We’re facing an issue with the password policy in our environment. Specifically, when users change their passwords in SailPoint (PTA), the changes do not adhere to the Active Directory (AD) password policy.
Although we have enabled the “Enforce Password Policy” setting for the AD source in SailPoint, it seems that the system is not capturing the requirements for password history or enforcing the limit of one password change per day.
Any insights or suggestions on how to resolve this issue would be greatly appreciated!
Hi, I’m also experiencing this issue right now.
but for the re-enabled account, password history and maximum limit of reset password attempt is working.
These are the two use cases i tried:
Existing user changes password via SailPoint IDN: this cando multiple change of password within the day.
User account was re-enabled: admin triggers a reset password for the new identity with re-enabled account, and user change password was succesful but unable to login using the new password, so I tried resetting the password again and the AD policy is working and im receiving this error"You’ve used that password recently, or it is too soon since your last password change."
SailPoint will not keep the password history to validate that enforcement, mostly it will be validated by the AAD/AD/LDAP. SailPoint can do the base validation including, min and max length, numbers, char, special usage, identity and account attributes usage, and so on.