How password expiration email is triggered and what process checks the last set password and what triggers the email?

Hi,
Could someone explain how the whole password expiration reminder is sent OOTB? Is there a way we can customize this ?

The IdentityNow Admin Guide gives a lot of good information. https://documentation.sailpoint.com/saas/help/pwd/policies.html

Set the password expiration setting and then your users will get an email every day about changing their password based on what you set.

One thing to keep in mind, users will only get these expiration emails if they have registered with IdentityNow. Registration occurs the first time a user has logged into IdentityNow. When we have new users onboard, we make sure they log into IdentityNow during their orientation to ensure they receive the expiration emails.

Password resets through IdentityNow have 2 parts. Part 1 checks the IdentityNow password policy. If the password passes the IdentityNow check, the password is then sent to the source system (part2). The source system then checks the password against its internal password policies. If that checks out, then the password is reset on the source.

IdentityNow doesn’t store the users’ passwords, so it is unable to check to see if the new password is the same as the old password. But when the new password is sent to the source system, the source system will verify that the new password isn’t the same as the old password if that is part of the source’s password settings.

Hi Carl,

thanks for the response.

I want to know if we can stop sending password expiration emails to active/onleave/registered users according to the policy.
Policy: 90 days and reminders are set to send starting 5 days prior of expiration.
Now after 90 days if an active user is onleave or something, we don’t want system to remind him everyday after 90 days(policy) to reset password.

Hi Prashanth,
I doubt this is currently supported in IdentityNow. Can you try using a workflow ?

Thanks
Rakesh Bhati

2 Likes

Check out this post I solved with a similar requirement to stop emails from being sent based on a specific user variable.

I don’t know if the password expiration email surfaces the right user attributes for lifecycle state, but it’s worth a try.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.