LCM Manage Passwords Workflow

By default, application password requests (forgot, expired, or change), either self-service or for others, invoke the LCM Manage Passwords workflow. This workflow's default configuration requires no application-owner or manager approvals on a password change. It creates and processes a provisioning plan that contains the requested password changes and then notifies the user by email when the change is complete.

If the change request is for an account whose application is configured with a Change Password provisioning policy, additional information is required before the change occurs.

The default email template for password change notification sends a summary of the change request. This includes the requester, some representation of the new password, and any comments entered on the request (from the Summary of Requests window). If the password was system generated, that password is included in the email body. If it was a manually entered password, it is displayed in the email body as ******; in the case of request-for-others password resets, the new password value must be verbally, or otherwise, communicated to the user by the person who made the change.

To direct IdentityIQ to use a different, custom workflow for password management, create a workflow of type LCMProvisioning and select it as the Manage Passwords business process on the Lifecycle Manager Configuration window's Business Processes tab.