application password reset will not enable disabled AD account. This is valid.
Thanks all.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
