IdentityNow password policy don't allow previous password

Hi, In our IDN when a user tries to change a password, we have found that they can still enter their previous password which gets accepted and same old password getting set as new password.

image

Could you please suggest what we can do in password change URL - https://tenantname.identitynow.com/r/default/reset-password, so that on click on change password button it should get last 7 password and new password should not be from those 7 password.

This password change is happening at AD side.

While ISC has password policies about the construction of a password, it does directly support password history. You will need to configure Pass-Through Authentication to your Active Directory source. Then when the user attempts to change their password, it will be sent to ISC and Active Directory at the same time allowing feedback from the AD policy and password history.

See: Configuring Pass-Through Authentication - SailPoint Identity Services

Alicia

Hi Alicia,
Thanks for your response. We have PTA configured in our AD service. There is one point I would like to add in this use case-

if we change pwd with our own ID directly in AD, policy will be checked, but through IDN we are doing a reset with service account which is an admin id. I think this is a case with password change in AD using admin account.

Oh, I see now it is a password reset. Active Directory does not check password history when administratively setting passwords.

Alicia

it got fixed by checking “Enforce password policy” from AD config page (Sailpoint IDN) → Additional Setting - Enforce password policy

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.