How password expiration email is triggered and what process checks the last set password and what triggers the email?

Prashanth1812 · January 12, 2024, 6:32pm

Hi,
Could someone explain how the whole password expiration reminder is sent OOTB? Is there a way we can customize this ?

Carlatto · January 13, 2024, 5:26pm

The IdentityNow Admin Guide gives a lot of good information. https://documentation.sailpoint.com/saas/help/pwd/policies.html

Set the password expiration setting and then your users will get an email every day about changing their password based on what you set.

One thing to keep in mind, users will only get these expiration emails if they have registered with IdentityNow. Registration occurs the first time a user has logged into IdentityNow. When we have new users onboard, we make sure they log into IdentityNow during their orientation to ensure they receive the expiration emails.

Password resets through IdentityNow have 2 parts. Part 1 checks the IdentityNow password policy. If the password passes the IdentityNow check, the password is then sent to the source system (part2). The source system then checks the password against its internal password policies. If that checks out, then the password is reset on the source.

IdentityNow doesn’t store the users’ passwords, so it is unable to check to see if the new password is the same as the old password. But when the new password is sent to the source system, the source system will verify that the new password isn’t the same as the old password if that is part of the source’s password settings.

Prashanth1812 · January 14, 2024, 7:25pm

Hi Carl,

thanks for the response.

I want to know if we can stop sending password expiration emails to active/onleave/registered users according to the policy.
Policy: 90 days and reminders are set to send starting 5 days prior of expiration.
Now after 90 days if an active user is onleave or something, we don’t want system to remind him everyday after 90 days(policy) to reset password.

RAKGDS · January 15, 2024, 6:41am

Hi Prashanth,
I doubt this is currently supported in IdentityNow. Can you try using a workflow ?

Thanks
Rakesh Bhati

colin_mckibben · March 13, 2024, 7:24pm

Check out this post I solved with a similar requirement to stop emails from being sent based on a specific user variable.

I don’t know if the password expiration email surfaces the right user attributes for lifecycle state, but it’s worth a try.

Topic		Replies	Views
Password reset MFA code expiration ISC Discussion and Questions identity-security-cloud	3	264	July 19, 2023
Pre-Expire eNovell Directory (LDAP) Password – passwordExpirationTime ISC Discussion and Questions identity-security-cloud , provisioning	3	282	November 10, 2023
Setting Password Expiry Date in Active Directory ISC Discussion and Questions identity-security-cloud , provisioning	13	4446	December 17, 2023
Workflow that runs every day to validate whether the third-party contract end date has expired ISC Discussion and Questions workflows , identity-security-cloud	5	462	July 19, 2023
Life cycle State Email Triggger Issue ISC Discussion and Questions email-templates , notifications	9	427	August 4, 2023

How password expiration email is triggered and what process checks the last set password and what triggers the email?

Related Topics