Hello,
We currently have the following use case in our IAM tool: Administrators access a user’s identity and click on “Reset AD Password.”
This action triggers the Java connector, which connects to Active Directory (AD), resets the password to a generated one, and then sends the new password to the user’s manager.
Do you think it’s possible to achieve this with ISC (Identity Security Cloud)?
Thanks for your assistance.
By the way, someone know how to trigger the method setPassword from AbstractConnector?
public Result setPassword(String id, String newPassword, String currentPassword, Date expiration, Map<String, Object> options) throws ConnectorException, ObjectNotFoundException, UnsupportedOperationException {
this.throwUnsupported("setPassword");
return null;
}
Hi @Nicolas_NAPOLEONI ,
Do you have ISC “Password Management” Module ?
If yes ISC support password reset in Selfservice Password Manager - SailPoint Identity Security Cloud User Help
Hello Ousmane,
Thank you for your response. Yes, we have the Password Management Module, but I’m not sure if it fully fits our current use case.
I understand that users who lose their AD password should connect to ISC and request a new one.
But how can they log in to ISC if they’ve lost their AD password? 
Hello @Nicolas_NAPOLEONI , you can achieve that but you need to write an extra logic using PowerShell script.
Thanks,
Prasad
Hi Nicolas,
Yes, there is a challenge in this case if you have SSO configuration enabled to allow login to ISC tenant. This means that when AD account is disabled, the end users will not be able to login into ISC and thus can not use the self service password reset option.
To handle this entirely in ISC, i think it is possible but still you will need to trigger the password reset API from outside the ISC may be some script. You could also use the workflow to trigger the below API to reset the password but to generate the password, i do not know how complex your password policy is to confirm whether workflow can generate password aligned with this policy or not. So ideally, you will need to write an external script to generate the password and then trigger the workflow by passing the inputs about native identity, generated password and source name etc. You may also need to handle the encryption of the password perhaps but you can check more details about it here in the below API link
To set the password via workflow you can use the below API;
So handle it entirely in ISC the main challenge is basically the generation of password which will require some scripting.
Other than you can also explore an option to generate the password in before provisioning rule where you can intercept whether the provisioning action is for password reset and then generate the password there but here you will have a challenge to send the email.
So in summery, it should be possible to achieve it via ISC APIs but still you will need some external setup to complete this requirement.
I hope this helps 
.
Regards
Vikas.
Ok I think using this set-password | SailPoint Developer Community could do the trick.
Keep you informed, thanks all for your inputs.
Yes, that is the way forward in my opinion too but there are some pre-requisites to run this API like password should be encrypted and should be random and matching the policies.
So in your script, first you need to get the password policy and generate the password accordingly. This will remove the dependency of updating the code in case in future the organization decides to change the policy like having minimum 5 digits instead of 2.
Then you need to get the public encryption key which will be used to encrypt the password using ISC’s and then call this set-password API to set the password. This returns a request number which you need to keep checking if it has processed using a loop after 30 seconds. Once it finishes, then you can call ISC workflow to send the email where you can use your custom template for password reset.
So you can proceed with the poc and if any questions then please let us know.
Thank You.
Regards
Vikas.