MSSQL Change Password after first login

ninfante · January 28, 2025, 1:58pm

Which IIQ version are you inquiring about?

8.4p1

Hi all!

Hope everything’s well.
I’m opening this post because I couldn’t find anything related, and wanted to see if somebody has an idea.
I’m working in a MSSQL integration with IIQ, and the DB team wants to create SQL logins that, after the first login, the user needs to change that password.
Using the MSSQL connector, SailPoint creates the SQL login and the user in the desired DB, but I couldn’t find a way to force the password change in the first login.
When you use MSSQL Server Management Studio, when creating the sql login there’s an option that you can enable to force the user to change the password.

Did someone come across this?

Thanks in advance!

enistri_devo · January 28, 2025, 2:08pm

Hi @ninfante,

when you create a new login you must create with MUST_CHANGE setup, something like this:

CREATE LOGIN LoginName
WITH PASSWORD = 'tempPwd' MUST_CHANGE,
     CHECK_POLICY = ON;

ninfante · January 28, 2025, 2:17pm

Hi! Thanks for your reply.
Yes, using SSMS I was able to create the account with this parameter, but when using SailPoint I couldn’t.
Do you know how to add this into SailPoint? I’ve checked the provisioning policies, and through debug but didn’t find anything.

enistri_devo · January 28, 2025, 2:24pm

I dont think exist a parameter that you can use in a prov. policy but you can use an prov.rule and execute the query directly, using the connection attributes of connector.