in IDN create profile of sources we have generators by default we have four generators i.e
create Unique LDAP attribute — it takes pattern to generate
get manager LDAP DN
create Unique Account ID – same takes pattern
create password – it does not taking pattern so how this password was created when account is provisioned does it use source’s password policy in that case when user need to login to target source user need to know the password to login to source but IDN does not allow to send password over email even if send(hypothetical) the password genered using the create password was not known
query is how password is generated when i use create password generator in source create account and whne user need to login to target we need password how to get that password for first login to target say okta
When using the “Create Password”, it will create a randomly generated password based on the password policy assigned to the source (Default Provisioning Attributes Reference)
There are three recommended practices for handling password generation on new account creation:
Static Password - Single static password for all users to login the first time.
Dynamic ’Known’ Password - Static password based on a combination of known user attributes (ex. <firstName>-<year>)
Dynamic ’Unknown’ Password and Password Reset - Randomly generated password that requires a user to reset the account password before being able to login.
The “Create Password” generator is an example of option 3.
I’ve had certain use cases where the password is required to be random following a password policy, but needs to be sent to the user. This will need to be taken outside of IdentityNow. You can handle this in an after create PowerShell script. You can generate the password, set it on the AD account, and then email to an individual from there. Although, this is not recommended as this is “intrinsically insecure”.