Hello,
I have this scenario.
A new Identity created in Sailpoint will have automatically the AD Account.
REQUIREMENT: I want that the Identity will set the password of AD without knowing the first random password assigned by Sailpoint.
A suggested solution is to use the invitation method of Sailpoint and the PTA (pass through authentication) to propagate the password towards AD.
I have 2 tenant to test this. Our tenant lab and the tenant of Client test. I have different behavior for different tenant and I would like to know if the problem is that the module of Password Management is not present in tenant Client Test.
This is what I’m testing:
- On the Identity Profile I have set Sign-in Method Directory Connection - Active Directory
- I create a new Identity
- I create the AD Account to the user
- I invite the user or I go to the link https://{tenant}.identitynow.com/login/login/?prompt=true&brand=default (we must use this special link because is active the SSO with EntraID)
- I click Problem Signing in ?
- I click Reset Password
- I insert the username that I received in the invitation mail
- I select mail to recovery the password
- I insert the code that I received by mail
- If I’m on LAB tenant in this step I can see the Reset Password section and if I set the new password this is propagated towars AD.
If I’m on Client test tenant I have error “Please Contact the Administrator”
Why I have this different behavior ?