Password Sharing upon new account creation

vikramsah · August 28, 2024, 2:03pm

We have some accounts on Azure which are not linked to the on prem AD. We want to create a source for such accounts in the identity now and use it for provisioning. The challenge here is how do i share the password to the end user whose account has been created. What can i explore for self service password reset?? What your thoughts on this?

I do see the option 3 from the documentation promising. Does any one know more about these?

https://community.sailpoint.com/t5/IdentityNow-Articles/Best-Practices-for-Provisioning-with-Passwords-in-IdentityNow/ta-p/75459#:~:text=Option%203%20-%20Dynamic%20’Unknown’%20Password%20and%20Password%20Reset

MeKhalbi · August 28, 2024, 2:41pm

Hi @vikramsah,

What we did for the same use case was creating the account with an unknown password (the most secure option) using the password generator on the Create profile. Then we updated the new account creation email to guide the users to use the IDN password manager to change their newly created account password.

jesvin90 · August 28, 2024, 3:22pm

Hi @vikramsah,

You can make use of the Generator option for the password field and select the “Create Password” rule.

This would generate and assign a password based on the password policy that is assigned to your source or the default password policy in your tenant.

You can make use of the Azure SSPR options for the end user to perform the password reset in-case you plan to use the Azure feature

Take a look at the below docs

vikramsah · August 29, 2024, 4:32pm

Ty Mehdi. Where do you configure the new account creation email??

MeKhalbi · August 29, 2024, 4:44pm

The email templates is called “new account provisioned” here is the link for more details : New Account Provisioned Email Template - SailPoint Identity Services
Also, note that you need to update the connector attributes to enable this email to be sent using the following API call update-source | SailPoint Developer Community. An example of the body to enable the email is listed in the request examples.

vikramsah · September 3, 2024, 3:36pm

And where exactly do we create this email template itself? Doesnt look like we add it to the payload for the update source api .

MeKhalbi · September 4, 2024, 8:58am

Hi @vikramsah the email template is available on the tenant already through Admin → Global → Email Templates → New Account Provisioned. You can then customize the email to add your branding and include the details around password reset.

system · November 3, 2024, 8:59am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to find more information on the generators ISC Discussion and Questions identity-security-cloud	16	91	October 25, 2024
Active Directory account password generation and communication ISC Discussion and Questions identity-security-cloud , provisioning	4	617	May 11, 2024
Issue with IdentityNow Password Manager Bugs identity-security-cloud , password-management , applications	24	606	October 6, 2024
SailPoint Entra ID connector - Account provisioning using TAP passcode feature ISC Discussion and Questions identity-security-cloud , provisioning	3	126	July 13, 2024
Send Password to user through email on new Active Directory(AD) account Creation ISC Discussion and Questions workflows , identity-security-cloud , email-templates	6	1404	August 2, 2023

Password Sharing upon new account creation

Related topics