Reset AD password when AD is enabled

Hi ,

Is there any way to reset AD password when AD is enabled(Rehire) using password policy ?

Thank you,
saikumar

Hi @saikumar39,

You can use BeforeProvisioningRule to complete this requirement.
Upon LCS change, you can choose to scramble password or change password attribute based on your requirement.
You can use SailPoint’s Services Standard BeforeProvisioningRule to implement the requirement

However, the recommended way is to scramble the password upon disabling the AD account and user follow the reset password mechanism upon rehire.

3 Likes

Password policy is just like a validator. For example when you enter password in any web page, you get the password strength and an error message if your password is not matching the standards.

Password policy can be used to Generate random password that meets the standards and validate the password strength when user reset.

Along with that, You can send reminders before password gets expired. For more details

But I don’t think Password policy can reset the password in a source on its own. @colin_mckibben could you please confirm.

Thanks
Krish

I’ll defer to @colin_mckibben for confirmation, but as far as I know, a password policy doesn’t compel password changes; instead, it verifies and enforces the criteria and prerequisites necessary for changing a password.

Yes, I second that and in addition to it password policies on IdentityNow does not reflect the actual policies on target system.

For example, target sources may have password history requirements which you can not configure on IdentityNow.

Hi @saikumar39. Did any of these replies answer your question? If so, can you please mark the reply that best answered your question as the solution? Thank you!

@colin_mckibben could you please confirm on this.

I’m not 100% certain, but I believe this to be correct. Password Policy does not initiate password changes, it just dictates the requirements for setting a password. As can be seen in the UI for password policies, there is no indication that you can trigger a password reset.

I believe if you want to delve into password management, like automating the setting of passwords, you should look into password management and password sync groups

2 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.