How long does an Identity password live / stored for in ISC, in a Password Sync use case?

Does anyone know how long an Identity password is stored in ISC for?

Say I have a population that doesn’t need identity password to log into ISC, due to configured SAML SSO, but has a need for password sync with the use of the password interceptor from on-premises AD DC(s). The intercepted password is sent back to ISC…and processed by ISC and down to the password sync group. This intercepted password:

1. Does it then become the Identity’s password?
2. What’s the residual data (encrypted, hashed or plaintext, be it in file, audit logs, backups, DB, memory…etc) as part of this process?

• The intercepted password does not become the Identity’s ISC login password since SSO is enabled
• ISC does not store plaintext passwords: in logs, files, databases, or backups.
• Passwords are only held in-memory temporarily and processed securely for synchronization.
• The password is encrypted in transit and, if stored in target systems, it follows their encryption/hashing requirements.

Thanks. But how about the cipher text of the password? How long does that stay in various subsystems of ISC for? Ideally, once the password sync is fulfilled (or failed after some max retries), all traces of the password should no longer have a need to exist, I would think.

The out-bound behaviour will be dependent on target system, that’s understood. I’m trying to understand the in-ISC side of things.