Enabling Password Management in IdentityIQ

The ability to manage passwords in other applications through IdentityIQ is controlled by a combination of settings:

• A business process that manages provisioning of password changes and password resets for application passwords.

• Some optional configuration settings that refine the behavior of your organization's password management processes.

• Quicklink Populations that determine who can manage passwords, and which other users they can manage passwords for.

Business Process for Password Management

IdentityIQ provides a standard business process (workflow) for password management: LCM Manage Passwords. You can substitute a custom workflow of your own if your business needs require it.

To set the workflow for password management:

1. Click gear > Lifecycle Manager.

2. Click the Business Processes tab.

3. In the Manage Passwords field, select the business process to use for password management.

4. Save your changes.

For more information about this business processes, see LCM Manage Passwords Workflow.

Optional Configuration Settings for Managing Passwords

In the Lifecycle Manager configuration, you can also set options for managing the auto-generation of passwords when requesting them for others, and password validation rules.

1. Click gear > Lifecycle Manager.

2. Click the Configure tab.

3. To enable auto-generation of passwords, check the Enable password auto-generation when requesting for others option.

4. To specify a rule to use for validating passwords, choose a rule from the Password Validation Rule dropdown. The validation rule is used in forms generated from provisioning policies during account creation.

5. Save your changes.

Determining Who Can Manage Passwords

Quicklink Populations control which populations of users can change account passwords for themselves or others. This is done by enabling and configuring the Manage Passwords Quicklink for a population.

1. Click gear > Global Settings > Quicklink Populations.

2. Choose a population to configure. You can also use the New button to create a new population. See Quicklink Populations for more information on creating Quicklink Populations.

3. On the Quicklinks tab for the population, check the Manage Passwords option.

4. To determine who members of this population can manage passwords for, click the Configure link on the line for Manage Passwords.

   • Choose For Self to restrict these users to managing only their own passwords.

   • Choose For Others if these users can manage passwords for themselves and for others, and select the Single option if you want to limit these users to managing passwords for one user at a time. The "others" these users can manage are determined by the Who can members request for? section on the Quicklinks Configuration tab. See Quicklink Populations for more information.

5. Save your changes.

By default, IdentityIQ provides some standard populations that are able to manage passwords. You can modify this according to your business needs.

• The Self Service population is, by default, allowed to manage passwords for themselves only.

• The Help Desk and Manager populations are, by default, allowed to manage passwords for themselves and for others.

See Defining Special Characters Available For Password Use