Password Interceptor Verification

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

Hello Experts,

I need suggestion on Password changed verification after Password changed in AD. I have noticed that Password Interceptor intercepts the password and sending to IIQ proeprly.

I have 14 Oracle Databases and few of them have PASSWORD_CHANGED_DATE schema attribute and due to this i am able to verify that password is updated for those DB Application but some of the DB application doesn’t have PASSWORD_CHANGED_DATE Attribute so any idea how we can validate that password gets updated or not.

Thanks

Hi @niket345 ,

From SailPoint’s capability perspective the OOTB workflow, password intercept has a placeholder for audit, you can create your custom audit event to populate the required information.

Thanks

any idea what to mentioned there inside password interceptor workflow.

This is just example so you can change it however you need but you can as a first step (in PasswordIntercept workflow) replace

 <Step name="Audit" posX="535" posY="150">
    <Description>
      Placeholder, what kind of auditing should we do?
      We've got low level ProvisioningResults in the project.
    </Description>
    <Transition to="end"/>
  </Step>

with

  <Step action="audit" name="Audit" posX="535" posY="150">
    <Arg name="target" value="script:return plan.getIdentity();"/>
    <Arg name="action" value="PasswordReset"/>
    <Arg name="source" value="PasswordInterceptor"/>
    <Description>
      Placeholder, what kind of auditing should we do?
      We've got low level ProvisioningResults in the project.
    </Description>
    <Transition to="end"/>
  </Step>

This will create an Audit event with source equals to PasswordInterceptor, target set to identity which is taken into the account and action set to PasswordReset.

You can of course make this step far more complex if you need via beanshell.

Sample reference for you.

<Step name="Audit" posX="535" posY="150">
    <Description>
      Placeholder, what kind of auditing should we do?
      We've got low level ProvisioningResults in the project.
    </Description>
	<Script>
      <Source>
        import sailpoint.server.Auditor;
		
		Auditor.logAs("Password Interceptor", applicationName, targetApplication, identityName ,, "Success/Failure", "");
		
		context.commitTransaction();
      </Source>
    </Script>
    <Transition to="end"/>
</Step>

@niket345 - Thanks for marking my suggestion as the solution. It means a lot and motivates me to contribute more solutions in the future!