When looking at using IDN for password management, one of the client requirements is to have a password history. They want the users to not be able to use the last 5 passwords, or the same password they used in the last 12 months.
IdentityNow does not keep current or historical passwords. They are encrypted and sent to the target source so it would not have a way to directly tell you that you can’t use your previous 5 passwords.
Hi,
This is not possible for Identitynow default authentication method. If you have source like Active Directory then yes you can use the pass through authentication to achieve your requirement.
I setup an OpenLDAP with PTA and both reset password and update password once authenticated don’t seem to check the password history in LDAP, it seems to be using the admin account to make the password change. It definitely is enforced in my LDAP:
Looks like this is only on AD and not OpenLDAP. Can someone provide a screenshot of what it looks like when you set a password that is in password history?
I added “enforcePasswordPolicy”: “true” to the OpenLDAP connector and that doesn’t appear to change the behavior so I am guessing it isn’t supported. As long as AD works, I was skeptical it wouldn’t. I appreciate the insight.
Can we prevent users from using Password Reset i.e. there is a security incident on the user’s account and they shouldn’t be able to self-service without calling a Help Desk? I assume if the AD account is disabled it won’t let them? I also don’t see any way to disable the unlock option is that correct?