IIQ 8.3
[Please insert images here, otherwise delete this section]
[Please insert files here, otherwise delete this section]
I am trying to find out where I can change the password expiration days in SailPoint only.
If you are referring for IdentityIQ password policy for expiration, check under Global Settings–> IdentityIQ configuration → Password Configuration where you can find a password policy related expiration dates.
Documentation
Daysuntil expiration for generated passwords–usedwhenanadministratorresets auser’s password
through the Identity Cube’s Attributes page. This option sets the password expiration date by adding the spe
cified number of days to the current date. The user is required to reset their password the first time they log into
IdentityIQ on or after that expiration date
I am also looking under the password policy for our active directory application but do not see the same.
See screenshot below:
I also do not think that the expiration date under global settings is attached as the emails for the expiration date still go out correctly from SailPoint. There must be an xml file that houses this but I just can’t find it.
@derrickthomasvdot user level password expiration date will be present in Identity.xml itself under the tag ExpirationDate, please check you should be able to find it
If you are looking for password expiry at the AD level, AD will have domain level password expiration time and based on your pwdLastSet your expiration will be calculated, you might be having some custom implementation sending notifications based on this policy of number of days you have at AD based on the pwdLastSet attribute on AD link object level
So I found the “pwdlastset” in a users identity, but the value is 18 number digits long.
How can I find out the exact date and time using what process?
@derrickthomasvdot
This is the windows timestamp
You can actually use a java code to get it in date format.
// Example LDAP timestamp (e.g., 133693440000000000 for 2024-01-01 00:00:00 UTC)
long ldapTimestamp = 133693440000000000L;
// Convert LDAP timestamp to milliseconds since January 1, 1601
long millisecondsSince1601 = ldapTimestamp / 10000;
// Calculate milliseconds from January 1, 1970 (Unix epoch)
long millisecondsSince1970 = millisecondsSince1601 - 11644473600000L;
// Convert to java.util.Date
Date date = new Date(millisecondsSince1970);
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.