Configuring Applications for Password Management

Password management is further governed by the capabilities of the connector in use for each application. Passwords can be managed through IdentityIQ for any application using a read-write connector that has the PASSWORD feature enabled; this feature is enabled when the features String attribute on the application contain the word "PASSWORD." The application definition, including its featuresString attribute, for each application is viewable in the XML representation of the Application object accessible from the debug pages or from the IdentityIQ console.

<Application connector="sailpoint.connector.LDAPConnector" created="1334252935835" featuresString="AUTHENTICATE, PROVISIONING, ENABLE, PASSWORD, MANAGER_LOOKUP, SEARCH, ACCOUNT_ONLY_REQUEST" id="4028833636890f860136a7ac1a6c054f" modified="1335456303423" name="ADAM Direct" profileClass="" type="ADAM - Direct">

Not all read-write connectors have the PASSWORD feature enabled. The Connector Registry entry for each connector includes all the valid features for that connector in its featuresString attribute. Specifying PASSWORD in the featuresString of an application to which the feature does not apply does not successfully enable password management for the application. To view the Connector Registry entries from the debug pages, select Configuration from the Objects list and click List. Then click ConnectorRegistry to view the connector registry XML.

See:

• Defining a Password Policy

• Policy Reuse

• Password Validation Process