When using the “Create Password”, it will create a randomly generated password based on the password policy assigned to the source (Default Provisioning Attributes Reference)
There are three recommended practices for handling password generation on new account creation:
- Static Password - Single static password for all users to login the first time.
- Dynamic ’Known’ Password - Static password based on a combination of known user attributes (ex.
<firstName>-<year>) - Dynamic ’Unknown’ Password and Password Reset - Randomly generated password that requires a user to reset the account password before being able to login.
The “Create Password” generator is an example of option 3.
I’ve had certain use cases where the password is required to be random following a password policy, but needs to be sent to the user. This will need to be taken outside of IdentityNow. You can handle this in an after create PowerShell script. You can generate the password, set it on the AD account, and then email to an individual from there. Although, this is not recommended as this is “intrinsically insecure”.